Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam new tabs in Chrome


  • This topic is locked This topic is locked
5 replies to this topic

#1 You killed my father

You killed my father

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 16 August 2014 - 03:48 AM

I think I have a malware that's creating spam new tabs in Chrome. They appear when I click anywhere on a page that has some interactive content (particularly Facebook but also the Google home page. But not here or on Wikipedia, frex.) The spam is mostly about erotic chat services, but I've also had online poker and even gardening tools! I have a Dell (Inspiron) 64 bits laptop running Windows 8.1. My browser is Google Chrome build 36.0.1985.143 m with the AdBlock extension.

 

I'd really appreciate it if someone could help me with this :)

 

I couldn't run DDS on this computer, so I've been advised here to run RSIT instead. Here are the logs:

Main:

Logfile of random's system information tool 1.10 (written by random/random)

Run by Pierre at 2014-08-16 10:23:36
Microsoft Windows 8.1 
System drive C: has 599 GB (85%) free of 702 GB
Total RAM: 6013 MB (77% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:47 AM, on 8/16/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\trend micro\Pierre.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [vdultimate_chrome] C:\ProgramData\VideoDownloaderUltimate\Chrome\vdultimate.exe /checkforupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [VideoDownloaderUltimate] C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 7251 bytes
 
======Listing Processes======
 
 
 
 
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=b4045e74-dc17-4605-8a8c-2203e11e3807 /coreSdkOptions=4382 /logConfFile="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\7faabb7e-3232-4116-b4ad-4c6ddf245012-1a8-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\log\"
 
wininit.exe
 
winlogon.exe
 
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
atieclxx
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe"
dashost.exe {9a64b01e-ee6b-4194-92f72de4604c764b}
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=ff865852-941e-493d-99f8-9612955c7709 /coreSdkOptions=4114 /logConfFile="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\cab2d051-8416-4922-9cae-2a66062ad309-9a0-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
taskhostex.exe 
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
igfxEM.exe 
igfxHK.exe 
igfxTray.exe 
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Elantech\ETDCtrl.exe" 
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe" 
"C:\Program Files\Elantech\ETDGesture.exe" 
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Users\Pierre\AppData\Local\Apps\2.0\JVY2WGYJ.XP7\B0880TK8.7O7\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
ctfmon.exe
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe"  /command_id=158a674a-f109-443a-9944-861317afc446 /client_id=79d27e75-dbe7-456c-ba3e-486aee0de514
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
 
C:\WINDOWS\system32\msiexec.exe /V
"C:\Users\Pierre\Desktop\RSITx64.exe" 
/Skip /ArmElevate /MODE:3 /PRODUCT:Reader /VERSION:11 /LANG:ENU
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-08 462760]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-08 171944]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-01-10 2774864]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2013-09-19 7818040]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"=C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [2013-12-28 370]
"VideoDownloaderUltimate"=C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2014-07-08 702072]
 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-08-20 766208]
"vdultimate_chrome"=C:\ProgramData\VideoDownloaderUltimate\Chrome\vdultimate.exe /checkforupdate []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-07-10 5187088]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
 
