Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 Ran by sadaik (administrator) on PC-DE-SADAIK on 01-06-2015 22:05:08 Running from C:\Users\sadaik\Downloads Loaded Profiles: sadaik (Available Profiles: sadaik) Platform: Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) OS Language: Français (France) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Macrovision) C:\Windows\System32\drivers\CDAC11BA.EXE () C:\Program Files\orange\Assistance Livebox\dedicarz\DedicarzService.exe (Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe () C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Orange) C:\Program Files\orange\Assistance Livebox\AssistanceLivebox.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (France Telecom SA) C:\Program Files\Orange HSS\Systray\SystrayApp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe () C:\Program Files\AVG Secure Search\vprot.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Google Inc.) C:\Users\sadaik\AppData\Local\Google\Update\GoogleUpdate.exe (Micro Application) C:\Program Files\Micro Application\LauncherMA.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (Google Inc.) C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Orange) C:\Program Files\orange\Assistance Livebox\dist\ST2.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (acer) C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Farbar) C:\Users\sadaik\Downloads\FRST(2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation) HKLM\...\Run: [SmpcSys] => C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor) HKLM\...\Run: [SystrayORAHSS] => C:\Program Files\Orange HSS\Systray\SystrayApp.exe [94208 2007-07-24] (France Telecom SA) HKLM\...\Run: [ORAHSSSessionManager] => C:\Program Files\Orange HSS\SessionManager\SessionManager.exe [102400 2007-07-24] (France Telecom SA) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-03-18] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [ccleaner] => "C:\Program Files\CCleaner\ccleaner.exe" /AUTO HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-04-28] (Nero AG) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [] => C:\ [0 ] () HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [orangeinside] => C:\Users\sadaik\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1508864 2012-04-16] (Orange) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-09-06] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [Google Update] => C:\Users\sadaik\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-05-31] (Google Inc.) HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation) Startup: C:\Users\sadaik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk [2011-06-13] ShortcutTarget: Lanceur.lnk -> C:\Program Files\Micro Application\LauncherMA.exe (Micro Application) BootExecute: autocheck autochk * lsdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0209&m=easynote_sl35 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113357&tt=071012_17_4012_4&babsrc=HP_ss&mntrId=e61f95d70000000000000017c4687701 HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0209&m=easynote_sl35 HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - (No Name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - No File URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll () URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://fr.search.yahoo.com/search?p={searchTerms} BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-25] (Oracle Corporation) BHO: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-25] (Oracle Corporation) Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll [2009-11-01] (Skyline software systems Inc.) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-31] (AVG Secure Search) ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [49152 2009-04-25] (EasyBits Software Corp.) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-01] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-11-07] (BitTorrent, Inc.) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-04-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @www.dlmanager.net/omaha/tools//Software Update;version=8 -> C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll [2012-10-07] (Boxore OU.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.) FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\sadaik\Program Files\DNA\plugins\npbtdna.dll No File FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\sadaik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @talk.google.com/O1DPlugin -> C:\Users\sadaik\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.) FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.) FF user.js: detected! => C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\user.js [2015-05-31] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008-09-04] (BitTorrent, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\sadaik\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\sadaik\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Extension: Menu Contextuel Orange - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\menu_contextuel_orange@orange.fr [2012-05-08] FF Extension: KwiClick - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\vinceturk@gmail.com [2011-05-25] FF Extension: Microsoft .NET Framework Assistant - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29] FF Extension: Google Toolbar for Firefox - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-10-12] FF Extension: Plugin Orange Installeur - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF} [2012-05-08] FF Extension: Yahoo! Toolbar - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-05-31] FF Extension: PriceGong - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2015-05-31] FF Extension: DownloadHelper - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-31] FF Extension: Adblock Plus - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-04-15] FF Extension: AutoPager - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\autopager@mozilla.org.xpi [2011-11-05] FF Extension: Add-on Compatibility Reporter - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-11-13] FF Extension: Adblock Plus - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-12] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-25] FF HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\sadaik\Program Files\DNA Chrome: ======= CHR StartupUrls: Default -> "", "hxxp://www.google.com/webhp?source=search_app", "hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_CH" CHR Profile: C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17] CHR Extension: (Adblock Plus) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17] CHR Extension: (AVG Secure Search) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx [2013-10-28] StartMenuInternet: Google Chrome - C:\Users\sadaik\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-07-09] (Apple Inc.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.) R2 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [54784 2010-08-25] (Macrovision) [File not signed] R2 Dedicarz Service; C:\Program Files\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960 2013-06-10] () [File not signed] R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2010-09-06] (Devguru Co., Ltd.) R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed] R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-23] (Macrovision Europe Ltd.) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [217088 2010-09-06] (Teruten) [File not signed] R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536 2007-07-31] (France Telecom SA) [File not signed] S2 gupdate1c9d7fd8c97c5dd; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-03-17] (Google Inc.) S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-24] (Lavasoft Limited ) [File not signed] R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-08-22] (O2Micro International) S2 Orange update Core Service; C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe [699912 2014-01-21] (Orange SA) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-05-06] (IBM Corp.) R2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-31] (AVG Secure Search) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) S2 supdate; "C:\Program Files\Software\Update\SoftwareUpdate.exe" /svc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed] R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.) R2 CdaC15BA; C:\Windows\system32\drivers\CdaC15BA.SYS [12464 2010-08-25] (Macrovision Europe Ltd) [File not signed] R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-09-06] () [File not signed] R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-05-25] (Lavasoft AB) S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-03-17] (IBM Corp.) R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-05-06] (IBM Corp.) S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-05-06] (IBM Corp.) R3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-05-06] (IBM Corp.) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [147168 2008-06-18] (Realtek Semiconductor Corp.) S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2009-10-26] (RapidSolution Software AG) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 22:05 - 2015-06-01 22:06 - 00027058 _____ () C:\Users\sadaik\Downloads\FRST.txt 2015-06-01 22:04 - 2015-06-01 22:05 - 00000000 ____D () C:\FRST 2015-06-01 22:04 - 2015-06-01 22:04 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST(2).exe 2015-06-01 22:02 - 2015-06-01 22:02 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST(1).exe 2015-06-01 21:52 - 2015-06-01 21:52 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST.exe 2015-06-01 00:33 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-06-01 00:31 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-01 00:29 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-06-01 00:24 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-06-01 00:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-06-01 00:23 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-01 00:23 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-06-01 00:23 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-01 00:18 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-06-01 00:18 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-06-01 00:18 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-06-01 00:18 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-06-01 00:18 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-06-01 00:18 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-06-01 00:18 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-06-01 00:18 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-06-01 00:18 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-06-01 00:18 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-01 00:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-31 23:38 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-31 23:08 - 2015-05-31 23:08 - 00243536 _____ () C:\Users\sadaik\Downloads\Firefox Setup Stub 38.0.1.exe 2015-05-31 17:36 - 2015-05-31 17:36 - 00000000 __SHD () C:\found.000 2015-05-31 16:24 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-31 16:24 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-31 16:24 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-31 16:24 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-31 16:24 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-31 16:24 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-31 16:24 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-31 16:24 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-31 16:24 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-31 16:24 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-31 16:24 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-31 16:24 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-31 16:24 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-31 