Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPDiag v2015.7.5.84 By Nicolas Coolman (2015\07\05)
~ Run by Sean (Administrator) (2015/07/05 17:50:26)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Sean\Desktop\ZHPDiag.txt
~ Report: C:\Users\Sean\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
~ Windows 7, 32-bit Service Pack 1 (Build 7601)
---\\ Windows Product Information (3) - 1s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Activation Technologies : OK
---\\ System optimization software (1) - 0s
CCleaner v5.06
---\\ Surveillance software (1) - 0s
Adobe Flash Player 17 NPAPI
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
~ Total physical RAM (KB): 3144184
~ System Restore: Activé (Enable)
~ System drive C: has 344 GB free of 476 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: SEAN-PC
~ User Name: Sean
~ Logged in as Administrator
---\\ Enumeration of the disk units (3) - 6s
~ Drive C: has 344 GB free of 476 GB (System)
~ Drive E: has 1875 GB free of 1907 GB
~ Drive G: has GB free of 9 GB
---\\ Search Generic System Files (23) - 0s
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2616320]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4EB138060BAE0DBAB1A3B71A3141FE7] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\Windows\System32\wininet.dll [1950720]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [245632]
---\\ Process running (29) - 2s
[MD5.FAE39454D10CC50212BC96D182F82C33] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) -- C:\Windows\System32\nvvsvc.exe [668104] [PID.720]
[MD5.BAD1F0D57B842D3C461B02609A7E7396] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410968] [PID.744]
[MD5.6FE69F8416CB2771101DD9553D544733] - (.DTools LIMITED - Windows DTools.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [697000] [PID.1300] =>PUP.Fuyu
[MD5.51A3E36D3E62CDB341C018B0630A7176] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [943048] [PID.1652]
[MD5.FAE39454D10CC50212BC96D182F82C33] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) -- C:\Windows\System32\nvvsvc.exe [668104] [PID.1660]
[MD5.0FB5169E831027B297CEAE030D61616E] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [918160] [PID.1768]
[MD5.E9E2DC4B14F2A20046683E2B699BA79C] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files\MiuiTab\ProtectService.exe [125112] [PID.1824] =>PUP.MiuiTab
[MD5.36D1D60FD807F98DD81B29C6BC15757F] - (...) -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp [227840] [PID.1920] =>Adware.CrossRider
[MD5.12C85755886299A5AB525F37B74F3B0C] - (...) -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp [311296] [PID.1960] =>Adware.CrossRider
[MD5.F758A5752CA282925CE3324FDBBADBED] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672] [PID.2012]
[MD5.A0758AF99D157258A970D08ECEF4F378] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720] [PID.2040]
[MD5.7A7EC85927C4BE6CD55DEDFA46CD6ACB] - (...) -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp [589312] [PID.384] =>Adware.CrossRider
[MD5.EAFB798E13C296281878E70BCFE41A69] - (...) -- C:\Program Files\MasterDeals\masterdeals_helper_service.exe [191696] [PID.2948]
[MD5.EAFB798E13C296281878E70BCFE41A69] - (...) -- C:\Program Files\Crazy Deals\crazy_deals_helper_service.exe [191696] [PID.2956]
[MD5.17F601C301CFCF559F496BF268533FC1] - (...) -- C:\Program Files\Spring Sporting Games\spring_sporting_games_helper_service.exe [191692] [PID.2964]
[MD5.0DE6521016CAE929552DD557979E196C] - (.SearchProtect - CmdShell.exe.) -- C:\Program Files\MiuiTab\CmdShell.exe [29368] [PID.3144] =>PUP.MiuiTab
[MD5.638644168D9B5B5093AD84C9C162B550] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296] [PID.3284]
[MD5.ED70821F65B120FDBD76FCFF746FE219] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232] [PID.3304]
[MD5.80086ED442941DE2CA18CB6DAE8C1422] - (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656] [PID.3312]
[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe [4673432] [PID.3552]
[MD5.BF5B1D2F076E1ACBF6DF56F8C779ABDF] - (...) -- C:\ProgramData\{b7c98e2b-6b4b-3e6a-b7c9-98e2b6b438ad}\Grand Fantasia Hack.exe [374272] [PID.3588]
[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe [4673432] [PID.3760]
[MD5.939BAC33069A29BA884E4C6CCA7476BA] - (.Disc Soft Ltd - Disc Soft Bus Service.) -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928] [PID.3896]
[MD5.06C8589D129973F0B5EAC12D92A5CBA3] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1818456] [PID.4032]
[MD5.84B5D5396472C76E2DC550F4401EA233] - (.XTab system - SupHPNot.exe.) -- C:\Program Files\MiuiTab\HPNotify.exe [673976] [PID.2736] =>PUP.MiuiTab
[MD5.5588A018C772DBD69FDE3DE255D2A328] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [1058176] [PID.2812]
[MD5.70DF6F7C43B8B84D25A8788F7C588D38] - (.NVIDIA Corporation - NVIDIA Network Stream Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [5984400] [PID.4568]
[MD5.A0758AF99D157258A970D08ECEF4F378] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720] [PID.3256]
[MD5.1269B8E010B50C3EA77425AFE7DF40EA] - (.PC Utilities Software Limited - OptimizerPro Clean up your PC.) -- c:\programdata\{d8f95fa2-576b-413e-d8f9-95fa25767e89}\hqghumeaylnlf.exe [6019712] [PID.4556]
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (2) - 0s
G2 - GCE: Extension [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module
G2 - GCE: Extension [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (5) - 0s
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_17_0_0_190.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=11.40.2] - (.Oracle Corporation.) -- C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.40.2] - (.Oracle Corporation.) -- C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (11) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/ =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/ =>Hijacker.OurSurfing
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/ =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/ =>PUP.StartSearch
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
---\\ Internet Explorer, Proxy Management (R5) (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)
---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Auto loading programs from Registry and folders (O4) (19) - 0s
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
---\\ Lop.com/Domain Hijackers (O17) (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (15) - 0s
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) . (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\MiuiTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Language Setting Background (mofysilo) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp =>Adware.CrossRider
O23 - Service: Compress Comma (myroqole) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp =>Adware.CrossRider
O23 - Service: NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation - NVIDIA Network Service.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation - NVIDIA Streamer Service.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) - C:\Windows\System32\nvvsvc.exe
O23 - Service: Wheel Mouse Back Up (qozonozy) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp =>Adware.CrossRider
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Banana Phone (Update Banana Phone) . (...) - C:\Program Files\Banana Phone\updateBananaPhone.exe (.not file.) =>PUP.BananaPhone
O23 - Service: Update Edu App (Update Edu App) . (...) - C:\Program Files\Edu App\updateEduApp.exe (.not file.) =>PUP.EduApp
O23 - Service: Util Banana Phone (Util Banana Phone) . (...) - C:\Program Files\Banana Phone\bin\utilBananaPhone.exe (.not file.) =>PUP.BananaPhone
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED - Windows DTools.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
---\\ Task Planned Automatically (O39) (31) - 1s
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job [338] =>PUP.BidailySync
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\BYAIAMUF.job [1682]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\crazy_deals_helper_service.job [494]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GNOK.job [1330]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1048]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1052]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\masterdeals_helper_service.job [494]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\spring_sporting_games_helper_service.job [554]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3768]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [2814] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [2812] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [2812] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] [3248] =>PUP.BidailySync
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\BYAIAMUF [4704]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2786]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\crazy_deals_helper_service [3446]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GNOK [4352]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3796]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4048]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5520 series [3614]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\masterdeals_helper_service [3446]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task [4028] =>PUP.SmartWebSearch
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\spring_sporting_games_helper_service [3506]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{425999A8-C795-4597-B484-CF9D27506911} [3146]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{4632BCE5-C3C8-4025-ACDB-70B95B6E62CA} [3152]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{54EAD183-407F-4D8B-802B-A15092A3AB53} [3146]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{CA597C90-0C67-422A-A042-1CA056CC7450} [3124]
---\\ Software installed (O42) (33) - 6s
O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: Aeria Ignite - (.Aeria Games & Entertainment.) [HKLM] -- Aeria Ignite 1.13.3296
O42 - Logiciel: BitRaider Streaming Client - (.BitRaider, LLC.) [HKLM] -- BitRaider Streaming Client
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: DAEMON Tools Lite - (.Disc Soft Ltd.) [HKLM] -- DAEMON Tools Lite
O42 - Logiciel: DmC - Devil May Cry - (...) [HKLM] -- DmC - Devil May Cry_is1
O42 - Logiciel: Echo of Soul - (...) [HKLM] -- Echo of Soul
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: GrandFantasia-FR - (...) [HKLM] -- GrandFantasia-FR
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo
O42 - Logiciel: S4 League - (...) [HKLM] -- S4 League
O42 - Logiciel: Star Wars: Le Pouvoir de la Force 2 - (.LucasArts.) [HKLM] -- Star Wars: Le Pouvoir de la Force 2_is1
O42 - Logiciel: Star Wars The Old Republic - (.Bioware/EA.) [HKLM] -- swtor_swtor
O42 - Logiciel: WinRAR 5.21 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Skype 7.6 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
O42 - Logiciel: Java 8 Update 40 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218040F0}
O42 - Logiciel: Star Wars: The Old Republic - (.Electronic Arts, Inc..) [HKLM] -- {3B11D799-48E0-48ED-BFD7-EA655676D8BB}
O42 - Logiciel: Mumble 1.2.8 - (.Thorvald Natvig.) [HKLM] -- {5D198290-6E7D-426C-9AF0-8DA34CC7E596}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {80407BA7-7763-4395-AB98-5233F1B34E65}
O42 - Logiciel: NVIDIA 3D Vision Driver 337.88 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
O42 - Logiciel: NVIDIA Graphics Driver 337.88 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA GeForce Experience 2.4.1.21 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 337.88 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB
O42 - Logiciel: NVIDIA PhysX System Software 9.13.1220 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.30.1 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver
O42 - Logiciel: HP Photosmart 5520 series Product Improvement Study - (.Hewlett-Packard Co..) [HKLM] -- {B58FBD4F-C69A-41C1-94AC-1A47AD946C91}