======File associations======
 
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
 
======List of files/folders created in the last 1 month======
 
2014-08-16 10:23:36 ----D---- C:\rsit
2014-08-16 10:23:36 ----D---- C:\Program Files\trend micro
2014-08-15 00:39:13 ----D---- C:\FRST
2014-08-15 00:05:04 ----A---- C:\WINDOWS\SYSWOW64\sqlite3.dll
2014-08-15 00:04:23 ----D---- C:\AdwCleaner
2014-08-13 20:52:24 ----D---- C:\Users\Pierre\AppData\Roaming\AVG2014
2014-08-13 20:51:56 ----D---- C:\Users\Pierre\AppData\Roaming\TuneUp Software
2014-08-13 20:50:56 ----HD---- C:\$AVG
2014-08-13 20:50:56 ----D---- C:\ProgramData\AVG2014
2014-08-13 20:50:45 ----D---- C:\Program Files (x86)\AVG
2014-08-13 20:47:44 ----HD---- C:\ProgramData\Common Files
2014-08-13 20:47:44 ----D---- C:\ProgramData\MFAData
2014-08-13 12:18:08 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-08-13 12:18:08 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2014-08-13 12:18:08 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 12:18:07 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-08-13 12:18:07 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-08-13 12:18:07 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-08-13 12:18:07 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-08-13 12:18:07 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2014-08-13 12:18:05 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-08-13 12:18:05 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 12:18:04 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-08-13 12:18:04 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-08-13 12:18:04 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-08-13 12:18:04 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-08-13 12:18:04 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 12:18:02 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-08-13 12:18:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-08-13 12:18:01 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-08-13 12:18:01 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-08-13 12:18:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-08-13 12:18:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-08-13 12:17:59 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 12:17:59 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-08-13 12:17:59 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 12:17:58 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-08-13 12:17:56 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-08-13 12:17:53 ----A---- C:\WINDOWS\system32\wininet.dll
2014-08-13 12:17:49 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-08-13 12:17:49 ----A---- C:\WINDOWS\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-13 12:17:49 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 12:17:49 ----A---- C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 12:17:48 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-08-13 12:17:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-08-13 12:17:44 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2014-08-13 12:17:44 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 12:17:43 ----A---- C:\WINDOWS\system32\dxgi.dll
2014-08-13 12:17:42 ----A---- C:\WINDOWS\SYSWOW64\dxgi.dll
2014-08-13 12:17:42 ----A---- C:\WINDOWS\system32\dwmcore.dll
2014-08-13 12:17:42 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2014-08-13 12:16:50 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2014-08-13 12:16:49 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 12:16:42 ----A---- C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 12:16:42 ----A---- C:\WINDOWS\system32\WpcMon.exe
2014-08-13 12:16:42 ----A---- C:\WINDOWS\system32\Wpc.dll
2014-08-13 12:16:41 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2014-08-13 12:16:40 ----A---- C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 12:16:40 ----A---- C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 12:16:40 ----A---- C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 12:16:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2014-08-13 12:16:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 12:16:35 ----A---- C:\WINDOWS\system32\drivers\usbuhci.sys
2014-08-13 12:16:35 ----A---- C:\WINDOWS\system32\drivers\usbport.sys
2014-08-13 12:16:35 ----A---- C:\WINDOWS\system32\drivers\usbhub.sys
2014-08-13 12:16:35 ----A---- C:\WINDOWS\system32\drivers\usbehci.sys
2014-08-13 12:16:35 ----A---- C:\WINDOWS\system32\drivers\usbd.sys
2014-08-13 12:16:34 ----A---- C:\WINDOWS\system32\rsaenh.dll
2014-08-13 12:16:34 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2014-08-13 12:16:33 ----A---- C:\WINDOWS\system32\drivers\WUDFRd.sys
2014-08-13 12:16:32 ----A---- C:\WINDOWS\SYSWOW64\rsaenh.dll
2014-08-13 12:16:31 ----A---- C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 12:16:31 ----A---- C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 12:16:31 ----A---- C:\WINDOWS\system32\drivers\WUDFPf.sys
2014-08-13 12:16:31 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2014-08-13 12:16:30 ----A---- C:\WINDOWS\SYSWOW64\DaOtpCredentialProvider.dll
2014-08-13 12:16:30 ----A---- C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 12:16:30 ----A---- C:\WINDOWS\system32\hal.dll
2014-08-13 12:16:30 ----A---- C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 12:16:23 ----A---- C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 12:16:20 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 12:16:19 ----A---- C:\WINDOWS\SYSWOW64\gdi32.dll
2014-08-13 12:16:19 ----A---- C:\WINDOWS\system32\win32k.sys
2014-08-13 12:16:19 ----A---- C:\WINDOWS\system32\gdi32.dll
2014-08-13 12:16:18 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2014-08-13 12:16:17 ----A---- C:\WINDOWS\system32\msi.dll
2014-08-13 12:16:17 ----A---- C:\WINDOWS\system32\authui.dll
2014-08-13 12:16:16 ----A---- C:\WINDOWS\SYSWOW64\msihnd.dll
2014-08-13 12:16:16 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2014-08-13 12:16:16 ----A---- C:\WINDOWS\system32\msihnd.dll
2014-08-13 12:16:16 ----A---- C:\WINDOWS\system32\consent.exe
 
