Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015 Ran by Yassine (administrator) on YASSINE-PC on 17-07-2015 15:27:42 Running from C:\Users\Yassine\Contacts\Desktop Loaded Profiles: Yassine (Available Profiles: Yassine) Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) OS Language: Français (France) Internet Explorer Version 10 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SuperAdBlocker.com) C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\ProgramData\Right Soft\WS-Booster\WS-Booster.exe (ReviverSoft LLC) C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (FileProperties_CompanyName) C:\Program Files\green game\green_game_notification_service.exe () C:\Program Files\Monster Shopping\monster_shopping_helper_service.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Bandoo Media Inc.) C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe () C:\Program Files\Itchy Church\Itchy Church.exe (TorchMedia Inc.) C:\Users\Yassine\AppData\Local\Torch\Update\TorchCrashHandler.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe () C:\Program Files\Internet Mobile+\AssistantServices.exe () C:\Program Files\Jump Flip\updateJumpFlip.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamService.exe (ali) C:\Program Files\USB Disk Win98 Driver\Res.exe () C:\Program Files\Internet Mobile+\UIExec.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (SuperAdBlocker.com) C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Opera Software) C:\Program Files\Opera\30.0.1835.125\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [YouCam Service] => C:\Program Files\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.) HKLM\...\Run: [USB Storage Toolbox] => C:\Program Files\USB Disk Win98 Driver\Res.EXE [65536 2005-09-14] (ali) HKLM\...\Run: [UIExec] => C:\Program Files\Internet Mobile+\UIExec.exe [139088 2011-03-15] () HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-04-27] (APN) Winlogon\Notify\!SABWinLogon: C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL [2007-08-01] (SuperAdBlocker.com) HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Yassine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.) HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\Run: [uTorrent] => C:\Users\Yassine\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe [1677904 2015-02-26] (BitTorrent Inc.) HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\Run: [SuperAdBlocker] => C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [1564672 2007-08-01] (SuperAdBlocker.com) HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {1dc99612-58b6-11e4-a809-0024816b3bee} - H:\Autorun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {539b00f2-353a-11e4-b343-0024816b3bee} - F:\AutoRun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {825cda89-220d-11e4-ace3-0024816b3bee} - F:\Startme.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {93689394-3c72-11e4-ae36-0024816b3bee} - F:\AutoRun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {936893a0-3c72-11e4-ae36-0024816b3bee} - F:\AutoRun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {dbf89513-33c6-11e4-bbde-0024816b3bee} - F:\AutoRun.exe HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\MountPoints2: {dbf89519-33c6-11e4-bbde-0024816b3bee} - F:\AutoRun.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-10-23] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-01-07] ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) HKLM\...\AppCertDlls: [x64] -> c:\program files\movies app\datamngr\x64\apcrtldr.dll <===== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ HKU\S-1-5-21-1037290572-1634978092-644388079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1487&v=a15946-350&t=4 HKU\S-1-5-21-1037290572-1634978092-644388079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp HKU\S-1-5-21-1037290572-1634978092-644388079-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.gboxapp.com/ SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=406&v=a15946-350&apn_uid=1034222304364015&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKU\S-1-5-21-1037290572-1634978092-644388079-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0C3C00247E5261BA&affID=128403&tsp=5173 SearchScopes: HKU\S-1-5-21-1037290572-1634978092-644388079-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=406&v=a15946-350&apn_uid=1034222304364015&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} BHO: JoniCouapoNa -> {0aeb5ca1-2b00-4136-a7b8-85b2939328e0} -> C:\Program Files\JoniCouapoNa\qvmO7PpinZQJsM.dll [2015-04-02] () BHO: JonICoupoN -> {50E44466-04E5-4247-93ED-24BB08DB2976} -> C:\Program Files\JonICoupoN\K2ahsTaRuz6tCM.dll [2015-05-20] () BHO: RainddomPrice -> {A152EB13-FBF4-48C8-8612-79757B7E34B3} -> C:\Program Files\RainddomPrice\CQB4xjiHhcn9f2.dll [2015-05-20] () BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: DigiaSaver -> {d696351b-a9a3-435b-96be-d0076c28a876} -> C:\Program Files\DigiaSaver\FAqmjn1bBwpMnd.dll [2015-04-28] () BHO: GreatSaVe4U -> {D6F1C4D5-FDCC-45D1-9252-7372DFC40BF2} -> C:\Program Files\GreatSaVe4U\WawcTRXDPuVKKF.dll [2015-06-11] () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [77824 2006-11-07] (SuperAdBlocker.com) Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{376E49E1-65D8-44B6-8A3B-5256B9122EB4}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default FF NewTab: hxxp://websearch.freesearches.info FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://search.gboxapp.