O42 - Logiciel: HP Photosmart 5520 series Basic Device Software - (.Hewlett-Packard Co..) [HKLM] -- {E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}
O42 - Logiciel: Aeria Ignite - (.Aeria Games & Entertainment.) [HKLM] -- {FE2D627E-D7E0-46EA-93A6-8583420285FA}
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai
O42 - Logiciel: Popcorn Time - (.Popcorn Official.) [HKCU] -- Popcorn Time
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent
---\\ HKCU & HKLM Software Keys (118) - 6s
HKLM\SOFTWARE\5210691b-d1f9-8b68-9148-4e8e32462aa0 =>PUP.CrossRider
HKLM\SOFTWARE\AGEIA Technologies
HKLM\SOFTWARE\AIM Toolbar
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\ArenaHD =>Adware.CrossRider
HKLM\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\BioWare
HKLM\SOFTWARE\Caphyon
HKLM\SOFTWARE\CBSTEST
HKLM\SOFTWARE\Conduit =>PUP.Conduit
HKLM\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKLM\SOFTWARE\Disc Soft
HKLM\SOFTWARE\DJOnlineFB
HKLM\SOFTWARE\FFPluginHp =>PUP.SweetSearch
HKLM\SOFTWARE\GlobalUpdate =>PUP.GlobalUpdate
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\Hewlett-Packard
HKLM\SOFTWARE\HighDefAction =>Adware.CrossRider
HKLM\SOFTWARE\HP
HKLM\SOFTWARE\IHProtect =>Adware.AgentODR
HKLM\SOFTWARE\IM Providers
HKLM\SOFTWARE\Iminent =>Adware.IMBooster
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Infonaut
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\JavaSoft
HKLM\SOFTWARE\JreMetrics
HKLM\SOFTWARE\Khronos
HKLM\SOFTWARE\LucasArts
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\mystartsearchSoftware =>PUP.StartSearch
HKLM\SOFTWARE\nFlavor
HKLM\SOFTWARE\NVIDIA Corporation
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Opera Software
HKLM\SOFTWARE\oursurfingSoftware =>Hijacker.OurSurfing
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\SearchProtect =>PUP.SearchProtect
HKLM\SOFTWARE\searchult =>PUP.Optional
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\Sonic
HKLM\SOFTWARE\SpeedBit
HKLM\SOFTWARE\SupDp =>Adware.SupTab
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.SuperClick
HKLM\SOFTWARE\supTab =>Adware.SupTab
HKLM\SOFTWARE\supWindowsMangerProtect =>PUP.Fuyu
HKLM\SOFTWARE\Torch =>PUP.Torch
HKLM\SOFTWARE\Tutorials =>PUP.AgenceExclusive
HKLM\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\Aeria Games
HKCU\SOFTWARE\AhnLab
HKCU\SOFTWARE\Akamai
HKCU\SOFTWARE\AnyProtect =>PUP.AnyProtect
HKCU\SOFTWARE\AOL
HKCU\SOFTWARE\APN PIP =>PUP.Conduit
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\ArenaHD =>Adware.CrossRider
HKCU\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Burda
HKCU\SOFTWARE\BYAIAMUF
HKCU\SOFTWARE\Chromium
HKCU\SOFTWARE\CinemaP-1.9cV16.03-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV29.06-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKCU\SOFTWARE\Disc Soft
HKCU\SOFTWARE\gamesdesktop =>Adware.GamesDesktop
HKCU\SOFTWARE\globalUpdate =>PUP.GlobalUpdate
HKCU\SOFTWARE\GNOK
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Hewlett-Packard
HKCU\SOFTWARE\HighDefAction =>Adware.CrossRider
HKCU\SOFTWARE\HomeTab =>PUP.CertifiedToolbar
HKCU\SOFTWARE\HP
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\InstallPath
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\Kromtech
HKCU\SOFTWARE\Licenses
HKCU\SOFTWARE\Linkey =>PUP.LinkeySearch
HKCU\SOFTWARE\LucasArts
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Mumble
HKCU\SOFTWARE\Nico Mak Computing
HKCU\SOFTWARE\NVIDIA Corporation
HKCU\SOFTWARE\OB
HKCU\SOFTWARE\Opera Software
HKCU\SOFTWARE\Optimizer Pro =>PUP.OptimizerPro
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Rapl
HKCU\SOFTWARE\SearchProtectWS =>PUP.SearchProtect
HKCU\SOFTWARE\SecuROM
HKCU\SOFTWARE\sidecom =>PUP.Sidecom
HKCU\SOFTWARE\SimplyTech =>PUP.SimplyTech
HKCU\SOFTWARE\Skyhook Wireless
HKCU\SOFTWARE\Skype
HKCU\SOFTWARE\TNT2 =>Adware.TidyNetwork
HKCU\SOFTWARE\Torch =>PUP.Torch
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\TutoTag =>PUP.AgenceExclusive
HKCU\SOFTWARE\WajIEnhance =>Adware.Multiplug
HKCU\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>Adware.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
---\\ Contents of the Common Files folders (O43) (166) - 6s
O43 - CFD: 2015/07/05 16:30:42 - [0] D -- C:\Program Files\ One
O43 - CFD: 2015/04/03 16:56:51 - [] D -- C:\Program Files\Aeria Games
O43 - CFD: 2015/06/03 18:19:04 - [0] D -- C:\Program Files\AGEIA Technologies
O43 - CFD: 2015/07/05 16:28:46 - [0] D -- C:\Program Files\Banana Phone
O43 - CFD: 2015/06/06 22:08:32 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2015/07/03 11:50:20 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/05/29 20:43:46 - [] D -- C:\Program Files\Crazy Deals
O43 - CFD: 2015/04/03 00:35:08 - [] D -- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 2015/04/03 11:36:40 - [0] D -- C:\Program Files\Driver Downloader
O43 - CFD: 2010/11/21 02:47:00 - [] D -- C:\Program Files\DVD Maker
O43 - CFD: 2015/06/24 23:30:35 - [] D -- C:\Program Files\Electronic Arts
O43 - CFD: 2015/06/08 17:27:05 - [] D -- C:\Program Files\FunDEaaLLs =>Adware.Multiplug
O43 - CFD: 2015/06/08 17:27:14 - [] D -- C:\Program Files\FunDieaels =>Adware.Multiplug
O43 - CFD: 2015/06/08 17:27:24 - [] D -- C:\Program Files\FuunDaeauls =>Adware.Multiplug
O43 - CFD: 2015/06/30 23:10:10 - [] D -- C:\Program Files\globalUpdate =>PUP.GlobalUpdate
O43 - CFD: 2015/07/04 20:18:32 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/06/03 18:10:32 - [] D -- C:\Program Files\GUPlayer =>PUP.GUPlayer
O43 - CFD: 2015/04/28 20:17:47 - [] D -- C:\Program Files\HP
O43 - CFD: 2015/06/11 17:07:33 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/04/03 13:06:07 - [] D -- C:\Program Files\Java
O43 - CFD: 2015/05/29 23:15:12 - [] D -- C:\Program Files\MasterDeals
O43 - CFD: 2010/11/21 02:47:00 - [] D -- C:\Program Files\Microsoft Games
O43 - CFD: 2015/04/03 11:44:12 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/07/04 20:54:02 - [] D -- C:\Program Files\MiuiTab =>PUP.MiuiTab
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/04/06 15:26:33 - [] D -- C:\Program Files\Mumble
O43 - CFD: 2015/04/03 12:01:13 - [] D -- C:\Program Files\NVIDIA Corporation
O43 - CFD: 2015/05/29 23:15:43 - [] D -- C:\Program Files\Opera
O43 - CFD: 2015/05/29 22:56:12 - [0] D -- C:\Program Files\predm =>Adware.Downware
O43 - CFD: 2015/06/19 23:54:53 - [] D -- C:\Program Files\PriceDownlOAder =>Adware.Multiplug
O43 - CFD: 2015/06/19 23:54:40 - [] D -- C:\Program Files\PuraiceDownnloAider =>Adware.Multiplug
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/04/23 17:56:28 - [] D -- C:\Program Files\RRoBBoSavEr =>Adware.Multiplug
O43 - CFD: 2015/04/16 11:55:34 - [] D -- C:\Program Files\SeallePolusi =>Adware.Multiplug
O43 - CFD: 2015/07/03 11:50:20 - [] RD -- C:\Program Files\Skype
O43 - CFD: 2015/06/03 18:10:43 - [] D -- C:\Program Files\Spring Sporting Games
O43 - CFD: 2009/07/14 06:53:23 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/05/20 22:03:16 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2010/11/21 02:38:49 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2015/06/11 17:07:32 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2010/11/21 02:38:49 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2010/11/20 23:33:48 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2010/11/21 02:38:50 - [] D -- C:\Program Files\Windows Sidebar
O43 - CFD: 2015/04/03 00:31:23 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/06/03 18:27:38 - [] D -- C:\Program Files\ZHPDiag
O43 - CFD: 2015/04/03 08:54:39 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/04/03 08:54:45 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/04/03 16:56:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
O43 - CFD: 2015/04/04 16:40:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom
O43 - CFD: 2015/06/06 22:08:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 2015/04/03 00:34:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
O43 - CFD: 2015/06/24 23:30:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
O43 - CFD: 2015/06/24 23:30:38 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 2015/07/04 20:18:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2015/04/28 20:17:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
O43 - CFD: 2015/04/03 13:06:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 2009/07/14 06:42:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/04/06 15:26:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
O43 - CFD: 2015/04/03 11:58:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
O43 - CFD: 2015/07/03 11:50:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 2015/04/03 00:32:36 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2010/11/21 02:46:50 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015/04/03 00:31:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/06/19 15:14:23 - [] D -- C:\ProgramData\3bcafb64000039d1
O43 - CFD: 2015/06/19 23:55:56 - [] D -- C:\ProgramData\4851282531061613252
O43 - CFD: 2015/06/08 17:07:01 - [0] D -- C:\ProgramData\4decabe600003e47
O43 - CFD: 2015/05/29 22:55:51 - [0] D -- C:\ProgramData\6293ba48000009d0
O43 - CFD: 2015/06/19 15:14:29 - [0] D -- C:\ProgramData\634247ff000042ea
O43 - CFD: 2015/06/30 12:39:59 - [] D -- C:\ProgramData\7892c320000716f
O43 - CFD: 2015/04/21 18:55:19 - [] D -- C:\ProgramData\AdBlocker Manger =>PUP.Adblocker
O43 - CFD: 2015/04/03 00:53:09 - [] D -- C:\ProgramData\Aeria Games
O43 - CFD: 2015/04/03 13:08:53 - [] D -- C:\ProgramData\APN
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/06/24 23:33:43 - [] D -- C:\ProgramData\BitRaider
O43 - CFD: 2015/04/03 00:34:27 - [] D -- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Favorites
O43 - CFD: 2015/04/16 11:55:22 - [] D -- C:\ProgramData\ggkdgeikonmlpnokdghpnjjkpafjlkhg
O43 - CFD: 2015/04/28 20:17:22 - [] D -- C:\ProgramData\HP
O43 - CFD: 2015/05/29 20:39:12 - [] D -- C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
O43 - CFD: 2015/05/29 22:59:37 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2015/05/04 07:12:32 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 2015/07/05 16:28:49 - [] D -- C:\ProgramData\NVIDIA
O43 - CFD: 2015/04/03 11:59:57 - [] D -- C:\ProgramData\NVIDIA Corporation
O43 - CFD: 2015/04/03 13:01:05 - [] D -- C:\ProgramData\Oracle
O43 - CFD: 2015/04/04 19:04:01 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 2015/07/03 11:50:28 - [] D -- C:\ProgramData\Skype
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2015/04/04 17:30:39 - [] D -- C:\ProgramData\Steam
O43 - CFD: 2015/04/03 13:01:36 - [] D -- C:\ProgramData\Sun
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2015/05/29 20:38:07 - [] D -- C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 2015/05/07 21:46:07 - [0] D -- C:\ProgramData\WinZip
O43 - CFD: 2015/06/14 17:49:36 - [] D -- C:\ProgramData\{b7c98e2b-6b4b-3e6a-b7c9-98e2b6b438ad}
O43 - CFD: 2015/06/05 23:10:00 - [] D -- C:\ProgramData\{d8f95fa2-576b-413e-d8f9-95fa25767e89}
O43 - CFD: 2015/06/24 23:30:37 - [] D -- C:\Program Files\Common Files\BioWare
O43 - CFD: 2015/04/03 13:06:51 - [] D -- C:\Program Files\Common Files\Java
O43 - CFD: 2015/04/11 14:39:27 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2009/07/14 04:37:05 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2015/07/03 11:50:20 - [] D -- C:\Program Files\Common Files\Skype
O43 - CFD: 2009/07/14 04:37:05 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2015/04/04 10:10:11 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/07/05 16:12:45 - [] D -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C
O43 - CFD: 2015/04/03 14:48:12 - [] D -- C:\Users\Sean\AppData\Roaming\Adobe
O43 - CFD: 2015/05/29 23:45:21 - [] SHD -- C:\Users\Sean\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 2015/05/29 22:49:02 - [] D -- C:\Users\Sean\AppData\Roaming\aqmrpwwi
O43 - CFD: 2015/06/06 22:10:02 - [] D -- C:\Users\Sean\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 2015/04/16 11:57:25 - [] D -- C:\Users\Sean\AppData\Roaming\EZDownloader
O43 - CFD: 2015/05/07 17:16:57 - [] D -- C:\Users\Sean\AppData\Roaming\HpUpdate