======List of files/folders modified in the last 1 month======
 
2014-08-16 10:23:36 ----SHD---- C:\WINDOWS\Installer
2014-08-16 10:23:36 ----RD---- C:\Program Files
2014-08-16 10:23:36 ----D---- C:\WINDOWS\Temp
2014-08-16 10:23:25 ----D---- C:\WINDOWS\Prefetch
2014-08-16 10:23:23 ----D---- C:\WINDOWS\SysWOW64
2014-08-16 10:00:01 ----D---- C:\WINDOWS\system32\sru
2014-08-15 20:32:45 ----HD---- C:\Program Files\WindowsApps
2014-08-15 20:32:32 ----D---- C:\WINDOWS\AppReadiness
2014-08-15 14:50:02 ----D---- C:\WINDOWS\Microsoft.NET
2014-08-15 14:15:13 ----D---- C:\WINDOWS\SYSWOW64\config
2014-08-15 00:40:21 ----D---- C:\Windows
2014-08-14 23:03:14 ----HD---- C:\ProgramData
2014-08-14 23:03:14 ----D---- C:\WINDOWS\system32\Tasks
2014-08-14 23:03:13 ----D---- C:\WINDOWS\Tasks
2014-08-14 20:48:48 ----SHD---- C:\System Volume Information
2014-08-14 20:17:42 ----SD---- C:\Users\Pierre\AppData\Roaming\Microsoft
2014-08-14 15:00:17 ----D---- C:\WINDOWS\Inf
2014-08-14 14:00:23 ----RD---- C:\WINDOWS\assembly
2014-08-13 21:46:43 ----D---- C:\WINDOWS\system32\config
2014-08-13 20:51:53 ----HD---- C:\WINDOWS\ELAMBKUP
2014-08-13 20:51:53 ----D---- C:\WINDOWS\system32\drivers
2014-08-13 20:51:48 ----D---- C:\WINDOWS\system32\DriverStore
2014-08-13 20:50:45 ----RD---- C:\Program Files (x86)
2014-08-13 20:50:40 ----RD---- C:\WINDOWS\System32
2014-08-13 20:24:33 ----D---- C:\WINDOWS\WinSxS
2014-08-13 20:20:54 ----RD---- C:\WINDOWS\ToastData
2014-08-13 20:20:54 ----D---- C:\WINDOWS\system32\migration
2014-08-13 20:20:53 ----D---- C:\WINDOWS\SYSWOW64\en-US
2014-08-13 20:20:53 ----D---- C:\WINDOWS\system32\en-US
2014-08-13 20:20:52 ----D---- C:\WINDOWS\PolicyDefinitions
2014-08-13 20:20:52 ----D---- C:\Program Files\Internet Explorer
2014-08-13 20:20:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-13 18:48:57 ----D---- C:\WINDOWS\rescache
2014-08-13 12:32:52 ----D---- C:\WINDOWS\CbsTemp
2014-08-13 12:32:07 ----D---- C:\WINDOWS\system32\MRT
2014-08-13 12:28:41 ----A---- C:\WINDOWS\system32\MRT.exe
2014-08-13 12:23:50 ----D---- C:\WINDOWS\system32\wbem
2014-08-13 12:15:11 ----D---- C:\WINDOWS\system32\catroot2
2014-08-13 12:12:29 ----A---- C:\WINDOWS\SYSWOW64\msrating.dll
2014-08-13 12:12:27 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2014-08-13 12:12:10 ----A---- C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 12:12:10 ----A---- C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 12:12:10 ----A---- C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 12:12:09 ----A---- C:\WINDOWS\SYSWOW64\ieetwproxystub.dll
2014-08-13 12:12:07 ----A---- C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 12:12:05 ----A---- C:\WINDOWS\SYSWOW64\ieUnatt.exe
2014-08-13 12:12:04 ----A---- C:\WINDOWS\SYSWOW64\iesetup.dll
2014-08-13 12:12:04 ----A---- C:\WINDOWS\SYSWOW64\iernonce.dll
2014-08-13 12:12:02 ----A---- C:\WINDOWS\system32\iesetup.dll
2014-08-13 12:12:02 ----A---- C:\WINDOWS\system32\iernonce.dll
2014-08-13 12:11:52 ----A---- C:\WINDOWS\system32\msrating.dll
2014-08-13 12:11:50 ----A---- C:\WINDOWS\system32\jsproxy.dll
2014-08-07 08:37:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 09:02:50 ----D---- C:\WINDOWS\system32\NDF
2014-08-02 02:17:43 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2014-07-18 08:29:17 ----D---- C:\Users\Pierre\AppData\Roaming\Mp3tag
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 amdkmpfd;@oem119.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-05-23 36096]
R0 AVGIDSHA;AVGIDSHA; C:\WINDOWS\system32\DRIVERS\avgidsha.sys [2014-06-17 190744]
R0 Avgloga;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avgloga.sys [2014-06-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx64.sys [2014-06-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-12-04 652344]
R1 Avgdiska;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiska.sys [2014-06-30 152344]
R1 Avgfwfd;@oem117.inf,%AvgfwfdService_Desc%;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys [2014-06-17 242968]
R1 Avgldx64;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx64.sys [2014-06-17 235800]
R1 Avgwfpa;AVG Firewall Driver; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [2014-06-30 270104]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2013-08-24 12521472]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2013-08-24 617472]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-01-31 81920]
R3 btmaux;@oem116.inf,%BTMAUX.ServiceDesc%;Intel Bluetooth Auxiliary Service; C:\WINDOWS\system32\DRIVERS\btmaux.sys [2013-07-22 140600]
R3 btmhsf;btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [2013-10-15 1390904]
R3 CnxtHdAudService;@oem31.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2012-08-07 1607328]
R3 ETD;@oem39.inf,%PS2.DeviceDesc%;Dell Touchpad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2013-01-10 211280]
R3 iBtFltCoex;iBtFltCoex; C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys [2013-10-15 69088]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-05-21 3791872]
R3 IntcDAud;@oem3.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 iwdbus;@oem21.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-05-07 27032]
R3 MEIx64;@oem74.inf,%HECI_SvcDesc%;Intel® Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-03 62784]
R3 NETwNe64;@oem120.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [2013-09-05 3345376]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2014-01-27 167424]
R3 RSUSBVSTOR;@oem63.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-06-15 315536]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\WINDOWS\system32\DRIVERS\avgboota.sys [2013-09-04 20496]
S3 androidusb;@oem45.inf,%SAMSUNG.Adb.SvcDesc%;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-04-11 1200128]
S3 intaud_WaveExtensible;@oem20.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-05-07 38296]
S3 ssadbus;@oem27.inf,%SAMSUNG.Service.Desc%;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\System32\drivers\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;@oem28.inf,%Samsung.Filter.Name%;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;@oem28.inf,%Samsung.Service.Name%;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 usb_rndisx;@netrndis.inf,%usb_rndis.Service.DispName%;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-08-22 20992]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-12-13 121088]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\WINDOWS\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2013-08-24 239616]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-07-10 1417160]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-07-10 3244048]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-07-10 289328]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-08-26 1137016]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-08-26 1157496]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-05-21 314696]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management;Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-09-18 157128]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cphs;Intel® Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-05-21 278344]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28 116648]
 
-----------------EOF-----------------
 
Info.txt:
info.txt logfile of random's system information tool 1.10 2014-08-16 10:23:51
 
======MBR======
 
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000853C599000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
 
