Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015 Ran by Alain (administrator) on MIMI on 01-06-2015 19:32:09 Running from C:\Users\Alain\Downloads Loaded Profiles: Alain (Available Profiles: michelle & Alain & Ednammoc) Platform: Windows 8.1 (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkDMS.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-06] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-09-13] (Copyright 2013 SAMSUNG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-11] (AVAST Software) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-24] (Qualcomm®Atheros®) HKU\S-1-5-21-3504710949-4177054267-196861561-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-3504710949-4177054267-196861561-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [571392 2013-08-22] (Microsoft Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-11] (AVAST Software) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {642A2906-0CB0-4FC3-857A-B595A75A8B6D} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation) ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] () ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] () ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {642A2906-0CB0-4FC3-857A-B595A75A8B6D} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/?pc=smjb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-3504710949-4177054267-196861561-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/u/0/?tab=wm&pli=1#inbox HKU\S-1-5-21-3504710949-4177054267-196861561-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com/?pc=smjb HKU\S-1-5-21-3504710949-4177054267-196861561-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ HKU\S-1-5-21-3504710949-4177054267-196861561-1004\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = https://www.google.com/ HKU\S-1-5-21-3504710949-4177054267-196861561-1004\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = https://www.google.com/ SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxmzmte128hmgr-000_s1eynyaf403742&ts=1414438171 SearchScopes: HKU\S-1-5-21-3504710949-4177054267-196861561-1004 -> {FCE6121E-596E-4303-B8C0-D0E44E3F5318} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-10-11] (AVAST Software) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-11] (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-09-13] (Samsung) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-11] Chrome: ======= CHR Profile: C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-11] CHR Extension: (Google Docs) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11] CHR Extension: (Google Drive) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11] CHR Extension: (YouTube) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11] CHR Extension: (Google Search) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11] CHR Extension: (Google Sheets) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-11] CHR Extension: (Bookmark Manager) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-14] CHR Extension: (Avast Online Security) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-11] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-03] CHR Extension: (Google Wallet) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11] CHR Extension: (Gmail) - C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe [404360 2013-09-10] (Samsung) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-24] (Windows (R) Win 7 DDK provider) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-11] (AVAST Software) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-09-13] (Copyright 2013 SAMSUNG) R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1592712 2013-09-07] (Samsung Electronics CO., LTD.) [File not signed] R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-08-28] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-24] (Atheros) [File not signed] S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-12-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-11] () R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-24] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-24] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation) S3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) S3 ssuddmgr; C:\Windows\System32\drivers\ssuddmgr.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudobex; C:\Windows\System32\drivers\ssudobex.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudrmnet; C:\Windows\System32\drivers\ssudrmnet.sys [67864 2013-06-21] (DEVGURU Co., LTD.) S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X] S1 iSafeNetFilter; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys [X] S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X] S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 19:32 - 2015-06-01 19:33 - 00018029 _____ () C:\Users\Alain\Downloads\FRST.txt 2015-06-01 19:31 - 2015-06-01 19:32 - 00000000 ____D () C:\FRST 2015-06-01 19:27 - 2015-06-01 19:27 - 02108928 _____ (Farbar) C:\Users\Alain\Downloads\FRST64.exe 2015-06-01 19:09 - 2015-06-01 19:09 - 00000000 ___RD () C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-06-01 10:56 - 2015-06-01 10:56 - 00000000 ___RD () C:\Users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-05-31 10:43 - 2015-05-31 10:43 - 04614144 _____ () C:\Users\michelle\Downloads\La_maison_de_Monet_badier.pps 2015-05-30 23:14 - 2015-05-30 23:14 - 02791037 _____ () C:\Users\michelle\Downloads\laurel et hardy (1).mp4 2015-05-27 17:20 - 2015-06-01 19:06 - 00000812 _____ () C:\windows\setupact.log 2015-05-27 17:20 - 2015-05-27 17:20 - 00000000 _____ () C:\windows\setuperr.log 2015-05-27 16:16 - 2015-06-01 19:20 - 00889188 _____ () C:\windows\WindowsUpdate.log 2015-05-27 16:10 - 2015-06-01 12:04 - 00002782 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2015-05-27 16:10 - 2015-05-27 16:10 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-05-27 16:10 - 2015-05-27 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-05-27 16:10 - 2015-05-27 16:10 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-27 16:02 - 2015-05-27 16:02 - 06549184 _____ (Piriform Ltd) C:\Users\Alain\Downloads\ccsetup506.exe 2015-05-25 18:25 - 2015-05-25 18:25 - 02791037 _____ () C:\Users\michelle\Downloads\laurel et hardy.mp4 2015-05-25 17:08 - 2015-05-25 17:08 - 04650491 _____ () C:\Users\michelle\Downloads\Le carre_ de chocolat en trop (1).mp4 2015-05-25 17:07 - 2015-05-25 17:07 - 04650491 _____ () C:\Users\michelle\Downloads\Le carre_ de chocolat en trop.mp4 2015-05-15 10:15 - 2015-05-15 10:15 - 02323968 _____ () C:\Users\michelle\Downloads\bikini-evolution-jb.pps 2015-05-13 23:32 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-05-13 23:31 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-05-13 23:31 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-05-13 23:31 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-05-13 23:31 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-05-13 23:31 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-05-13 23:31 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-05-13 23:31 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-05-13 23:31 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2015-05-13 23:31 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-05-13 23:31 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-05-13 23:31 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-05-13 23:31 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2015-05-13 23:31 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-05-13 23:31 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-05-13 23:31 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2015-05-13 23:31 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-05-13 23:31 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2015-05-13 23:31 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-05-13 23:31 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-05-13 23:31 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-05-13 23:31 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-05-13 23:31 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-05-13 23:31 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-05-13 23:31 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2015-05-13 23:31 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-05-13 23:31 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2015-05-13 23:31 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-05-13 23:31 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2015-05-13 23:31 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-05-13 23:31 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-05-13 23:31 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-05-13 23:31 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-05-13 23:31 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-05-13 23:31 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-05-13 23:31 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-05-13 23:31 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-05-13 23:31 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-05-13 23:31 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-05-13 23:01 - 2015-05-13 23:02 - 00000000 ____D () C:\Mimi 2015-05-13 22:58 - 2015-05-13 23:02 - 00000022 _____ () C:\Users\michelle\Downloads\Mes Documents Signes.zip 2015-05-02 14:30 - 2015-05-02 14:30 - 05219840 _____ () C:\Users\michelle\Downloads\Phenomenes.pps 2015-05-02 14:27 - 2015-05-02 14:27 - 00122880 _____ () C:\Users\michelle\Downloads\le_jeune_cur_2.pps ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 19:30 - 2014-10-16 15:36 - 00000000 ____D () C:\Users\Alain\AppData\Local\CrashDumps 2015-06-01 19:17 - 2014-10-11 14:46 - 00001086 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-01 19:16 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\sru 2015-06-01 19:12 - 2013-11-07 09:12 - 00000000 ____D () C:\ProgramData\WinClon 2015-06-01 19:11 - 2013-11-08 02:17 - 00812350 _____ () C:\windows\system32\perfh00C.dat 2015-06-01 19:11 - 2013-11-08 02:17 - 00159412 _____ () C:\windows\system32\perfc00C.dat 2015-06-01 19:11 - 2013-08-27 06:56 - 01824010 _____ () C:\windows\system32\PerfStringBackup.INI 2015-06-01 19:08 - 2014-10-11 14:46 - 00001082 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-01 19:06 - 2013-08-22 16:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-06-01 12:18 - 2014-09-22 17:09 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3504710949-4177054267-196861561-1004 2015-06-01 11:57 - 2014-09-13 23:33 - 00003932 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3FA0ECC4-B93F-41DF-8B2A-4E34510F1D2D} 2015-06-01 11:54 - 2014-11-03 22:02 - 00000000 ____D () C:\Users\michelle\AppData\Local\CrashDumps 2015-05-31 10:57 - 2013-08-22 17:20 - 00000000 ____D () C:\windows\CbsTemp 2015-05-30 23:07 - 2014-12-19 03:01 - 00000000 ____D () C:\Users\michelle\AppData\Roaming\vlc 2015-05-27 17:58 - 2014-09-13 23:23 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3504710949-4177054267-196861561-1001 2015-05-27 16:26 - 2013-08-22 15:25 - 00786432 ___SH () C:\windows\system32\config\BBI 2015-05-27 16:20 - 2014-09-13 23:19 - 00000000 ____D () C:\Users\michelle\Documents\Bluetooth Folder 2015-05-27 16:19 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\AppReadiness 2015-05-27 16:13 - 2014-10-16 20:06 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2015-05-27 16:12 - 2013-08-27 07:50 - 00000000 ____D () C:\windows\Panther 2015-05-25 23:07 - 2013-11-07 08:33 - 00065536 _____ () C:\windows\system32\spu_storage.bin 2015-05-17 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\rescache 2015-05-17 09:12 - 2014-10-11 14:46 - 00004058 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 09:12 - 2014-10-11 14:46 - 00003822 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-14 13:44 - 2014-10-11 14:49 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-05-05 19:59 - 2014-10-16 14:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-05-05 19:59 - 2014-10-16 14:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-09-22 17:05 - 2014-10-18 22:42 - 0003528 _____ () C:\Users\Alain\AppData\Roaming\AbsoluteReminder.xml 2013-11-07 09:33 - 2013-02-19 09:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-11-07 09:33 - 2013-01-12 16:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-28 12:20 ==================== End of log ============================