O43 - CFD: 2015/04/03 00:04:41 - [] D -- C:\Users\Sean\AppData\Roaming\Identities
O43 - CFD: 2015/05/29 22:50:33 - [] D -- C:\Users\Sean\AppData\Roaming\kgaviodi
O43 - CFD: 2015/05/29 22:53:36 - [] D -- C:\Users\Sean\AppData\Roaming\kqnvwkib
O43 - CFD: 2015/05/07 18:18:40 - [] D -- C:\Users\Sean\AppData\Roaming\Macromedia
O43 - CFD: 2010/11/21 02:46:50 - [0] D -- C:\Users\Sean\AppData\Roaming\Media Center Programs
O43 - CFD: 2015/04/06 15:30:20 - [] SD -- C:\Users\Sean\AppData\Roaming\Microsoft
O43 - CFD: 2015/05/04 07:12:48 - [] D -- C:\Users\Sean\AppData\Roaming\Mozilla
O43 - CFD: 2015/06/13 00:55:47 - [] D -- C:\Users\Sean\AppData\Roaming\Mumble
O43 - CFD: 2015/05/29 22:49:31 - [] D -- C:\Users\Sean\AppData\Roaming\nufovtdv
O43 - CFD: 2015/05/29 23:15:40 - [0] D -- C:\Users\Sean\AppData\Roaming\Opera Software
O43 - CFD: 2015/05/29 21:45:35 - [] D -- C:\Users\Sean\AppData\Roaming\qntqekwz
O43 - CFD: 2015/07/05 17:37:14 - [] D -- C:\Users\Sean\AppData\Roaming\Skype
O43 - CFD: 2015/06/06 22:10:02 - [] D -- C:\Users\Sean\AppData\Roaming\uTorrent
O43 - CFD: 2015/04/03 13:32:18 - [] D -- C:\Users\Sean\AppData\Roaming\WinRAR
O43 - CFD: 2015/04/08 23:22:16 - [] D -- C:\Users\Sean\AppData\Roaming\WinZip
O43 - CFD: 2015/07/05 17:50:38 - [] D -- C:\Users\Sean\AppData\Roaming\ZHP
O43 - CFD: 2015/04/03 11:32:34 - [0] D -- C:\Users\Sean\AppData\Local\Adobe
O43 - CFD: 2015/04/03 00:53:39 - [] D -- C:\Users\Sean\AppData\Local\Aeria Games
O43 - CFD: 2015/07/04 22:37:02 - [] D -- C:\Users\Sean\AppData\Local\Akamai
O43 - CFD: 2015/04/03 00:04:12 - [0] SHD -- C:\Users\Sean\AppData\Local\Application Data
O43 - CFD: 2015/04/03 00:21:38 - [] D -- C:\Users\Sean\AppData\Local\Apps
O43 - CFD: 2015/04/03 00:21:44 - [0] D -- C:\Users\Sean\AppData\Local\Deployment
O43 - CFD: 2015/07/05 16:58:23 - [0] D -- C:\Users\Sean\AppData\Local\Diagnostics
O43 - CFD: 2015/06/12 17:30:15 - [0] SHD -- C:\Users\Sean\AppData\Local\EmieBrowserModeList
O43 - CFD: 2015/06/12 17:30:15 - [0] SHD -- C:\Users\Sean\AppData\Local\EmieSiteList
O43 - CFD: 2015/06/12 17:30:15 - [0] SHD -- C:\Users\Sean\AppData\Local\EmieUserList
O43 - CFD: 2015/05/29 20:38:37 - [] D -- C:\Users\Sean\AppData\Local\globalUpdate =>PUP.GlobalUpdate
O43 - CFD: 2015/07/04 20:10:20 - [] D -- C:\Users\Sean\AppData\Local\Google
O43 - CFD: 2015/04/03 00:04:12 - [0] SHD -- C:\Users\Sean\AppData\Local\History
O43 - CFD: 2015/04/04 20:33:53 - [] D -- C:\Users\Sean\AppData\Local\Howei
O43 - CFD: 2015/04/28 20:19:16 - [] D -- C:\Users\Sean\AppData\Local\HP
O43 - CFD: 2015/04/03 14:15:22 - [] D -- C:\Users\Sean\AppData\Local\LucasArts
O43 - CFD: 2015/05/07 18:18:40 - [] D -- C:\Users\Sean\AppData\Local\Macromedia
O43 - CFD: 2015/05/29 23:04:45 - [] D -- C:\Users\Sean\AppData\Local\Microsoft
O43 - CFD: 2015/05/04 07:12:48 - [] D -- C:\Users\Sean\AppData\Local\Mozilla
O43 - CFD: 2015/04/03 11:59:58 - [] D -- C:\Users\Sean\AppData\Local\NVIDIA
O43 - CFD: 2015/04/03 12:01:37 - [] D -- C:\Users\Sean\AppData\Local\NVIDIA Corporation
O43 - CFD: 2015/05/29 23:15:40 - [0] D -- C:\Users\Sean\AppData\Local\Opera Software
O43 - CFD: 2015/07/04 20:29:46 - [] D -- C:\Users\Sean\AppData\Local\Popcorn Time
O43 - CFD: 2015/07/04 21:21:44 - [] D -- C:\Users\Sean\AppData\Local\Popcorn-Time
O43 - CFD: 2015/04/03 11:34:10 - [] D -- C:\Users\Sean\AppData\Local\Programs
O43 - CFD: 2015/04/03 00:30:06 - [] D -- C:\Users\Sean\AppData\Local\Skype
O43 - CFD: 2015/07/05 16:32:39 - [] D -- C:\Users\Sean\AppData\Local\SmartWeb =>PUP.SmartWebSearch
O43 - CFD: 2015/06/25 12:31:12 - [] D -- C:\Users\Sean\AppData\Local\SWTOR
O43 - CFD: 2015/06/24 23:33:24 - [] D -- C:\Users\Sean\AppData\Local\SWTORPerf
O43 - CFD: 2015/07/05 17:49:55 - [] D -- C:\Users\Sean\AppData\Local\Temp
O43 - CFD: 2015/04/03 00:04:12 - [0] SHD -- C:\Users\Sean\AppData\Local\Temporary Internet Files
O43 - CFD: 2015/04/11 21:08:50 - [] D -- C:\Users\Sean\AppData\Local\VirtualStore
O43 - CFD: 2009/07/14 06:42:04 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/04/03 14:48:19 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/05/07 18:23:49 - [] D -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
O43 - CFD: 2009/07/14 06:37:42 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/07/04 20:29:46 - [] D -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 2015/07/05 16:32:39 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2015/04/03 00:31:24 - [] D -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
---\\ System Drivers List (SDL) (O58) (69) - 17s
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [422976]
O58 - SDL:2009/07/14 03:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [297552]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [146512]
O58 - SDL:2009/07/14 03:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [14400]
O58 - SDL:2010/11/20 23:29:03 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [80256]
O58 - SDL:2009/07/14 03:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [159312]
O58 - SDL:2010/11/20 23:29:03 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22400]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [76368]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [86608]
O58 - SDL:2009/07/14 00:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60x.sys [229888]
O58 - SDL:2009/07/14 00:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [13568]
O58 - SDL:2009/07/14 00:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [5248]
O58 - SDL:2009/07/14 02:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [272128]
O58 - SDL:2009/07/14 00:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [62336]
O58 - SDL:2009/07/14 00:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:2009/07/14 00:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [11904]
O58 - SDL:2009/07/14 00:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbdx.sys [430080]
O58 - SDL:2009/07/14 03:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [15952]
O58 - SDL:2009/07/14 03:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys [70720]
O58 - SDL:2015/04/03 00:35:23 A . (.Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver.) -- C:\Windows\System32\drivers\dtlitescsibus.sys [25104]
O58 - SDL:2009/07/14 03:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [453712]
O58 - SDL:2009/07/14 00:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbdx.sys [3100160]
O58 - SDL:2009/07/14 00:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [26624]
O58 - SDL:2009/07/14 03:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [67152]
O58 - SDL:2010/11/20 23:29:03 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [332160]
O58 - SDL:2009/07/14 03:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [41040]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [95824]
O58 - SDL:2009/07/14 03:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [89168]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [54864]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [96848]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [30800]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [235584]
O58 - SDL:2009/07/14 03:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [44624]
O58 - SDL:2014/05/20 04:39:05 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\System32\drivers\nvhda32v.sys [162592]
O58 - SDL:2014/05/20 04:39:05 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [10533152]
O58 - SDL:2010/11/20 23:29:03 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [117120]
O58 - SDL:2010/11/20 23:29:03 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [143744]
O58 - SDL:2014/11/22 12:46:30 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\drivers\nvvad32v.sys [32912]
O58 - SDL:2009/07/14 03:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1383488]
O58 - SDL:2009/07/14 03:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [106064]
O58 - SDL:2009/07/14 00:02:52 A . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [139776]
O58 - SDL:2009/07/13 22:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480]
O58 - SDL:2009/07/14 03:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [40016]
O58 - SDL:2009/07/14 03:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [77888]
O58 - SDL:2009/07/14 03:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [21072]
O58 - SDL:2009/07/14 03:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [16976]
O58 - SDL:2009/07/14 03:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [141904]
O58 - SDL:2015/05/29 12:39:16 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:2015/06/07 05:35:30 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{42f8f729-2fa8-44bb-b01a-28c57a8162c7}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:2015/06/29 18:54:34 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{6ca4ee32-3a59-4d23-8471-2bae8d896a33}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/05/29 12:40:58 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{a5ba7e96-2359-44ae-a061-636c507901d1}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/07/04 02:54:42 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{e0ec4d2c-6253-42d1-86ea-28f6d9a48110}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/05/28 23:46:08 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{e6a873ea-7ac2-4092-bda3-b2bf46afde25}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/06/02 20:40:46 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:2009/07/13 23:40:41 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2009/07/13 23:40:44 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2009/07/13 23:40:40 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2009/07/13 23:40:43 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2009/07/13 23:40:43 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2009/07/13 23:40:23 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2009/07/13 23:40:31 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2009/07/13 23:40:35 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2009/07/13 23:40:39 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2009/07/13 23:40:27 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2009/07/13 23:40:11 A . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:2009/07/13 23:40:15 A . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:2009/07/13 23:40:17 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2009/07/13 23:40:19 A . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:2009/07/13 23:40:13 A . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
---\\ Last modified or created user files (O61) (11) - 15s
O61 - LFC: 2015/07/04 20:29:13 A . (.Popcorn Official.) -- C:\Users\Sean\Downloads\Popcorn-Time-0.3.7.2-Setup.exe [23315064]
O61 - LFC: 2015/07/03 12:20:45 A . (.SoftBrain Technologies Ltd..) -- C:\Users\Sean\AppData\Local\SmartWeb\__u.exe [172673] =>PUP.SmartWebSearch
O61 - LFC: 2015/07/04 20:29:46 A . (.Popcorn Official.) -- C:\Users\Sean\AppData\Local\Popcorn Time\Uninstall.exe [380212]
O61 - LFC: 2015/06/30 14:02:40 A . (..) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\UMDShim\nvcoproc.bin [4438960]
O61 - LFC: 2015/07/03 23:33:53 A . (..) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\Packages\00007998\DAO.19733759.exe [5871552]
O61 - LFC: 2015/06/30 23:31:24 A . (..) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\Packages\00007984\CoProc update.19722912.exe [455224]
O61 - LFC: 2015/07/03 12:14:26 A . (.NVIDIA Corporation.) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe [628664]
O61 - LFC: 2015/07/03 12:14:20 A . (.NVIDIA Corporation.) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe [172984]
O61 - LFC: 2015/07/03 12:14:14 A . (.NVIDIA Corporation.) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll [1357240]
O61 - LFC: 2015/07/05 17:48:22 A . (..) -- C:\Users\Sean\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 2015/07/04 22:36:49 A . (.Akamai Technologies, Inc..) -- C:\Users\Sean\AppData\Local\Akamai\netsession_installer.exe [10473944]
---\\ File Associations Shell Spawning (O67) (9) - 0s