======Uninstall list======
 
7-Zip 9.22beta-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe Digital Editions 2.0-->"C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\uninstall.exe"
Adobe Reader XI (11.0.08)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
AMD Accelerated Video Transcoding-->MsiExec.exe /X{05DCE321-7560-A57C-9CFF-417661CFEC4C}
AMD Catalyst Install Manager-->msiexec /q/x{34397444-D51C-ADCC-799D-82361E573488} REBOOT=ReallySuppress
Audacity 2.0.5-->"C:\Program Files (x86)\Audacity\unins000.exe"
AVG 2014-->"C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2014-->MsiExec.exe /I{6C9778CB-2167-402E-B37E-10431C01F4C4}
AVG 2014-->MsiExec.exe /I{F763D68B-B8D6-4C16-84EE-A2D990C5C639}
Catalyst Control Center - Branding-->MsiExec.exe /I{FD286527-7076-4988-A436-BEE53EA1B900}
Conexant SmartAudio HD-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -Ichdrt.inf
Dell Touchpad-->%ProgramFiles%\Elantech\ETDUn_inst.exe
FLV Player 2.0 (build 25)-->C:\Program Files (x86)\FLV Player\uninst.exe
gnuplot 4.7 patchlevel 0-->"C:\Program Files (x86)\gnuplot\unins000.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth-->MsiExec.exe /X{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Icaros 2.2.4-->"C:\Program Files\Icaros\unins000.exe"
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Java 7 Update 51-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217051FF}
LAME v3.99.3 (for Windows)-->"C:\Program Files (x86)\Lame For Audacity\unins000.exe"
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727-->"C:\ProgramData\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727-->"C:\ProgramData\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727-->MsiExec.exe /X{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Mp3tag v2.58-->C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.EXE
OpenOffice 4.0.1-->MsiExec.exe /I{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}
Skype™ 6.14-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
SVG Explorer Extension 0.1.1-->"C:\Program Files\Dotz Softwares\SVG Explorer Extension\unins000.exe"
Video mp3 Extractor-->"C:\Program Files (x86)\Video mp3 Extractor\unins000.exe"
Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
 
======System event log======
 
Computer Name: laptop-pierre
Event Code: 16392
Message: The BITS service failed to start.  Error 0x80080005.
Record Number: 145
Source Name: Microsoft-Windows-Bits-Client
Time Written: 20131228022123.835596-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
 
Computer Name: laptop-pierre
Event Code: 10010
Message: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
Record Number: 144
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20131228022123.773095-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
 
Computer Name: laptop-pierre
Event Code: 7023
Message: The Network List Service service terminated with the following error: 
The device is not ready.
Record Number: 136
Source Name: Service Control Manager
Time Written: 20131228021924.091220-000
Event Type: Error
User: 
 
Computer Name: laptop-pierre
Event Code: 1
Message: Realtek PCIe GBE Family Controller is disconnected from network.
Record Number: 82
Source Name: RTL8168
Time Written: 20131228021759.062772-000
Event Type: Warning
User: 
 
Computer Name: laptop-pierre
Event Code: 7023
Message: The IP Helper service terminated with the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 31
Source Name: Service Control Manager
Time Written: 20131228021651.031371-000
Event Type: Error
User: 
 
=====Application event log=====
 
Computer Name: laptop-pierre
Event Code: 3036
Message: Crawl could not be completed on content source <winrt://{S-1-5-21-1181285397-529299580-3625648461-1001}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Record Number: 574
Source Name: Microsoft-Windows-Search
Time Written: 20131229173538.000000-000
Event Type: Warning
User: 
 
Computer Name: laptop-pierre
Event Code: 3036
Message: Crawl could not be completed on content source <winrt://{S-1-5-21-1181285397-529299580-3625648461-1001}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Record Number: 556
Source Name: Microsoft-Windows-Search
Time Written: 20131228200447.000000-000
Event Type: Warning
User: 
 
Computer Name: laptop-pierre
Event Code: 3036
Message: Crawl could not be completed on content source <winrt://{S-1-5-21-1181285397-529299580-3625648461-1001}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Record Number: 192
Source Name: Microsoft-Windows-Search
Time Written: 20131228033038.000000-000
Event Type: Warning
User: 
 
Computer Name: laptop-pierre
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Windows Upgrade}. 
 
Record Number: 25
Source Name: Microsoft-Windows-Search
Time Written: 20131228022605.000000-000
Event Type: Warning
User: 
 
Computer Name: laptop-pierre
Event Code: 1534
Message: Profile notification of event Create for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is The system cannot find the path specified.
 
 
Record Number: 11
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20131228022450.367080-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
 
=====Security event log=====
 
Computer Name: laptop-pierre
Event Code: 4624
Message: An account was successfully logged on.
 
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
 
Logon Type: 3
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x464E0BE
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x0
Process Name: -
 
Network Information:
Workstation Name: VARIPIERRE-PC
Source Network Address: 192.168.1.4
Source Port: 64127
 
Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 229074
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625103953.847881-000
Event Type: Audit Success
User: 
 
Computer Name: laptop-pierre
Event Code: 4634
Message: An account was logged off.
 
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x464E092
 
Logon Type: 3
 
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 229073
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625103953.814350-000
Event Type: Audit Success
User: 
 
Computer Name: laptop-pierre
Event Code: 4624
Message: An account was successfully logged on.
 
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
 
Logon Type: 3
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x464E092
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x0
Process Name: -
 
Network Information:
Workstation Name: VARIPIERRE-PC
Source Network Address: 192.168.1.4
Source Port: 64126
 
Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 229072
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625103953.811064-000
Event Type: Audit Success
User: 
 
Computer Name: laptop-pierre
Event Code: 4634
Message: An account was logged off.
 