16:24 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-31 16:24 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-31 16:24 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-05-31 14:48 - 2015-05-31 14:48 - 00000000 ____H () C:\Users\sadaik\AppData\Local\BITFD38.tmp 2015-05-31 14:38 - 2015-05-31 14:38 - 00000000 _____ () C:\Users\sadaik\AppData\Local\{3CE5BFDB-116A-43A0-8612-F42FF8E6D00A} 2015-05-06 15:21 - 2015-05-06 15:21 - 00208856 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-01 21:50 - 2006-11-02 14:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-01 21:50 - 2006-11-02 14:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-01 21:46 - 2009-04-25 17:13 - 00000000 ____D () C:\Users\sadaik\AppData\Local\Adobe 2015-06-01 21:44 - 2012-04-04 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-01 21:44 - 2012-04-04 12:17 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-01 21:44 - 2011-05-20 07:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-01 21:11 - 2009-06-30 14:32 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-01 21:08 - 2012-10-18 19:24 - 01300597 _____ () C:\Windows\WindowsUpdate.log 2015-06-01 18:18 - 2012-05-28 12:47 - 00000000 ____D () C:\ProgramData\MFAData 2015-06-01 18:13 - 2011-06-17 00:00 - 00000064 _____ () C:\Windows\system32\rp_stats.dat 2015-06-01 18:13 - 2011-06-17 00:00 - 00000044 _____ () C:\Windows\system32\rp_rules.dat 2015-06-01 07:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-06-01 07:16 - 2008-01-21 09:24 - 01625902 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-06-01 07:14 - 2013-10-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Sécurité des points d'accès 2015-06-01 07:07 - 2009-02-21 04:36 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2015-06-01 07:07 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-01 07:06 - 2006-11-02 14:44 - 00407792 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-06-01 07:04 - 2009-04-27 16:22 - 00245768 _____ () C:\aaw7boot.log 2015-06-01 07:02 - 2013-04-25 14:05 - 00221932 _____ () C:\Windows\PFRO.log 2015-06-01 07:02 - 2006-11-02 14:35 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-06-01 00:36 - 2006-11-02 14:58 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-01 00:35 - 2008-12-23 06:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-06-01 00:35 - 2006-11-02 12:23 - 00000219 _____ () C:\Windows\win.ini 2015-06-01 00:13 - 2013-10-28 22:42 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-31 23:33 - 2010-06-04 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-31 23:32 - 2009-12-17 21:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-31 23:12 - 2011-10-12 09:03 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-31 23:12 - 2011-09-29 20:47 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-31 23:12 - 2009-04-25 13:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-31 23:11 - 2012-06-06 21:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-31 23:01 - 2010-02-09 22:12 - 00000000 ____D () C:\Users\sadaik\AppData\Roaming\vlc 2015-05-31 22:24 - 2012-04-04 12:38 - 00002091 _____ () C:\Users\sadaik\Desktop\Google Chrome.lnk 2015-05-31 19:01 - 2012-10-07 22:01 - 00000000 ____D () C:\ProgramData\Browser Manager 2015-05-31 18:05 - 2015-03-17 17:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-31 16:43 - 2009-04-25 13:00 - 00000000 ____D () C:\Users\sadaik\AppData\Roaming\Mozilla 2015-05-31 16:32 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2015-05-31 15:08 - 2009-06-30 14:32 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-31 15:06 - 2010-08-26 00:52 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243563072-2189662949-1172452096-1000UA.job 2015-05-31 15:06 - 2010-08-26 00:52 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243563072-2189662949-1172452096-1000Core.job 2015-05-31 14:37 - 2013-04-25 16:08 - 00000000 ____D () C:\Program Files\AVG Secure Search ==================== Files in the root of some directories ======= 2013-10-28 18:48 - 2013-10-28 18:48 - 50053120 _____ () C:\Program Files\GUT4A88.tmp 2009-05-26 21:04 - 2009-06-10 19:45 - 0087608 _____ () C:\Users\sadaik\AppData\Roaming\inst.exe 2009-05-26 21:04 - 2009-06-10 19:45 - 0007887 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.cat 2009-05-26 21:04 - 2009-06-10 19:45 - 0001144 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.inf 2009-05-26 21:04 - 2009-06-10 19:45 - 0000033 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.log 2009-05-26 21:04 - 2009-06-10 19:45 - 0047360 _____ (VSO Software) C:\Users\sadaik\AppData\Roaming\pcouffin.sys 2012-02-08 22:07 - 2012-02-08 22:07 - 0000000 _____ () C:\Users\sadaik\AppData\Roaming\UUlUg.txt 2009-05-26 21:05 - 2009-05-26 23:46 - 0000668 _____ () C:\Users\sadaik\AppData\Roaming\vso_ts_preview.xml 2009-06-08 20:26 - 2011-11-30 17:21 - 0000152 _____ () C:\Users\sadaik\AppData\Roaming\wklnhst.dat 2012-02-08 22:07 - 2012-02-08 22:07 - 0000000 _____ () C:\Users\sadaik\AppData\Roaming\yykVD.txt 2015-05-31 14:48 - 2015-05-31 14:48 - 0000000 ____H () C:\Users\sadaik\AppData\Local\BITFD38.tmp 2012-04-14 12:56 - 2013-04-25 18:29 - 0007052 _____ () C:\Users\sadaik\AppData\Local\d3d9caps.dat 2009-04-27 23:30 - 2014-08-29 16:25 - 0098304 _____ () C:\Users\sadaik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-01-17 00:20 - 2010-01-25 16:19 - 0000090 _____ () C:\Users\sadaik\AppData\Local\gwohxpi.bat 2015-05-31 14:38 - 2015-05-31 14:38 - 0000000 _____ () C:\Users\sadaik\AppData\Local\{3CE5BFDB-116A-43A0-8612-F42FF8E6D00A} 2011-07-18 18:51 - 2012-05-27 10:47 - 0000012 _____ () C:\ProgramData\ReminderNextRun Some files in TEMP: ==================== C:\Users\sadaik\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\sadaik\AppData\Local\Temp\oi_{FD225A7B-F482-425D-AC78-34125C83646F}.exe C:\Users\sadaik\AppData\Local\Temp\vlc-2.0.6-win32.exe C:\Users\sadaik\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-01 19:50 ==================== End of log ============================