O67 - Shell Spawning: <.bat>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O67 - Shell Spawning: <.reg>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr>[HKLM\..\open\Command] (...) -- "%1" /S
---\\ Start Menu Internet (SMI) (O68) (8) - 0s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.ex http://www.oursurfing.com/ =>Hijacker.OurSurfing
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
---\\ Search Browser Infection (SBI) (O69) (12) - 3s
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.alias", "mystartsearch"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico"); =>PUP.StartSearch
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.name", "mystartsearch"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.ptid", "cmi"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.uid", "WDCXWD5000AAKS-00UU3A0_WD-WCAYU742584425844"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=ds&ts=1433331684&z=be0d04bcee43f8748e6b64ag2z[...] =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (mystartsearch) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.mystartsearch.com/ =>PUP.StartSearch
---\\ Search Svchost Services (SSS) (O83) (33) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [679424]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\audiosrv.dll [475136]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [523776]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2020864]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164864]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [102912]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [149504]
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (16) - 9s
SS - Demand [2015/06/23 20:23:06] [ 268464] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - Demand [2015/06/24 23:33:38] [ 363208] BitRaider Mini-Support Service Stub Loader (BRSptStub) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptStub.exe
SR - Demand [2015/02/27 18:40:30] [ 1030928] Disc Soft Lite Bus Service (Disc Soft Lite Bus Service) . (.Disc Soft Ltd.) - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
SR - Auto [2015/03/28 05:45:00] [ 918160] NVIDIA GeForce Experience Service (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SS - Auto [2015/07/04 20:17:48] [ 144200] Service Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - Demand [2015/07/04 20:17:48] [ 144200] Service Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - Auto [2015/06/24 04:08:12] [ 125112] IHProtect Service (IHProtect Service) . (.XTab system.) - C:\Program Files\MiuiTab\ProtectService.exe
SR - Auto [2015/05/29 22:56:46] [ 227840] Language Setting Background (mofysilo) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp
SR - Auto [2015/05/29 22:56:52] [ 311296] Compress Comma (myroqole) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp
SR - Auto [2015/03/28 05:45:01] [ 1878672] NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - Auto [2015/03/28 05:45:00] [20696720] NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - Auto [2014/05/20 02:04:02] [ 668104] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - Auto [2015/07/05 15:11:30] [ 589312] Wheel Mouse Back Up (qozonozy) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp
SS - Auto [2015/06/03 16:42:38] [ 327296] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - Auto [2014/05/20 01:11:19] [ 410968] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - Auto [2015/05/29 20:38:03] [ 697000] WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
---\\ Search Tracing Registry Key (O100) (12) - 3s
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASAPI32 =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASMANCS =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASMANCS =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASMANCS =>PUP.WoodenSeal
---\\ Additional Scan (O88) (108) - 0s
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
C:\Program Files\MiuiTab\ProtectService.exe =>PUP.MiuiTab
C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp =>Adware.CrossRider
C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp =>Adware.CrossRider
C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp =>Adware.CrossRider
C:\Program Files\MiuiTab\CmdShell.exe =>PUP.MiuiTab
C:\Program Files\MiuiTab\HPNotify.exe =>PUP.MiuiTab
HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service =>Adware.AgentODR
C:\Program Files\MiuiTab\ProtectService.exe =>Adware.AgentODR
HKLM\SYSTEM\CurrentControlSet\Services\mofysilo =>Adware.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\myroqole =>Adware.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\qozonozy =>Adware.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\Update Banana Phone =>PUP.BananaPhone
HKLM\SYSTEM\CurrentControlSet\Services\Update Edu App =>PUP.EduApp
HKLM\SYSTEM\CurrentControlSet\Services\Util Banana Phone =>PUP.BananaPhone
HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect =>PUP.Fuyu
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect
C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job =>PUP.BidailySync
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect
C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] =>PUP.BidailySync
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task =>PUP.SmartWebSearch
HKLM\SOFTWARE\ArenaHD =>Adware.CrossRider
HKLM\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKLM\SOFTWARE\Conduit =>PUP.Conduit
HKLM\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKLM\SOFTWARE\FFPluginHp =>PUP.SweetSearch
HKLM\SOFTWARE\GlobalUpdate =>PUP.GlobalUpdate
HKLM\SOFTWARE\HighDefAction =>Adware.CrossRider
HKLM\SOFTWARE\IHProtect =>Adware.AgentODR
HKLM\SOFTWARE\Iminent =>Adware.IMBooster
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Infonaut
HKLM\SOFTWARE\mystartsearchSoftware =>PUP.StartSearch
HKLM\SOFTWARE\oursurfingSoftware =>Hijacker.OurSurfing
HKLM\SOFTWARE\SearchProtect =>PUP.SearchProtect
HKLM\SOFTWARE\searchult =>PUP.Optional
HKLM\SOFTWARE\SupDp =>Adware.SupTab
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.SuperClick
HKLM\SOFTWARE\supTab =>Adware.SupTab
HKLM\SOFTWARE\supWindowsMangerProtect =>PUP.Fuyu
HKLM\SOFTWARE\Torch =>PUP.Torch
HKLM\SOFTWARE\Tutorials =>PUP.AgenceExclusive
HKLM\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKLM\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\AnyProtect =>PUP.AnyProtect
HKCU\SOFTWARE\APN PIP =>PUP.Conduit
HKCU\SOFTWARE\ArenaHD =>Adware.CrossRider
HKCU\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKCU\SOFTWARE\CinemaP-1.9cV16.03-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV29.06-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKCU\SOFTWARE\gamesdesktop =>Adware.GamesDesktop
HKCU\SOFTWARE\globalUpdate =>PUP.GlobalUpdate
HKCU\SOFTWARE\HighDefAction =>Adware.CrossRider
HKCU\SOFTWARE\HomeTab =>PUP.CertifiedToolbar
HKCU\SOFTWARE\Linkey =>PUP.LinkeySearch
HKCU\SOFTWARE\Optimizer Pro =>PUP.OptimizerPro
HKCU\SOFTWARE\SearchProtectWS =>PUP.SearchProtect
HKCU\SOFTWARE\sidecom =>PUP.Sidecom
HKCU\SOFTWARE\SimplyTech =>PUP.SimplyTech
HKCU\SOFTWARE\TNT2 =>Adware.TidyNetwork
HKCU\SOFTWARE\Torch =>PUP.Torch
HKCU\SOFTWARE\TutoTag =>PUP.AgenceExclusive
HKCU\SOFTWARE\WajIEnhance =>Adware.Multiplug
HKCU\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKCU\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>Adware.CrossRider =>Adware.CrossRider
C:\Program Files\FunDEaaLLs =>Adware.Multiplug
C:\Program Files\FunDieaels =>Adware.Multiplug
C:\Program Files\FuunDaeauls =>Adware.Multiplug
C:\Program Files\globalUpdate =>PUP.GlobalUpdate
C:\Program Files\GUPlayer =>PUP.GUPlayer
C:\Program Files\MiuiTab =>PUP.MiuiTab
C:\Program Files\predm =>Adware.Downware
C:\Program Files\PriceDownlOAder =>Adware.Multiplug
C:\Program Files\PuraiceDownnloAider =>Adware.Multiplug
C:\Program Files\RRoBBoSavEr =>Adware.Multiplug
C:\Program Files\SeallePolusi =>Adware.Multiplug
C:\ProgramData\AdBlocker Manger =>PUP.Adblocker
C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
C:\Users\Sean\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
C:\Users\Sean\AppData\Local\globalUpdate =>PUP.GlobalUpdate
C:\Users\Sean\AppData\Local\SmartWeb =>PUP.SmartWebSearch
C:\Windows\System32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{42f8f729-2fa8-44bb-b01a-28c57a8162c7}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{6ca4ee32-3a59-4d23-8471-2bae8d896a33}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{a5ba7e96-2359-44ae-a061-636c507901d1}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{e0ec4d2c-6253-42d1-86ea-28f6d9a48110}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{e6a873ea-7ac2-4092-bda3-b2bf46afde25}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw.sys =>PUP.LinkiDoo
C:\Users\Sean\AppData\Local\SmartWeb\__u.exe =>PUP.SmartWebSearch
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command [Bad: C:\Program Files\Internet Explorer\iexplore.ex http://www.oursurfing.com/] =>Hijacker.OurSurfing
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASAPI32 =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASMANCS =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASMANCS =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASMANCS =>PUP.WoodenSeal
---\\ Summary of the detections found on your workstation (41) - 0s
http://www.nicolascoolman.fr/trojan-fuyu/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog =>PUP.MiuiTab
http://www.nicolascoolman.fr/pup-crossrider/ =>Adware.CrossRider
http://www.nicolascoolman.fr/pup-startsearch/ =>PUP.StartSearch
http://www.nicolascoolman.fr/blog =>Hijacker.OurSurfing
http://www.nicolascoolman.fr/blog =>Adware.AgentODR
http://www.nicolascoolman.fr/blog =>PUP.BananaPhone
http://www.nicolascoolman.fr/blog =>PUP.EduApp
http://www.nicolascoolman.fr/pup-anyprotect/ =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog =>PUP.BidailySync
http://www.nicolascoolman.fr/pup-smartwebsearch/ =>PUP.SmartWebSearch
http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask
http://www.nicolascoolman.fr/toolbar-conduit/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog =>PUP.CrossBrowse
http://www.nicolascoolman.fr/blog =>PUP.SweetSearch
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/adware-imbooster/ =>Adware.IMBooster
http://www.nicolascoolman.fr/blog =>PUP.Infonaut
http://www.nicolascoolman.fr/pup-searchprotect/ =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog =>PUP.Optional
http://www.nicolascoolman.fr/pup-suptab/ =>Adware.SupTab
http://www.nicolascoolman.fr/pup-superClick/ =>PUP.SuperClick
http://www.nicolascoolman.fr/blog =>PUP.Torch
http://www.nicolascoolman.fr/spyware-agenceexclusive/ =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/pup-wajam/ =>PUP.Wajam
http://www.nicolascoolman.fr/blog =>Adware.GamesDesktop
http://www.nicolascoolman.fr/pup-certifiedtoolbar/ =>PUP.CertifiedToolbar
http://www.nicolascoolman.fr/pup-linkeysearch/ =>PUP.LinkeySearch
http://www.nicolascoolman.fr/pup-optimizerpro/ =>PUP.OptimizerPro
http://www.nicolascoolman.fr/pup-sidecom/ =>PUP.Sidecom
http://www.nicolascoolman.fr/blog =>PUP.SimplyTech
http://www.nicolascoolman.fr/adware-tidynetwork/ =>Adware.TidyNetwork
http://www.nicolascoolman.fr/pup-mutiplug/ =>Adware.Multiplug
http://www.nicolascoolman.fr/blog =>PUP.GUPlayer
http://www.nicolascoolman.fr/adware-downware/ =>Adware.Downware
http://www.nicolascoolman.fr/blog =>PUP.Adblocker
http://www.nicolascoolman.fr/pup-linkidoo/ =>PUP.LinkiDoo
http://www.nicolascoolman.fr/blog =>PUP.SearchEngine
http://www.nicolascoolman.fr/pup-internetspeedchecker/ =>PUP.InternetSpeedChecker
http://www.nicolascoolman.fr/blog =>PUP.MetalMaker
http://www.nicolascoolman.fr/blog =>PUP.WoodenSeal
~ End of the scan, 27487 items in 75 seconds (830)(0)()
~ Run by Sean (Administrator) (2015/07/05 17:50:26)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Sean\Desktop\ZHPDiag.txt
~ Report: C:\Users\Sean\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
~ Windows 7, 32-bit Service Pack 1 (Build 7601)
---\\ Windows Product Information (3) - 1s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Activation Technologies : OK
---\\ System optimization software (1) - 0s