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x464DE23
 
Logon Type: 3
 
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 229071
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625103942.343669-000
Event Type: Audit Success
User: 
 
Computer Name: laptop-pierre
Event Code: 4634
Message: An account was logged off.
 
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x464DE64
 
Logon Type: 3
 
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 229070
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625103929.580571-000
Event Type: Audit Success
User: 
 
======Environment variables======
 
"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\gnuplot\bin
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"GNUPLOT_LIB"=C:\Program Files (x86)\gnuplot\demo
 
-----------------EOF-----------------
 

 

Attached Files

  • Attached File  info.txt   15KB   0 downloads
  • Attached File  log.txt   30.29KB   0 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:09 PM

Posted 19 August 2014 - 08:58 AM

Hello, Welcome to BleepingComputer.

I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
These tools are compatible with Windows 8.
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
    ===
     
    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  •  
    IMPORTANT
     
    • If you click the Clean button all items listed in the report will be removed.
     
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
     
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the  version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #3 You killed my father

    You killed my father
    • Topic Starter

    • Members
    • 4 posts
    • OFFLINE
    •  
    • Local time:12:09 AM

    Posted 20 August 2014 - 01:48 AM

    MBAM report:

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 8/20/2014
    Scan Time: 8:04:07 AM
    Logfile: MBAM.txt
    Administrator: Yes
     
    Version: 2.00.2.1012
    Malware Database: v2014.08.20.02
    Rootkit Database: v2014.08.16.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Pierre
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 298618
    Time Elapsed: 15 min, 31 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
     
    Adwcleaner report:
    # AdwCleaner v3.307 - Report created 20/08/2014 at 08:30:12
    # Updated 17/08/2014 by Xplode
    # Operating System : Windows 8.1  (64 bits)
    # Username : Pierre - LAPTOP-PIERRE
    # Running from : C:\Users\Pierre\Desktop\adwcleaner_3.307.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17239
     
     
    -\\ Google Chrome v36.0.1985.143
     
    [ File : C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
    Deleted [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
     
    *************************
     
    AdwCleaner[R0].txt - [1207 octets] - [15/08/2014 00:04:32]
    AdwCleaner[R1].txt - [1165 octets] - [20/08/2014 08:25:38]
    AdwCleaner[S0].txt - [1282 octets] - [15/08/2014 00:15:03]
    AdwCleaner[S1].txt - [1097 octets] - [20/08/2014 08:30:12]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1157 octets] ##########
     
    FRST report:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
    Ran by Pierre (administrator) on LAPTOP-PIERRE on 20-08-2014 08:36:32
    Running from C:\Users\Pierre\Desktop
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Dell) C:\Users\Pierre\AppData\Local\Apps\2.0\JVY2WGYJ.XP7\B0880TK8.7O7\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-10] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [vdultimate_chrome] => C:\ProgramData\VideoDownloaderUltimate\Chrome\vdultimate.exe /checkforupdate
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-1181285397-529299580-3625648461-1001\...\Run: [DellSystemDetect] => C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
    HKU\S-1-5-21-1181285397-529299580-3625648461-1001\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [702072 2014-07-08] (Link64 GmbH)
    HKU\S-1-5-21-1181285397-529299580-3625648461-1001\...\MountPoints2: {5d9f17c0-08ce-11e4-8277-68172930a14c} - "E:\SetupWi-Fi.exe" 
    HKU\S-1-5-21-1181285397-529299580-3625648461-1001\...\MountPoints2: {d7ae8077-1421-11e4-8277-68172930a150} - "E:\SetupWi-Fi.exe" 
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.be.msn.com/?rd=1&ucc=BE&dcc=BE&opt=0
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6DB88EB47803CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    Chrome: 
    =======
    CHR HomePage: hxxp://en.wikipedia.org/
    CHR StartupUrls: "hxxp://en.wikipedia.org/"
    CHR Extension: (Google Docs) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28]
    CHR Extension: (Google Drive) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
    CHR Extension: (YouTube) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28]
    CHR Extension: (Google Search) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28]
    CHR Extension: (Video Downloader professional) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2013-12-28]
    CHR Extension: (AdBlock) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-28]
    CHR Extension: (Hola Better Internet) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-20]
    CHR Extension: (Classic) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2013-12-31]
    CHR Extension: (Video Downloader Ultimate) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\hknpjpodmmapnfjhnblgmalmaanpajhc [2014-01-04]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-28]
    CHR Extension: (Google Wallet) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-28]
    CHR Extension: (Select All) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2014-08-13]
    CHR Extension: (Send from Gmail (by Google)) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-12-28]
    CHR Extension: (Gmail) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28]
    CHR HKCU\...\Chrome\Extension: [hknpjpodmmapnfjhnblgmalmaanpajhc] - C:\ProgramData\VideoDownloaderUltimate\Chrome\VideoDownloaderUltimate.crx [2014-02-14]
    CHR HKLM-x32\...\Chrome\Extension: [hknpjpodmmapnfjhnblgmalmaanpajhc] - C:\ProgramData\VideoDownloaderUltimate\Chrome\VideoDownloaderUltimate.crx [2014-02-14]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
    R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-23] (Advanced Micro Devices, Inc.)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-20] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-05] (Intel Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-08-20 08:36 - 2014-08-20 08:36 - 00014258 _____ () C:\Users\Pierre\Desktop\FRST.txt
    2014-08-20 08:36 - 2014-08-20 08:36 - 00000000 ____D () C:\Users\Pierre\Desktop\FRST-OlderVersion
    2014-08-20 08:35 - 2014-08-20 08:35 - 02101760 _____ (Farbar) C:\Users\Pierre\Documents\FRST64.exe
    2014-08-20 08:33 - 2014-08-20 08:33 - 00001237 _____ () C:\Users\Pierre\Desktop\AdwCleaner[S1].txt
    2014-08-20 08:27 - 2014-08-20 08:27 - 00001165 _____ () C:\Users\Pierre\Desktop\AdwCleaner[R1].txt
    2014-08-20 08:24 - 2014-08-20 08:24 - 01361671 _____ () C:\Users\Pierre\Desktop\adwcleaner_3.307.exe
    2014-08-20 08:21 - 2014-08-20 08:21 - 00001044 _____ () C:\Users\Pierre\Desktop\MBAM.txt
    2014-08-20 08:03 - 2014-08-20 08:33 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-08-20 08:03 - 2014-08-20 08:03 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-20 08:03 - 2014-08-20 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-20 08:03 - 2014-08-20 08:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-20 08:03 - 2014-08-20 08:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-20 08:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-08-20 08:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-08-20 08:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-08-20 08:02 - 2014-08-20 08:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pierre\Documents\mbam-setup-2.0.2.1012.exe
    2014-08-19 09:57 - 2014-08-19 09:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-08-19 09:57 - 2014-08-19 09:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000971 _____ () C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Helios
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000000 ____D () C:\Program Files\TextPad 7
    2014-08-16 13:11 - 2014-08-16 13:11 - 00000000 ____D () C:\Users\Pierre\Desktop\w2c
    2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\rsit
    2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\Program Files\trend micro
    2014-08-16 10:21 - 2014-08-16 10:21 - 01222144 _____ () C:\Users\Pierre\Desktop\RSITx64.exe
    2014-08-15 00:39 - 2014-08-20 08:36 - 00000000 ____D () C:\FRST
    2014-08-15 00:38 - 2014-08-20 08:36 - 02101760 _____ (Farbar) C:\Users\Pierre\Desktop\FRST64.exe
    2014-08-15 00:22 - 2014-08-15 00:22 - 05571320 _____ (Swearware) C:\Users\Pierre\Desktop\ComboFix.exe
    2014-08-15 00:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
    2014-08-15 00:04 - 2014-08-20 08:30 - 00000000 ____D () C:\AdwCleaner
    2014-08-13 20:52 - 2014-08-13 20:52 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\AVG2014
    2014-08-13 20:51 - 2014-08-19 09:57 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-13 20:51 - 2014-08-19 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\TuneUp Software
    2014-08-13 20:50 - 2014-08-13 20:52 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-13 20:50 - 2014-08-13 20:50 - 00000000 ___HD () C:\$AVG
    2014-08-13 20:50 - 2014-08-13 20:50 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-08-13 20:47 - 2014-08-20 08:35 - 00000000 ____D () C:\ProgramData\MFAData
    2014-08-13 20:47 - 2014-08-13 20:56 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Avg2014
    2014-08-13 20:47 - 2014-08-13 20:47 - 00000000 ____D () C:\Users\Pierre\AppData\Local\MFAData
    2014-08-13 12:18 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-08-13 12:18 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-08-13 12:18 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-08-13 12:18 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-08-13 12:18 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-08-13 12:18 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-08-13 12:18 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-08-13 12:18 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-08-13 12:18 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-08-13 12:18 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-08-13 12:18 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-08-13 12:18 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-08-13 12:18 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-08-13 12:18 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-08-13 12:18 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-08-13 12:18 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-08-13 12:18 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-08-13 12:18 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-08-13 12:18 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-08-13 12:18 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-08-13 12:18 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-08-13 12:18 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-08-13 12:18 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-08-13 12:17 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-08-13 12:17 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-08-13 12:17 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-08-13 12:17 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-08-13 12:17 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-08-13 12:17 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-08-13 12:17 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-08-13 12:17 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-08-13 12:17 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-13 12:17 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-08-13 12:17 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-08-13 12:17 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-08-13 12:17 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2014-08-13 12:17 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2014-08-13 12:17 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2014-08-13 12:17 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2014-08-13 12:17 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2014-08-13 12:17 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2014-08-13 12:16 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2014-08-13 12:16 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-08-13 12:16 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2014-08-13 12:16 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-08-13 12:16 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2014-08-13 12:16 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2014-08-13 12:16 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
    2014-08-13 12:16 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
    2014-08-13 12:16 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
    2014-08-13 12:16 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-08-13 12:16 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-08-13 12:16 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-08-13 12:16 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2014-08-13 12:16 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2014-08-13 12:16 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2014-08-13 12:16 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2014-08-13 12:16 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2014-08-13 12:16 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2014-08-13 12:16 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-08-13 12:16 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2014-08-13 12:16 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-08-13 12:16 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-08-13 12:16 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-08-13 12:16 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2014-08-13 12:16 - 2014-05-31 12:07 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-08-13 12:16 - 2014-05-31 12:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
    2014-08-13 12:16 - 2014-05-31 12:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2014-08-13 12:16 - 2014-05-31 12:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
    2014-08-13 12:16 - 2014-05-31 12:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