CCleaner v5.06
---\\ Surveillance software (1) - 0s
Adobe Flash Player 17 NPAPI
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
~ Total physical RAM (KB): 3144184
~ System Restore: Activé (Enable)
~ System drive C: has 344 GB free of 476 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: SEAN-PC
~ User Name: Sean
~ Logged in as Administrator
---\\ Enumeration of the disk units (3) - 6s
~ Drive C: has 344 GB free of 476 GB (System)
~ Drive E: has 1875 GB free of 1907 GB
~ Drive G: has GB free of 9 GB
---\\ Search Generic System Files (23) - 0s
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2616320]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4EB138060BAE0DBAB1A3B71A3141FE7] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\Windows\System32\wininet.dll [1950720]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [245632]
---\\ Process running (29) - 2s
[MD5.FAE39454D10CC50212BC96D182F82C33] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) -- C:\Windows\System32\nvvsvc.exe [668104] [PID.720]
[MD5.BAD1F0D57B842D3C461B02609A7E7396] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410968] [PID.744]
[MD5.6FE69F8416CB2771101DD9553D544733] - (.DTools LIMITED - Windows DTools.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [697000] [PID.1300] =>PUP.Fuyu
[MD5.51A3E36D3E62CDB341C018B0630A7176] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [943048] [PID.1652]
[MD5.FAE39454D10CC50212BC96D182F82C33] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) -- C:\Windows\System32\nvvsvc.exe [668104] [PID.1660]
[MD5.0FB5169E831027B297CEAE030D61616E] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [918160] [PID.1768]
[MD5.E9E2DC4B14F2A20046683E2B699BA79C] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files\MiuiTab\ProtectService.exe [125112] [PID.1824] =>PUP.MiuiTab
[MD5.36D1D60FD807F98DD81B29C6BC15757F] - (...) -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp [227840] [PID.1920] =>Adware.CrossRider
[MD5.12C85755886299A5AB525F37B74F3B0C] - (...) -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp [311296] [PID.1960] =>Adware.CrossRider
[MD5.F758A5752CA282925CE3324FDBBADBED] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672] [PID.2012]
[MD5.A0758AF99D157258A970D08ECEF4F378] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720] [PID.2040]
[MD5.7A7EC85927C4BE6CD55DEDFA46CD6ACB] - (...) -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp [589312] [PID.384] =>Adware.CrossRider
[MD5.EAFB798E13C296281878E70BCFE41A69] - (...) -- C:\Program Files\MasterDeals\masterdeals_helper_service.exe [191696] [PID.2948]
[MD5.EAFB798E13C296281878E70BCFE41A69] - (...) -- C:\Program Files\Crazy Deals\crazy_deals_helper_service.exe [191696] [PID.2956]
[MD5.17F601C301CFCF559F496BF268533FC1] - (...) -- C:\Program Files\Spring Sporting Games\spring_sporting_games_helper_service.exe [191692] [PID.2964]
[MD5.0DE6521016CAE929552DD557979E196C] - (.SearchProtect - CmdShell.exe.) -- C:\Program Files\MiuiTab\CmdShell.exe [29368] [PID.3144] =>PUP.MiuiTab
[MD5.638644168D9B5B5093AD84C9C162B550] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296] [PID.3284]
[MD5.ED70821F65B120FDBD76FCFF746FE219] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232] [PID.3304]
[MD5.80086ED442941DE2CA18CB6DAE8C1422] - (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656] [PID.3312]
[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe [4673432] [PID.3552]
[MD5.BF5B1D2F076E1ACBF6DF56F8C779ABDF] - (...) -- C:\ProgramData\{b7c98e2b-6b4b-3e6a-b7c9-98e2b6b438ad}\Grand Fantasia Hack.exe [374272] [PID.3588]
[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe [4673432] [PID.3760]
[MD5.939BAC33069A29BA884E4C6CCA7476BA] - (.Disc Soft Ltd - Disc Soft Bus Service.) -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928] [PID.3896]
[MD5.06C8589D129973F0B5EAC12D92A5CBA3] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1818456] [PID.4032]
[MD5.84B5D5396472C76E2DC550F4401EA233] - (.XTab system - SupHPNot.exe.) -- C:\Program Files\MiuiTab\HPNotify.exe [673976] [PID.2736] =>PUP.MiuiTab
[MD5.5588A018C772DBD69FDE3DE255D2A328] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [1058176] [PID.2812]
[MD5.70DF6F7C43B8B84D25A8788F7C588D38] - (.NVIDIA Corporation - NVIDIA Network Stream Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [5984400] [PID.4568]
[MD5.A0758AF99D157258A970D08ECEF4F378] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720] [PID.3256]
[MD5.1269B8E010B50C3EA77425AFE7DF40EA] - (.PC Utilities Software Limited - OptimizerPro Clean up your PC.) -- c:\programdata\{d8f95fa2-576b-413e-d8f9-95fa25767e89}\hqghumeaylnlf.exe [6019712] [PID.4556]
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (2) - 0s
G2 - GCE: Extension [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module
G2 - GCE: Extension [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (5) - 0s
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_17_0_0_190.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=11.40.2] - (.Oracle Corporation.) -- C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.40.2] - (.Oracle Corporation.) -- C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (11) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/ =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/ =>Hijacker.OurSurfing
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/ =>Hijacker.OurSurfing
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/ =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/ =>PUP.StartSearch
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
---\\ Internet Explorer, Proxy Management (R5) (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)
---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Auto loading programs from Registry and folders (O4) (19) - 0s
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Sean\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKUS\S-1-5-21-3386993730-295807858-1247842499-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
---\\ Lop.com/Domain Hijackers (O17) (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.3 195.130.131.3
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (15) - 0s
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) . (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\MiuiTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Language Setting Background (mofysilo) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp =>Adware.CrossRider
O23 - Service: Compress Comma (myroqole) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp =>Adware.CrossRider
O23 - Service: NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation - NVIDIA Network Service.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation - NVIDIA Streamer Service.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) - C:\Windows\System32\nvvsvc.exe
O23 - Service: Wheel Mouse Back Up (qozonozy) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp =>Adware.CrossRider
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Banana Phone (Update Banana Phone) . (...) - C:\Program Files\Banana Phone\updateBananaPhone.exe (.not file.) =>PUP.BananaPhone
O23 - Service: Update Edu App (Update Edu App) . (...) - C:\Program Files\Edu App\updateEduApp.exe (.not file.) =>PUP.EduApp
O23 - Service: Util Banana Phone (Util Banana Phone) . (...) - C:\Program Files\Banana Phone\bin\utilBananaPhone.exe (.not file.) =>PUP.BananaPhone
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED - Windows DTools.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
---\\ Task Planned Automatically (O39) (31) - 1s
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job [338] =>PUP.BidailySync
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\BYAIAMUF.job [1682]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\crazy_deals_helper_service.job [494]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GNOK.job [1330]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1048]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1052]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\masterdeals_helper_service.job [494]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\spring_sporting_games_helper_service.job [554]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3768]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [2814] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [2812] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [2812] =>PUP.AnyProtect
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] [3248] =>PUP.BidailySync
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\BYAIAMUF [4704]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2786]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\crazy_deals_helper_service [3446]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GNOK [4352]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3796]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4048]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5520 series [3614]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\masterdeals_helper_service [3446]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task [4028] =>PUP.SmartWebSearch
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\spring_sporting_games_helper_service [3506]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{425999A8-C795-4597-B484-CF9D27506911} [3146]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{4632BCE5-C3C8-4025-ACDB-70B95B6E62CA} [3152]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{54EAD183-407F-4D8B-802B-A15092A3AB53} [3146]
O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{CA597C90-0C67-422A-A042-1CA056CC7450} [3124]
---\\ Software installed (O42) (33) - 6s
O42 - Logiciel: Adobe Flash Player 17 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI
O42 - Logiciel: Aeria Ignite - (.Aeria Games & Entertainment.) [HKLM] -- Aeria Ignite 1.13.3296
O42 - Logiciel: BitRaider Streaming Client - (.BitRaider, LLC.) [HKLM] -- BitRaider Streaming Client
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: DAEMON Tools Lite - (.Disc Soft Ltd.) [HKLM] -- DAEMON Tools Lite
O42 - Logiciel: DmC - Devil May Cry - (...) [HKLM] -- DmC - Devil May Cry_is1
O42 - Logiciel: Echo of Soul - (...) [HKLM] -- Echo of Soul
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: GrandFantasia-FR - (...) [HKLM] -- GrandFantasia-FR
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo
O42 - Logiciel: S4 League - (...) [HKLM] -- S4 League
O42 - Logiciel: Star Wars: Le Pouvoir de la Force 2 - (.LucasArts.) [HKLM] -- Star Wars: Le Pouvoir de la Force 2_is1
O42 - Logiciel: Star Wars The Old Republic - (.Bioware/EA.) [HKLM] -- swtor_swtor
O42 - Logiciel: WinRAR 5.21 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Skype 7.6 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
O42 - Logiciel: Java 8 Update 40 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218040F0}
O42 - Logiciel: Star Wars: The Old Republic - (.Electronic Arts, Inc..) [HKLM] -- {3B11D799-48E0-48ED-BFD7-EA655676D8BB}
O42 - Logiciel: Mumble 1.2.8 - (.Thorvald Natvig.) [HKLM] -- {5D198290-6E7D-426C-9AF0-8DA34CC7E596}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {80407BA7-7763-4395-AB98-5233F1B34E65}
O42 - Logiciel: NVIDIA 3D Vision Driver 337.88 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
O42 - Logiciel: NVIDIA Graphics Driver 337.88 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA GeForce Experience 2.4.1.21 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 337.88 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB
O42 - Logiciel: NVIDIA PhysX System Software 9.13.1220 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.30.1 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver
O42 - Logiciel: HP Photosmart 5520 series Product Improvement Study - (.Hewlett-Packard Co..) [HKLM] -- {B58FBD4F-C69A-41C1-94AC-1A47AD946C91}
O42 - Logiciel: HP Photosmart 5520 series Basic Device Software - (.Hewlett-Packard Co..) [HKLM] -- {E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}