    2014-08-13 12:16 - 2014-05-31 08:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
    2014-08-13 12:16 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
    2014-08-13 12:16 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
    2014-08-13 12:16 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
    2014-08-13 12:16 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
    2014-08-13 12:16 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
    2014-08-13 12:16 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-08-13 12:16 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
    2014-08-13 12:16 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
    2014-08-13 12:16 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-08-13 12:16 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-07-30 19:49 - 2014-07-30 19:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
    2014-07-30 19:43 - 2014-08-20 08:23 - 00011035 _____ () C:\Users\Pierre\Desktop\malik.odt
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-08-20 08:36 - 2014-08-20 08:36 - 00014258 _____ () C:\Users\Pierre\Desktop\FRST.txt
    2014-08-20 08:36 - 2014-08-20 08:36 - 00000000 ____D () C:\Users\Pierre\Desktop\FRST-OlderVersion
    2014-08-20 08:36 - 2014-08-15 00:39 - 00000000 ____D () C:\FRST
    2014-08-20 08:36 - 2014-08-15 00:38 - 02101760 _____ (Farbar) C:\Users\Pierre\Desktop\FRST64.exe
    2014-08-20 08:35 - 2014-08-20 08:35 - 02101760 _____ (Farbar) C:\Users\Pierre\Documents\FRST64.exe
    2014-08-20 08:35 - 2014-08-13 20:47 - 00000000 ____D () C:\ProgramData\MFAData
    2014-08-20 08:34 - 2013-12-28 05:01 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-20 08:33 - 2014-08-20 08:33 - 00001237 _____ () C:\Users\Pierre\Desktop\AdwCleaner[S1].txt
    2014-08-20 08:33 - 2014-08-20 08:03 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-08-20 08:33 - 2013-12-28 05:00 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-20 08:33 - 2013-12-28 04:59 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Deployment
    2014-08-20 08:33 - 2013-12-27 18:02 - 00000000 __RDO () C:\Users\Pierre\SkyDrive
    2014-08-20 08:32 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-08-20 08:31 - 2013-11-14 09:20 - 00019848 _____ () C:\WINDOWS\PFRO.log
    2014-08-20 08:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-08-20 08:30 - 2014-08-15 00:04 - 00000000 ____D () C:\AdwCleaner
    2014-08-20 08:28 - 2013-12-28 04:58 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C609DE30-D106-475C-B1A1-118957A01547}
    2014-08-20 08:27 - 2014-08-20 08:27 - 00001165 _____ () C:\Users\Pierre\Desktop\AdwCleaner[R1].txt
    2014-08-20 08:24 - 2014-08-20 08:24 - 01361671 _____ () C:\Users\Pierre\Desktop\adwcleaner_3.307.exe
    2014-08-20 08:23 - 2014-07-30 19:43 - 00011035 _____ () C:\Users\Pierre\Desktop\malik.odt
    2014-08-20 08:21 - 2014-08-20 08:21 - 00001044 _____ () C:\Users\Pierre\Desktop\MBAM.txt
    2014-08-20 08:09 - 2013-12-28 05:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1181285397-529299580-3625648461-1001
    2014-08-20 08:03 - 2014-08-20 08:03 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-20 08:03 - 2014-08-20 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-20 08:03 - 2014-08-20 08:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-20 08:03 - 2014-08-20 08:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-20 08:02 - 2014-08-20 08:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pierre\Documents\mbam-setup-2.0.2.1012.exe
    2014-08-20 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-08-20 07:38 - 2013-12-28 04:26 - 02006594 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-08-20 07:32 - 2013-12-28 05:00 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-19 09:57 - 2014-08-19 09:57 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
    2014-08-19 09:57 - 2014-08-19 09:57 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
    2014-08-19 09:57 - 2014-08-13 20:51 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-08-19 09:57 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-08-17 20:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-08-17 10:30 - 2013-12-29 07:34 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Audacity
    2014-08-17 10:29 - 2013-12-28 20:50 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Mp3tag
    2014-08-16 15:41 - 2013-11-14 09:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-08-16 15:40 - 2013-08-22 16:46 - 00046674 _____ () C:\WINDOWS\setupact.log
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000971 _____ () C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Helios
    2014-08-16 13:14 - 2014-08-16 13:14 - 00000000 ____D () C:\Program Files\TextPad 7
    2014-08-16 13:11 - 2014-08-16 13:11 - 00000000 ____D () C:\Users\Pierre\Desktop\w2c
    2014-08-16 11:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\rsit
    2014-08-16 10:23 - 2014-08-16 10:23 - 00000000 ____D () C:\Program Files\trend micro
    2014-08-16 10:21 - 2014-08-16 10:21 - 01222144 _____ () C:\Users\Pierre\Desktop\RSITx64.exe
    2014-08-15 00:22 - 2014-08-15 00:22 - 05571320 _____ (Swearware) C:\Users\Pierre\Desktop\ComboFix.exe
    2014-08-13 20:56 - 2014-08-13 20:47 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Avg2014
    2014-08-13 20:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-08-13 20:52 - 2014-08-13 20:52 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\AVG2014
    2014-08-13 20:52 - 2014-08-13 20:50 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\TuneUp Software
    2014-08-13 20:51 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
    2014-08-13 20:50 - 2014-08-13 20:50 - 00000000 ___HD () C:\$AVG
    2014-08-13 20:50 - 2014-08-13 20:50 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-08-13 20:47 - 2014-08-13 20:47 - 00000000 ____D () C:\Users\Pierre\AppData\Local\MFAData
    2014-08-13 20:24 - 2013-08-22 16:44 - 00366776 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-08-13 20:20 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-08-13 20:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
    2014-08-13 12:32 - 2013-12-29 19:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-08-13 12:32 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-08-13 12:28 - 2013-12-29 19:46 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-08-13 12:13 - 2014-06-11 07:10 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-08-13 12:12 - 2014-06-19 16:11 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-08-13 12:12 - 2014-06-19 16:11 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-08-13 12:12 - 2014-06-19 16:11 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-08-13 12:12 - 2014-06-19 16:11 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-08-13 12:12 - 2014-06-19 16:11 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-08-13 12:12 - 2014-06-19 13:48 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-08-13 12:12 - 2014-06-19 13:48 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-08-13 12:12 - 2014-06-19 13:48 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-08-13 12:12 - 2014-06-19 13:47 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-08-13 12:12 - 2014-06-19 13:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-08-13 12:12 - 2014-06-19 13:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-08-13 12:12 - 2014-06-19 13:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-08-13 12:12 - 2014-05-01 10:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-08-13 12:12 - 2014-04-29 14:53 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-08-13 12:11 - 2014-06-19 13:48 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-08-13 12:11 - 2014-04-29 14:53 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-08-07 04:12 - 2014-08-13 12:16 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2014-08-07 00:39 - 2014-08-13 12:16 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-08-03 09:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-08-02 05:56 - 2014-08-13 12:16 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2014-08-02 05:11 - 2014-08-13 12:16 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-08-02 02:17 - 2013-08-22 17:38 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-08-02 02:17 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-30 19:49 - 2014-07-30 19:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
    2014-07-25 16:52 - 2014-08-13 12:17 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-07-25 15:51 - 2014-08-13 12:18 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-07-25 15:28 - 2014-08-13 12:17 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-07-25 15:25 - 2014-08-13 12:18 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-07-25 15:25 - 2014-08-13 12:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-07-25 14:59 - 2014-08-13 12:17 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-07-25 14:40 - 2014-08-13 12:18 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-07-25 14:34 - 2014-08-13 12:17 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-07-25 14:30 - 2014-08-13 12:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-07-25 14:28 - 2014-08-13 12:17 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-07-25 14:28 - 2014-08-13 12:17 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-07-25 14:21 - 2014-08-13 12:18 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-07-25 14:17 - 2014-08-13 12:18 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-07-25 14:10 - 2014-08-13 12:18 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-07-25 14:08 - 2014-08-13 12:18 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-07-25 14:06 - 2014-08-13 12:18 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-07-25 13:52 - 2014-08-13 12:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-07-25 13:47 - 2014-08-13 12:18 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-07-25 13:43 - 2014-08-13 12:18 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-07-25 13:43 - 2014-08-13 12:17 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-25 13:42 - 2014-08-13 12:18 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-07-25 13:39 - 2014-08-13 12:18 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-07-25 13:34 - 2014-08-13 12:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-07-25 13:29 - 2014-08-13 12:18 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-07-25 13:23 - 2014-08-13 12:18 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-07-25 13:13 - 2014-08-13 12:18 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-07-25 13:09 - 2014-08-13 12:18 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-07-25 13:07 - 2014-08-13 12:18 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-07-25 13:03 - 2014-08-13 12:18 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-07-25 12:52 - 2014-08-13 12:17 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-07-25 12:26 - 2014-08-13 12:18 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-07-25 12:17 - 2014-08-13 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-07-25 12:09 - 2014-08-13 12:18 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-07-25 12:05 - 2014-08-13 12:17 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-07-25 12:00 - 2014-08-13 12:18 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-07-24 15:11 - 2013-07-01 14:39 - 00000000 ____D () C:\Users\Pierre\Documents\personnal
    2014-07-24 14:37 - 2014-07-06 01:55 - 00000000 ____D () C:\Users\Pierre\Desktop\vichy
     