O42 - Logiciel: Aeria Ignite - (.Aeria Games & Entertainment.) [HKLM] -- {FE2D627E-D7E0-46EA-93A6-8583420285FA}
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai
O42 - Logiciel: Popcorn Time - (.Popcorn Official.) [HKCU] -- Popcorn Time
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent
---\\ HKCU & HKLM Software Keys (118) - 6s
HKLM\SOFTWARE\5210691b-d1f9-8b68-9148-4e8e32462aa0 =>PUP.CrossRider
HKLM\SOFTWARE\AGEIA Technologies
HKLM\SOFTWARE\AIM Toolbar
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\ArenaHD =>Adware.CrossRider
HKLM\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\BioWare
HKLM\SOFTWARE\Caphyon
HKLM\SOFTWARE\CBSTEST
HKLM\SOFTWARE\Conduit =>PUP.Conduit
HKLM\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKLM\SOFTWARE\Disc Soft
HKLM\SOFTWARE\DJOnlineFB
HKLM\SOFTWARE\FFPluginHp =>PUP.SweetSearch
HKLM\SOFTWARE\GlobalUpdate =>PUP.GlobalUpdate
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\Hewlett-Packard
HKLM\SOFTWARE\HighDefAction =>Adware.CrossRider
HKLM\SOFTWARE\HP
HKLM\SOFTWARE\IHProtect =>Adware.AgentODR
HKLM\SOFTWARE\IM Providers
HKLM\SOFTWARE\Iminent =>Adware.IMBooster
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Infonaut
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\JavaSoft
HKLM\SOFTWARE\JreMetrics
HKLM\SOFTWARE\Khronos
HKLM\SOFTWARE\LucasArts
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\mystartsearchSoftware =>PUP.StartSearch
HKLM\SOFTWARE\nFlavor
HKLM\SOFTWARE\NVIDIA Corporation
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Opera Software
HKLM\SOFTWARE\oursurfingSoftware =>Hijacker.OurSurfing
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\SearchProtect =>PUP.SearchProtect
HKLM\SOFTWARE\searchult =>PUP.Optional
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\Sonic
HKLM\SOFTWARE\SpeedBit
HKLM\SOFTWARE\SupDp =>Adware.SupTab
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.SuperClick
HKLM\SOFTWARE\supTab =>Adware.SupTab
HKLM\SOFTWARE\supWindowsMangerProtect =>PUP.Fuyu
HKLM\SOFTWARE\Torch =>PUP.Torch
HKLM\SOFTWARE\Tutorials =>PUP.AgenceExclusive
HKLM\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\Aeria Games
HKCU\SOFTWARE\AhnLab
HKCU\SOFTWARE\Akamai
HKCU\SOFTWARE\AnyProtect =>PUP.AnyProtect
HKCU\SOFTWARE\AOL
HKCU\SOFTWARE\APN PIP =>PUP.Conduit
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\ArenaHD =>Adware.CrossRider
HKCU\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Burda
HKCU\SOFTWARE\BYAIAMUF
HKCU\SOFTWARE\Chromium
HKCU\SOFTWARE\CinemaP-1.9cV16.03-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV29.06-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKCU\SOFTWARE\Disc Soft
HKCU\SOFTWARE\gamesdesktop =>Adware.GamesDesktop
HKCU\SOFTWARE\globalUpdate =>PUP.GlobalUpdate
HKCU\SOFTWARE\GNOK
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Hewlett-Packard
HKCU\SOFTWARE\HighDefAction =>Adware.CrossRider
HKCU\SOFTWARE\HomeTab =>PUP.CertifiedToolbar
HKCU\SOFTWARE\HP
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\InstallPath
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\Kromtech
HKCU\SOFTWARE\Licenses
HKCU\SOFTWARE\Linkey =>PUP.LinkeySearch
HKCU\SOFTWARE\LucasArts
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Mumble
HKCU\SOFTWARE\Nico Mak Computing
HKCU\SOFTWARE\NVIDIA Corporation
HKCU\SOFTWARE\OB
HKCU\SOFTWARE\Opera Software
HKCU\SOFTWARE\Optimizer Pro =>PUP.OptimizerPro
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Rapl
HKCU\SOFTWARE\SearchProtectWS =>PUP.SearchProtect
HKCU\SOFTWARE\SecuROM
HKCU\SOFTWARE\sidecom =>PUP.Sidecom
HKCU\SOFTWARE\SimplyTech =>PUP.SimplyTech
HKCU\SOFTWARE\Skyhook Wireless
HKCU\SOFTWARE\Skype
HKCU\SOFTWARE\TNT2 =>Adware.TidyNetwork
HKCU\SOFTWARE\Torch =>PUP.Torch
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\TutoTag =>PUP.AgenceExclusive
HKCU\SOFTWARE\WajIEnhance =>Adware.Multiplug
HKCU\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>Adware.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
---\\ Contents of the Common Files folders (O43) (166) - 6s
O43 - CFD: 2015/07/05 16:30:42 - [0] D -- C:\Program Files\ One
O43 - CFD: 2015/04/03 16:56:51 - [] D -- C:\Program Files\Aeria Games
O43 - CFD: 2015/06/03 18:19:04 - [0] D -- C:\Program Files\AGEIA Technologies
O43 - CFD: 2015/07/05 16:28:46 - [0] D -- C:\Program Files\Banana Phone
O43 - CFD: 2015/06/06 22:08:32 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2015/07/03 11:50:20 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/05/29 20:43:46 - [] D -- C:\Program Files\Crazy Deals
O43 - CFD: 2015/04/03 00:35:08 - [] D -- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 2015/04/03 11:36:40 - [0] D -- C:\Program Files\Driver Downloader
O43 - CFD: 2010/11/21 02:47:00 - [] D -- C:\Program Files\DVD Maker
O43 - CFD: 2015/06/24 23:30:35 - [] D -- C:\Program Files\Electronic Arts
O43 - CFD: 2015/06/08 17:27:05 - [] D -- C:\Program Files\FunDEaaLLs =>Adware.Multiplug
O43 - CFD: 2015/06/08 17:27:14 - [] D -- C:\Program Files\FunDieaels =>Adware.Multiplug
O43 - CFD: 2015/06/08 17:27:24 - [] D -- C:\Program Files\FuunDaeauls =>Adware.Multiplug
O43 - CFD: 2015/06/30 23:10:10 - [] D -- C:\Program Files\globalUpdate =>PUP.GlobalUpdate
O43 - CFD: 2015/07/04 20:18:32 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/06/03 18:10:32 - [] D -- C:\Program Files\GUPlayer =>PUP.GUPlayer
O43 - CFD: 2015/04/28 20:17:47 - [] D -- C:\Program Files\HP
O43 - CFD: 2015/06/11 17:07:33 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/04/03 13:06:07 - [] D -- C:\Program Files\Java
O43 - CFD: 2015/05/29 23:15:12 - [] D -- C:\Program Files\MasterDeals
O43 - CFD: 2010/11/21 02:47:00 - [] D -- C:\Program Files\Microsoft Games
O43 - CFD: 2015/04/03 11:44:12 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/07/04 20:54:02 - [] D -- C:\Program Files\MiuiTab =>PUP.MiuiTab
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/04/06 15:26:33 - [] D -- C:\Program Files\Mumble
O43 - CFD: 2015/04/03 12:01:13 - [] D -- C:\Program Files\NVIDIA Corporation
O43 - CFD: 2015/05/29 23:15:43 - [] D -- C:\Program Files\Opera
O43 - CFD: 2015/05/29 22:56:12 - [0] D -- C:\Program Files\predm =>Adware.Downware
O43 - CFD: 2015/06/19 23:54:53 - [] D -- C:\Program Files\PriceDownlOAder =>Adware.Multiplug
O43 - CFD: 2015/06/19 23:54:40 - [] D -- C:\Program Files\PuraiceDownnloAider =>Adware.Multiplug
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/04/23 17:56:28 - [] D -- C:\Program Files\RRoBBoSavEr =>Adware.Multiplug
O43 - CFD: 2015/04/16 11:55:34 - [] D -- C:\Program Files\SeallePolusi =>Adware.Multiplug
O43 - CFD: 2015/07/03 11:50:20 - [] RD -- C:\Program Files\Skype
O43 - CFD: 2015/06/03 18:10:43 - [] D -- C:\Program Files\Spring Sporting Games
O43 - CFD: 2009/07/14 06:53:23 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/05/20 22:03:16 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2010/11/21 02:38:49 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2015/06/11 17:07:32 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2010/11/21 02:38:49 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2010/11/20 23:33:48 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2010/11/21 02:38:50 - [] D -- C:\Program Files\Windows Sidebar
O43 - CFD: 2015/04/03 00:31:23 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/06/03 18:27:38 - [] D -- C:\Program Files\ZHPDiag
O43 - CFD: 2015/04/03 08:54:39 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/04/03 08:54:45 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/04/03 16:56:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
O43 - CFD: 2015/04/04 16:40:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom
O43 - CFD: 2015/06/06 22:08:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 2015/04/03 00:34:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
O43 - CFD: 2015/06/24 23:30:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
O43 - CFD: 2015/06/24 23:30:38 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 2015/07/04 20:18:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2015/04/28 20:17:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
O43 - CFD: 2015/04/03 13:06:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 2009/07/14 06:42:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/04/06 15:26:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
O43 - CFD: 2015/04/03 11:58:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
O43 - CFD: 2015/07/03 11:50:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 2015/04/03 00:32:36 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2010/11/21 02:46:50 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015/04/03 00:31:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/06/19 15:14:23 - [] D -- C:\ProgramData\3bcafb64000039d1
O43 - CFD: 2015/06/19 23:55:56 - [] D -- C:\ProgramData\4851282531061613252
O43 - CFD: 2015/06/08 17:07:01 - [0] D -- C:\ProgramData\4decabe600003e47
O43 - CFD: 2015/05/29 22:55:51 - [0] D -- C:\ProgramData\6293ba48000009d0
O43 - CFD: 2015/06/19 15:14:29 - [0] D -- C:\ProgramData\634247ff000042ea
O43 - CFD: 2015/06/30 12:39:59 - [] D -- C:\ProgramData\7892c320000716f
O43 - CFD: 2015/04/21 18:55:19 - [] D -- C:\ProgramData\AdBlocker Manger =>PUP.Adblocker
O43 - CFD: 2015/04/03 00:53:09 - [] D -- C:\ProgramData\Aeria Games
O43 - CFD: 2015/04/03 13:08:53 - [] D -- C:\ProgramData\APN
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/06/24 23:33:43 - [] D -- C:\ProgramData\BitRaider
O43 - CFD: 2015/04/03 00:34:27 - [] D -- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Favorites
O43 - CFD: 2015/04/16 11:55:22 - [] D -- C:\ProgramData\ggkdgeikonmlpnokdghpnjjkpafjlkhg
O43 - CFD: 2015/04/28 20:17:22 - [] D -- C:\ProgramData\HP
O43 - CFD: 2015/05/29 20:39:12 - [] D -- C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
O43 - CFD: 2015/05/29 22:59:37 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2015/05/04 07:12:32 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 2015/07/05 16:28:49 - [] D -- C:\ProgramData\NVIDIA
O43 - CFD: 2015/04/03 11:59:57 - [] D -- C:\ProgramData\NVIDIA Corporation
O43 - CFD: 2015/04/03 13:01:05 - [] D -- C:\ProgramData\Oracle
O43 - CFD: 2015/04/04 19:04:01 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 2015/07/03 11:50:28 - [] D -- C:\ProgramData\Skype
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2015/04/04 17:30:39 - [] D -- C:\ProgramData\Steam
O43 - CFD: 2015/04/03 13:01:36 - [] D -- C:\ProgramData\Sun
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2015/05/29 20:38:07 - [] D -- C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 2015/05/07 21:46:07 - [0] D -- C:\ProgramData\WinZip
O43 - CFD: 2015/06/14 17:49:36 - [] D -- C:\ProgramData\{b7c98e2b-6b4b-3e6a-b7c9-98e2b6b438ad}
O43 - CFD: 2015/06/05 23:10:00 - [] D -- C:\ProgramData\{d8f95fa2-576b-413e-d8f9-95fa25767e89}
O43 - CFD: 2015/06/24 23:30:37 - [] D -- C:\Program Files\Common Files\BioWare
O43 - CFD: 2015/04/03 13:06:51 - [] D -- C:\Program Files\Common Files\Java
O43 - CFD: 2015/04/11 14:39:27 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2009/07/14 04:37:05 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2015/07/03 11:50:20 - [] D -- C:\Program Files\Common Files\Skype
O43 - CFD: 2009/07/14 04:37:05 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2015/04/04 10:10:11 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/07/05 16:12:45 - [] D -- C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C
O43 - CFD: 2015/04/03 14:48:12 - [] D -- C:\Users\Sean\AppData\Roaming\Adobe
O43 - CFD: 2015/05/29 23:45:21 - [] SHD -- C:\Users\Sean\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 2015/05/29 22:49:02 - [] D -- C:\Users\Sean\AppData\Roaming\aqmrpwwi
O43 - CFD: 2015/06/06 22:10:02 - [] D -- C:\Users\Sean\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 2015/04/16 11:57:25 - [] D -- C:\Users\Sean\AppData\Roaming\EZDownloader
O43 - CFD: 2015/05/07 17:16:57 - [] D -- C:\Users\Sean\AppData\Roaming\HpUpdate
O43 - CFD: 2015/04/03 00:04:41 - [] D -- C:\Users\Sean\AppData\Roaming\Identities
O43 - CFD: 2015/05/29 22:50:33 - [] D -- C:\Users\Sean\AppData\Roaming\kgaviodi
O43 - CFD: 2015/05/29 22:53:36 - [] D -- C:\Users\Sean\AppData\Roaming\kqnvwkib
O43 - CFD: 2015/05/07 18:18:40 - [] D -- C:\Users\Sean\AppData\Roaming\Macromedia
O43 - CFD: 2010/11/21 02:46:50 - [0] D -- C:\Users\Sean\AppData\Roaming\Media Center Programs
O43 - CFD: 2015/04/06 15:30:20 - [] SD -- C:\Users\Sean\AppData\Roaming\Microsoft
O43 - CFD: 2015/05/04 07:12:48 - [] D -- C:\Users\Sean\AppData\Roaming\Mozilla
O43 - CFD: 2015/06/13 00:55:47 - [] D -- C:\Users\Sean\AppData\Roaming\Mumble
O43 - CFD: 2015/05/29 22:49:31 - [] D -- C:\Users\Sean\AppData\Roaming\nufovtdv
O43 - CFD: 2015/05/29 23:15:40 - [0] D -- C:\Users\Sean\AppData\Roaming\Opera Software
O43 - CFD: 2015/05/29 21:45:35 - [] D -- C:\Users\Sean\AppData\Roaming\qntqekwz
O43 - CFD: 2015/07/05 17:37:14 - [] D -- C:\Users\Sean\AppData\Roaming\Skype
O43 - CFD: 2015/06/06 22:10:02 - [] D -- C:\Users\Sean\AppData\Roaming\uTorrent
O43 - CFD: 2015/04/03 13:32:18 - [] D -- C:\Users\Sean\AppData\Roaming\WinRAR
O43 - CFD: 2015/04/08 23:22:16 - [] D -- C:\Users\Sean\AppData\Roaming\WinZip
O43 - CFD: 2015/07/05 17:50:38 - [] D -- C:\Users\Sean\AppData\Roaming\ZHP
O43 - CFD: 2015/04/03 11:32:34 - [0] D -- C:\Users\Sean\AppData\Local\Adobe
O43 - CFD: 2015/04/03 00:53:39 - [] D -- C:\Users\Sean\AppData\Local\Aeria Games
O43 - CFD: 2015/07/04 22:37:02 - [] D -- C:\Users\Sean\AppData\Local\Akamai
O43 - CFD: 2015/04/03 00:04:12 - [0] SHD -- C:\Users\Sean\AppData\Local\Application Data
O43 - CFD: 2015/04/03 00:21:38 - [] D -- C:\Users\Sean\AppData\Local\Apps
O43 - CFD: 2015/04/03 00:21:44 - [0] D -- C:\Users\Sean\AppData\Local\Deployment
O43 - CFD: 2015/07/05 16:58:23 - [0] D -- C:\Users\Sean\AppData\Local\Diagnostics
O43 - CFD: 2015/06/12 17:30:15 - [0] SHD -- C:\Users\Sean\AppData\Local\EmieBrowserModeList
O43 - CFD: 2015/06/12 17:30:15 - [0] SHD -- C:\Users\Sean\AppData\Local\EmieSiteList
O43 - CFD: 2015/06/12 17:30:15 - [0] SHD -- C:\Users\Sean\AppData\Local\EmieUserList
O43 - CFD: 2015/05/29 20:38:37 - [] D -- C:\Users\Sean\AppData\Local\globalUpdate =>PUP.GlobalUpdate
O43 - CFD: 2015/07/04 20:10:20 - [] D -- C:\Users\Sean\AppData\Local\Google
O43 - CFD: 2015/04/03 00:04:12 - [0] SHD -- C:\Users\Sean\AppData\Local\History
O43 - CFD: 2015/04/04 20:33:53 - [] D -- C:\Users\Sean\AppData\Local\Howei
O43 - CFD: 2015/04/28 20:19:16 - [] D -- C:\Users\Sean\AppData\Local\HP
O43 - CFD: 2015/04/03 14:15:22 - [] D -- C:\Users\Sean\AppData\Local\LucasArts
O43 - CFD: 2015/05/07 18:18:40 - [] D -- C:\Users\Sean\AppData\Local\Macromedia
O43 - CFD: 2015/05/29 23:04:45 - [] D -- C:\Users\Sean\AppData\Local\Microsoft
O43 - CFD: 2015/05/04 07:12:48 - [] D -- C:\Users\Sean\AppData\Local\Mozilla
O43 - CFD: 2015/04/03 11:59:58 - [] D -- C:\Users\Sean\AppData\Local\NVIDIA
O43 - CFD: 2015/04/03 12:01:37 - [] D -- C:\Users\Sean\AppData\Local\NVIDIA Corporation
O43 - CFD: 2015/05/29 23:15:40 - [0] D -- C:\Users\Sean\AppData\Local\Opera Software
O43 - CFD: 2015/07/04 20:29:46 - [] D -- C:\Users\Sean\AppData\Local\Popcorn Time
O43 - CFD: 2015/07/04 21:21:44 - [] D -- C:\Users\Sean\AppData\Local\Popcorn-Time
O43 - CFD: 2015/04/03 11:34:10 - [] D -- C:\Users\Sean\AppData\Local\Programs
O43 - CFD: 2015/04/03 00:30:06 - [] D -- C:\Users\Sean\AppData\Local\Skype
O43 - CFD: 2015/07/05 16:32:39 - [] D -- C:\Users\Sean\AppData\Local\SmartWeb =>PUP.SmartWebSearch
O43 - CFD: 2015/06/25 12:31:12 - [] D -- C:\Users\Sean\AppData\Local\SWTOR
O43 - CFD: 2015/06/24 23:33:24 - [] D -- C:\Users\Sean\AppData\Local\SWTORPerf
O43 - CFD: 2015/07/05 17:49:55 - [] D -- C:\Users\Sean\AppData\Local\Temp
O43 - CFD: 2015/04/03 00:04:12 - [0] SHD -- C:\Users\Sean\AppData\Local\Temporary Internet Files
O43 - CFD: 2015/04/11 21:08:50 - [] D -- C:\Users\Sean\AppData\Local\VirtualStore
O43 - CFD: 2009/07/14 06:42:04 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/04/03 14:48:19 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/05/07 18:23:49 - [] D -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
O43 - CFD: 2009/07/14 06:37:42 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/07/04 20:29:46 - [] D -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 2015/07/05 16:32:39 - [] RD -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2015/04/03 00:31:24 - [] D -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
---\\ System Drivers List (SDL) (O58) (69) - 17s
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [422976]
O58 - SDL:2009/07/14 03:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [297552]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [146512]
O58 - SDL:2009/07/14 03:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [14400]
O58 - SDL:2010/11/20 23:29:03 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [80256]
O58 - SDL:2009/07/14 03:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [159312]
O58 - SDL:2010/11/20 23:29:03 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22400]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [76368]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [86608]
O58 - SDL:2009/07/14 00:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60x.sys [229888]
O58 - SDL:2009/07/14 00:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [13568]
O58 - SDL:2009/07/14 00:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [5248]
O58 - SDL:2009/07/14 02:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [272128]
O58 - SDL:2009/07/14 00:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [62336]
O58 - SDL:2009/07/14 00:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:2009/07/14 00:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [11904]
O58 - SDL:2009/07/14 00:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbdx.sys [430080]
O58 - SDL:2009/07/14 03:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [15952]
O58 - SDL:2009/07/14 03:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys [70720]
O58 - SDL:2015/04/03 00:35:23 A . (.Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver.) -- C:\Windows\System32\drivers\dtlitescsibus.sys [25104]
O58 - SDL:2009/07/14 03:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [453712]
O58 - SDL:2009/07/14 00:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbdx.sys [3100160]
O58 - SDL:2009/07/14 00:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [26624]
O58 - SDL:2009/07/14 03:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [67152]
O58 - SDL:2010/11/20 23:29:03 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [332160]
O58 - SDL:2009/07/14 03:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [41040]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [95824]
O58 - SDL:2009/07/14 03:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [89168]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [54864]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [96848]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [30800]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [235584]
O58 - SDL:2009/07/14 03:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [44624]
O58 - SDL:2014/05/20 04:39:05 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\System32\drivers\nvhda32v.sys [162592]
O58 - SDL:2014/05/20 04:39:05 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [10533152]
O58 - SDL:2010/11/20 23:29:03 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [117120]
O58 - SDL:2010/11/20 23:29:03 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [143744]
O58 - SDL:2014/11/22 12:46:30 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\drivers\nvvad32v.sys [32912]
O58 - SDL:2009/07/14 03:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1383488]
O58 - SDL:2009/07/14 03:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [106064]
O58 - SDL:2009/07/14 00:02:52 A . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [139776]
O58 - SDL:2009/07/13 22:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480]
O58 - SDL:2009/07/14 03:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [40016]
O58 - SDL:2009/07/14 03:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [77888]
O58 - SDL:2009/07/14 03:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [21072]
O58 - SDL:2009/07/14 03:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [16976]
O58 - SDL:2009/07/14 03:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [141904]
O58 - SDL:2015/05/29 12:39:16 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:2015/06/07 05:35:30 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{42f8f729-2fa8-44bb-b01a-28c57a8162c7}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:2015/06/29 18:54:34 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{6ca4ee32-3a59-4d23-8471-2bae8d896a33}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/05/29 12:40:58 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{a5ba7e96-2359-44ae-a061-636c507901d1}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/07/04 02:54:42 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{e0ec4d2c-6253-42d1-86ea-28f6d9a48110}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/05/28 23:46:08 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{e6a873ea-7ac2-4092-bda3-b2bf46afde25}Gw.sys [43152] =>PUP.LinkiDoo
O58 - SDL:2015/06/02 20:40:46 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:2009/07/13 23:40:41 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2009/07/13 23:40:44 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2009/07/13 23:40:40 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2009/07/13 23:40:43 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2009/07/13 23:40:43 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2009/07/13 23:40:23 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2009/07/13 23:40:31 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2009/07/13 23:40:35 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2009/07/13 23:40:39 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2009/07/13 23:40:27 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2009/07/13 23:40:11 A . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:2009/07/13 23:40:15 A . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:2009/07/13 23:40:17 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2009/07/13 23:40:19 A . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:2009/07/13 23:40:13 A . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
---\\ Last modified or created user files (O61) (11) - 15s
O61 - LFC: 2015/07/04 20:29:13 A . (.Popcorn Official.) -- C:\Users\Sean\Downloads\Popcorn-Time-0.3.7.2-Setup.exe [23315064]
O61 - LFC: 2015/07/03 12:20:45 A . (.SoftBrain Technologies Ltd..) -- C:\Users\Sean\AppData\Local\SmartWeb\__u.exe [172673] =>PUP.SmartWebSearch
O61 - LFC: 2015/07/04 20:29:46 A . (.Popcorn Official.) -- C:\Users\Sean\AppData\Local\Popcorn Time\Uninstall.exe [380212]
O61 - LFC: 2015/06/30 14:02:40 A . (..) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\UMDShim\nvcoproc.bin [4438960]
O61 - LFC: 2015/07/03 23:33:53 A . (..) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\Packages\00007998\DAO.19733759.exe [5871552]
O61 - LFC: 2015/06/30 23:31:24 A . (..) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\Packages\00007984\CoProc update.19722912.exe [455224]
O61 - LFC: 2015/07/03 12:14:26 A . (.NVIDIA Corporation.) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe [628664]
O61 - LFC: 2015/07/03 12:14:20 A . (.NVIDIA Corporation.) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe [172984]
O61 - LFC: 2015/07/03 12:14:14 A . (.NVIDIA Corporation.) -- C:\Users\Sean\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll [1357240]
O61 - LFC: 2015/07/05 17:48:22 A . (..) -- C:\Users\Sean\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 2015/07/04 22:36:49 A . (.Akamai Technologies, Inc..) -- C:\Users\Sean\AppData\Local\Akamai\netsession_installer.exe [10473944]
---\\ File Associations Shell Spawning (O67) (9) - 0s
O67 - Shell Spawning: <.bat>
O67 - Shell Spawning: <.cpl>
O67 - Shell Spawning: <.cmd>
O67 - Shell Spawning: <.com>
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.reg>