    Some content of TEMP:
    ====================
    C:\Users\Pierre\AppData\Local\Temp\Quarantine.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_0.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_1.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_10.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_11.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_12.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_13.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_14.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_15.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_16.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_2.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_3.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_4.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_5.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_6.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_7.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_8.exe
    C:\Users\Pierre\AppData\Local\Temp\videodownloaderulitmate_update_9.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-08-13 12:18
     
    ==================== End Of Log ============================
     
    I'm still getting the same spam new tabs in Chrome.
    Awaiting further instructions. As always, thanks for your help.


    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 40,730 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:09 PM

    Posted 20 August 2014 - 10:02 AM

     
    [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
    Refer to this article and decide if you want to keep this.
    ---
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
     
    start
     
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    CHR Extension: (Hola Better Internet) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-20]
    EmptyTemp:
    cmd: ipconfig /flushdns
    cmd: ipconfig /release
    cmd: ipconfig /renew
     
    End
    
     
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    Download Security Check by screen317 from here.
    •  
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
    ===
     
    How is the computer running now?


    #5 nasdaq

    nasdaq

    • Malware Response Team
    • 40,730 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:09 PM

    Posted 24 August 2014 - 08:05 AM

    Are you still with me?



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 40,730 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:09 PM

    Posted 30 August 2014 - 07:16 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users