O67 - Shell Spawning: <.scr>
---\\ Start Menu Internet (SMI) (O68) (8) - 0s
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
---\\ Search Browser Infection (SBI) (O69) (12) - 3s
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.alias", "mystartsearch"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico"); =>PUP.StartSearch
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.name", "mystartsearch"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.ptid", "cmi"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.uid", "WDCXWD5000AAKS-00UU3A0_WD-WCAYU742584425844"); =>PUP.SearchEngine
O69 - SBI: prefs.js [Sean - sqpjq103.default] user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=ds&ts=1433331684&z=be0d04bcee43f8748e6b64ag2z[...] =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (mystartsearch) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://www.mystartsearch.com/ =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.mystartsearch.com/ =>PUP.StartSearch
---\\ Search Svchost Services (SSS) (O83) (33) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [679424]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\audiosrv.dll [475136]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [523776]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2020864]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164864]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [102912]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [149504]
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (16) - 9s
SS - Demand [2015/06/23 20:23:06] [ 268464] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - Demand [2015/06/24 23:33:38] [ 363208] BitRaider Mini-Support Service Stub Loader (BRSptStub) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptStub.exe
SR - Demand [2015/02/27 18:40:30] [ 1030928] Disc Soft Lite Bus Service (Disc Soft Lite Bus Service) . (.Disc Soft Ltd.) - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
SR - Auto [2015/03/28 05:45:00] [ 918160] NVIDIA GeForce Experience Service (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SS - Auto [2015/07/04 20:17:48] [ 144200] Service Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - Demand [2015/07/04 20:17:48] [ 144200] Service Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - Auto [2015/06/24 04:08:12] [ 125112] IHProtect Service (IHProtect Service) . (.XTab system.) - C:\Program Files\MiuiTab\ProtectService.exe
SR - Auto [2015/05/29 22:56:46] [ 227840] Language Setting Background (mofysilo) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp
SR - Auto [2015/05/29 22:56:52] [ 311296] Compress Comma (myroqole) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp
SR - Auto [2015/03/28 05:45:01] [ 1878672] NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - Auto [2015/03/28 05:45:00] [20696720] NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - Auto [2014/05/20 02:04:02] [ 668104] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - Auto [2015/07/05 15:11:30] [ 589312] Wheel Mouse Back Up (qozonozy) . (...) - C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp
SS - Auto [2015/06/03 16:42:38] [ 327296] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - Auto [2014/05/20 01:11:19] [ 410968] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - Auto [2015/05/29 20:38:03] [ 697000] WindowsMangerProtect Service (WindowsMangerProtect) . (.DTools LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
---\\ Search Tracing Registry Key (O100) (12) - 3s
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASAPI32 =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASMANCS =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASMANCS =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASMANCS =>PUP.WoodenSeal
---\\ Additional Scan (O88) (108) - 0s
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
C:\Program Files\MiuiTab\ProtectService.exe =>PUP.MiuiTab
C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\jnskB465.tmp =>Adware.CrossRider
C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\hnsvC910.tmp =>Adware.CrossRider
C:\Users\Sean\AppData\Roaming\00000000-1432932988-0000-0000-00241D1EDC8C\knsu47F3.tmp =>Adware.CrossRider
C:\Program Files\MiuiTab\CmdShell.exe =>PUP.MiuiTab
C:\Program Files\MiuiTab\HPNotify.exe =>PUP.MiuiTab
HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service =>Adware.AgentODR
C:\Program Files\MiuiTab\ProtectService.exe =>Adware.AgentODR
HKLM\SYSTEM\CurrentControlSet\Services\mofysilo =>Adware.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\myroqole =>Adware.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\qozonozy =>Adware.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\Update Banana Phone =>PUP.BananaPhone
HKLM\SYSTEM\CurrentControlSet\Services\Update Edu App =>PUP.EduApp
HKLM\SYSTEM\CurrentControlSet\Services\Util Banana Phone =>PUP.BananaPhone
HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect =>PUP.Fuyu
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect
C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job =>PUP.BidailySync
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect
C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] =>PUP.BidailySync
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task =>PUP.SmartWebSearch
HKLM\SOFTWARE\ArenaHD =>Adware.CrossRider
HKLM\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKLM\SOFTWARE\Conduit =>PUP.Conduit
HKLM\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKLM\SOFTWARE\FFPluginHp =>PUP.SweetSearch
HKLM\SOFTWARE\GlobalUpdate =>PUP.GlobalUpdate
HKLM\SOFTWARE\HighDefAction =>Adware.CrossRider
HKLM\SOFTWARE\IHProtect =>Adware.AgentODR
HKLM\SOFTWARE\Iminent =>Adware.IMBooster
HKLM\SOFTWARE\Infonaut_1.10.0.14 =>PUP.Infonaut
HKLM\SOFTWARE\mystartsearchSoftware =>PUP.StartSearch
HKLM\SOFTWARE\oursurfingSoftware =>Hijacker.OurSurfing
HKLM\SOFTWARE\SearchProtect =>PUP.SearchProtect
HKLM\SOFTWARE\searchult =>PUP.Optional
HKLM\SOFTWARE\SupDp =>Adware.SupTab
HKLM\SOFTWARE\SuperClick_1.10.0.16 =>PUP.SuperClick
HKLM\SOFTWARE\supTab =>Adware.SupTab
HKLM\SOFTWARE\supWindowsMangerProtect =>PUP.Fuyu
HKLM\SOFTWARE\Torch =>PUP.Torch
HKLM\SOFTWARE\Tutorials =>PUP.AgenceExclusive
HKLM\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKLM\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\AnyProtect =>PUP.AnyProtect
HKCU\SOFTWARE\APN PIP =>PUP.Conduit
HKCU\SOFTWARE\ArenaHD =>Adware.CrossRider
HKCU\SOFTWARE\AskPartnerNetwork =>Toolbar.Ask
HKCU\SOFTWARE\CinemaP-1.9cV16.03-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\CinemaPlus-3.2cV29.06-nv-ie =>Adware.CrossRider
HKCU\SOFTWARE\Crossbrowse =>PUP.CrossBrowse
HKCU\SOFTWARE\gamesdesktop =>Adware.GamesDesktop
HKCU\SOFTWARE\globalUpdate =>PUP.GlobalUpdate
HKCU\SOFTWARE\HighDefAction =>Adware.CrossRider
HKCU\SOFTWARE\HomeTab =>PUP.CertifiedToolbar
HKCU\SOFTWARE\Linkey =>PUP.LinkeySearch
HKCU\SOFTWARE\Optimizer Pro =>PUP.OptimizerPro
HKCU\SOFTWARE\SearchProtectWS =>PUP.SearchProtect
HKCU\SOFTWARE\sidecom =>PUP.Sidecom
HKCU\SOFTWARE\SimplyTech =>PUP.SimplyTech
HKCU\SOFTWARE\TNT2 =>Adware.TidyNetwork
HKCU\SOFTWARE\Torch =>PUP.Torch
HKCU\SOFTWARE\TutoTag =>PUP.AgenceExclusive
HKCU\SOFTWARE\WajIEnhance =>Adware.Multiplug
HKCU\SOFTWARE\WajIntEnhance =>PUP.Wajam
HKCU\SOFTWARE\YorkNewCin =>Adware.CrossRider
HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>Adware.CrossRider =>Adware.CrossRider
C:\Program Files\FunDEaaLLs =>Adware.Multiplug
C:\Program Files\FunDieaels =>Adware.Multiplug
C:\Program Files\FuunDaeauls =>Adware.Multiplug
C:\Program Files\globalUpdate =>PUP.GlobalUpdate
C:\Program Files\GUPlayer =>PUP.GUPlayer
C:\Program Files\MiuiTab =>PUP.MiuiTab
C:\Program Files\predm =>Adware.Downware
C:\Program Files\PriceDownlOAder =>Adware.Multiplug
C:\Program Files\PuraiceDownnloAider =>Adware.Multiplug
C:\Program Files\RRoBBoSavEr =>Adware.Multiplug
C:\Program Files\SeallePolusi =>Adware.Multiplug
C:\ProgramData\AdBlocker Manger =>PUP.Adblocker
C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
C:\Users\Sean\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
C:\Users\Sean\AppData\Local\globalUpdate =>PUP.GlobalUpdate
C:\Users\Sean\AppData\Local\SmartWeb =>PUP.SmartWebSearch
C:\Windows\System32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{42f8f729-2fa8-44bb-b01a-28c57a8162c7}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{6ca4ee32-3a59-4d23-8471-2bae8d896a33}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{a5ba7e96-2359-44ae-a061-636c507901d1}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{e0ec4d2c-6253-42d1-86ea-28f6d9a48110}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{e6a873ea-7ac2-4092-bda3-b2bf46afde25}Gw.sys =>PUP.LinkiDoo
C:\Windows\System32\drivers\{eb01aed1-bba3-4e72-8323-a77bb027b1d4}Gw.sys =>PUP.LinkiDoo
C:\Users\Sean\AppData\Local\SmartWeb\__u.exe =>PUP.SmartWebSearch
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command [Bad: C:\Program Files\Internet Explorer\iexplore.ex http://www.oursurfing.com/] =>Hijacker.OurSurfing
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASAPI32 =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SpeedCheckerService_RASMANCS =>PUP.InternetSpeedChecker
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\updateWoodenSeal_RASMANCS =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASAPI32 =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilMetalMaker_RASMANCS =>PUP.MetalMaker
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASAPI32 =>PUP.WoodenSeal
HKLM\SOFTWARE\Microsoft\Tracing\utilWoodenSeal_RASMANCS =>PUP.WoodenSeal
---\\ Summary of the detections found on your workstation (41) - 0s
http://www.nicolascoolman.fr/trojan-fuyu/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog =>PUP.MiuiTab
http://www.nicolascoolman.fr/pup-crossrider/ =>Adware.CrossRider
http://www.nicolascoolman.fr/pup-startsearch/ =>PUP.StartSearch
http://www.nicolascoolman.fr/blog =>Hijacker.OurSurfing
http://www.nicolascoolman.fr/blog =>Adware.AgentODR
http://www.nicolascoolman.fr/blog =>PUP.BananaPhone
http://www.nicolascoolman.fr/blog =>PUP.EduApp
http://www.nicolascoolman.fr/pup-anyprotect/ =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog =>PUP.BidailySync
http://www.nicolascoolman.fr/pup-smartwebsearch/ =>PUP.SmartWebSearch
http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask
http://www.nicolascoolman.fr/toolbar-conduit/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog =>PUP.CrossBrowse
http://www.nicolascoolman.fr/blog =>PUP.SweetSearch
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/adware-imbooster/ =>Adware.IMBooster
http://www.nicolascoolman.fr/blog =>PUP.Infonaut
http://www.nicolascoolman.fr/pup-searchprotect/ =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog =>PUP.Optional
http://www.nicolascoolman.fr/pup-suptab/ =>Adware.SupTab
http://www.nicolascoolman.fr/pup-superClick/ =>PUP.SuperClick
http://www.nicolascoolman.fr/blog =>PUP.Torch
http://www.nicolascoolman.fr/spyware-agenceexclusive/ =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/pup-wajam/ =>PUP.Wajam
http://www.nicolascoolman.fr/blog =>Adware.GamesDesktop
http://www.nicolascoolman.fr/pup-certifiedtoolbar/ =>PUP.CertifiedToolbar
http://www.nicolascoolman.fr/pup-linkeysearch/ =>PUP.LinkeySearch
http://www.nicolascoolman.fr/pup-optimizerpro/ =>PUP.OptimizerPro
http://www.nicolascoolman.fr/pup-sidecom/ =>PUP.Sidecom
http://www.nicolascoolman.fr/blog =>PUP.SimplyTech
http://www.nicolascoolman.fr/adware-tidynetwork/ =>Adware.TidyNetwork
http://www.nicolascoolman.fr/pup-mutiplug/ =>Adware.Multiplug
http://www.nicolascoolman.fr/blog =>PUP.GUPlayer
http://www.nicolascoolman.fr/adware-downware/ =>Adware.Downware
http://www.nicolascoolman.fr/blog =>PUP.Adblocker
http://www.nicolascoolman.fr/pup-linkidoo/ =>PUP.LinkiDoo
http://www.nicolascoolman.fr/blog =>PUP.SearchEngine
http://www.nicolascoolman.fr/pup-internetspeedchecker/ =>PUP.InternetSpeedChecker
http://www.nicolascoolman.fr/blog =>PUP.MetalMaker
http://www.nicolascoolman.fr/blog =>PUP.WoodenSeal
~ End of the scan, 27487 items in 75 seconds (830)(0)()