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll [2010-12-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-11-18] (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-11-18] (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-05] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin: TorchVLC -> C:\Users\Yassine\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN) FF user.js: detected! => C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\user.js [2014-07-13] FF SearchPlugin: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\searchplugins\Ask.xml [2015-04-03] FF SearchPlugin: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\searchplugins\buenosearch.xml [2014-03-01] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-03] FF Extension: 50COuponns - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\03oRz@Jws.edu [2015-03-17] FF Extension: Radio Canyon - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com [2015-06-12] FF Extension: Bing Search Engine - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\bingsearch.full@microsoft.com [2015-04-03] FF Extension: RiaNdomPricei - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\CEKZN6I@FHqy.edu [2015-03-04] FF Extension: BlockIt Ad remover - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\efxbcnxy_nksuzhgntr@ngvwvszvqovgttlsyn.net [2015-03-03] FF Extension: green game - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\Ik1ZncadT@gmail.com [2015-04-02] FF Extension: Browser AdBlocker - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\iqlxjwaj_dvfqh@ch_tbjeuweduqgwerrl.edu [2015-04-17] FF Extension: jid0HZ5UvAEiWWAxT9TKLuhEgUCARqojetpack - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack [2015-04-18] FF Extension: jid1tDEBR70q2oOOTwjetpack - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\jid1-tDEBR70q2oOOTw@jetpack [2015-05-28] FF Extension: SSaveNEWAeAppz - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\KFsr@B.edu [2015-03-03] FF Extension: Hapappy2Save - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\PttOd4p@3F.org [2015-03-06] FF Extension: aDsy - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\r1Q@n.org [2015-02-26] FF Extension: DowNSaave - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\tl@V.edu [2015-05-20] FF Extension: Monster Shopping - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\xpZij0vJ@gmail.com [2015-05-28] FF Extension: Coiinsave - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\xRBy@6BBYRr.edu [2015-02-26] FF Extension: A64F9D1EFA5E11DAA1876B94C2ED2B83 - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\5uewegky.default\Extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83} [2015-04-02] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-07] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-05] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-06-05] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-06-05] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Buenosearch Toolbar) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk [2014-03-01] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-16] CHR Extension: (Skype Click to Call) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-15] CHR Extension: (Google Wallet) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19] CHR HKLM\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Yassine\AppData\Roaming\BabSolution\CR\bueno.crx [2014-03-01] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [Not Found] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] Opera: ======= OPR Extension: (Radio Canyon) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2014-11-18] OPR Extension: (hcjdanpjacpeeppdjkppebobilhaglfo) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2015-04-02] OPR Extension: (icncamkooinmbehmkeilcccmoljfkdhp) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2015-05-28] OPR Extension: (lkmofgnohbedopheiphabfhfjgkhfcgf) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2015-04-06] OPR Extension: (Monster Shopping) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\monpennifgclhopkmgdbcnaagkgdemch [2015-05-28] OPR Extension: (Adblock Plus) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-07-16] OPR Extension: (green game) - C:\Users\Yassine\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdpibhkfkahcjfaebebkiphgenajknae [2015-04-02] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 699fd52f; c:\ProgramData\Assistant\AssistantSvc.dll [177488 2014-04-06] () [File not signed] R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-27] (APN LLC.) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 DatamngrCoordinator; C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [3204296 2015-03-23] (Bandoo Media Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed] R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-11-13] (Ellora Assets Corp.) [File not signed] S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-18] (globalUpdate) [File not signed] <==== ATTENTION S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-18] (globalUpdate) [File not signed] <==== ATTENTION R2 Itchy Church; C:\Program Files\Itchy Church\Itchy Church.exe [8016059 2015-06-10] () [File not signed] <==== ATTENTION S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 SABSVC; C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE [65536 2005-08-31] (SuperAdBlocker.com) [File not signed] R2 TorchCrashHandler; C:\Users\Yassine\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600 2013-08-29] (TuneUp Software) R2 UI Assistant Service; C:\Program Files\Internet Mobile+\AssistantServices.exe [261456 2011-03-15] () R2 Update Jump Flip; C:\Program Files\Jump Flip\updateJumpFlip.exe [317728 2014-05-17] () S2 Util Jump Flip; C:\Program Files\Jump Flip\bin\utilJumpFlip.exe [474912 2015-07-17] () S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 E4LOADER; C:\Windows\System32\Drivers\e4ldr.sys [69656 2007-01-04] (Analog Deivces) S3 e4usbaw; C:\Windows\System32\DRIVERS\e4usbaw.sys [104344 2007-01-04] (Analog Devices Inc.) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Movies App\Datamngr\setmgrc3.cfg [38472 2015-03-23] (Bandoo Media Inc.) S3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [9216 2011-03-02] (MBB Incorporated) S3 MRV6X32U; C:\Windows\System32\DRIVERS\MRVW24B.sys [310016 2007-10-28] (Marvell Semiconductor, Inc) [File not signed] R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) R1 SABDIFSV; C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [5632 2005-09-21] () [File not signed] R1 SABKUTIL; C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [32256 2007-02-20] () [File not signed] S3 SABProcEnum; C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [4096 2005-03-21] (SuperAdBlocker.com) [File not signed] R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-07] (StdLib) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [201168 2009-12-07] (Huawei Technologies Co., Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-17 15:25 - 2015-07-17 15:27 - 00000000 ____D C:\FRST 2015-07-17 15:12 - 2015-07-17 15:13 - 00143336 _____ C:\Windows\Minidump\071715-15303-01.dmp 2015-07-17 06:10 - 2015-07-17 06:10 - 00143336 _____ C:\Windows\Minidump\071715-12792-01.dmp 2015-07-17 05:40 - 2015-07-17 05:40 - 00143336 _____ C:\Windows\Minidump\071715-12386-01.dmp 2015-07-17 05:27 - 2015-07-17 05:27 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool 2015-07-17 05:27 - 2015-07-17 05:27 - 00000000 ____D C:\Users\Yassine\AppData\Local\Apps\Windows 7 USB DVD Download Tool 2015-07-17 03:00 - 2015-07-17 03:00 - 00143336 _____ C:\Windows\Minidump\071715-12230-01.dmp 2015-07-16 23:28 - 2015-07-16 23:28 - 00143336 _____ C:\Windows\Minidump\071615-12776-01.dmp 2015-07-16 23:06 - 2015-07-16 23:06 - 00143336 _____ C:\Windows\Minidump\071615-13431-01.dmp 2015-07-16 16:00 - 2015-07-16 16:00 - 00143336 _____ C:\Windows\Minidump\071615-13291-01.dmp 2015-07-16 15:51 - 2015-07-16 15:51 - 00143336 _____ C:\Windows\Minidump\071615-13275-01.dmp 2015-07-16 15:36 - 2015-07-16 15:36 - 00143336 _____ C:\Windows\Minidump\071615-13353-01.dmp 2015-07-16 15:16 - 2015-07-16 15:16 - 00143288 _____ C:\Windows\Minidump\071615-18314-01.dmp 2015-07-16 15:14 - 2015-07-16 15:14 - 00143288 _____ C:\Windows\Minidump\071615-19063-01.dmp 2015-07-16 15:13 - 2015-07-16 15:13 - 00143336 _____ C:\Windows\Minidump\071615-14149-01.dmp 2015-07-16 14:00 - 2015-07-16 14:01 - 01187520 _____ (Adobe Systems Incorporated) C:\Users\Yassine\Downloads\flashplayer18pp_fa_install.exe 2015-07-16 13:55 - 2015-07-16 15:13 - 00001064 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-07-16 13:51 - 2015-07-16 13:51 - 00001093 _____ C:\Users\Public\Desktop\Opera.lnk 2015-07-16 13:51 - 2015-07-16 13:51 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-07-16 13:49 - 2015-07-16 13:49 - 00687560 _____ (Opera Software) C:\Users\Yassine\Downloads\Opera_NI_stable.exe 2015-07-16 13:24 - 2015-07-16 13:24 - 00143336 _____ C:\Windows\Minidump\071615-19546-01.dmp 2015-07-16 13:11 - 2015-07-16 13:11 - 00143336 _____ C:\Windows\Minidump\071615-20404-01.dmp 2015-07-16 13:02 - 2015-07-16 13:02 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-16 13:02 - 2015-07-16 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-16 13:01 - 2015-07-17 15:06 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cecf69dfcb58fe.job 2015-07-16 12:48 - 2015-07-16 12:48 - 07247794 _____ C:\Users\Yassine\Downloads\install_flash_player_11_linux.x86_64.tar.gz 2015-07-16 12:47 - 2015-07-16 12:47 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-16 12:47 - 2015-07-16 12:47 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-16 12:46 - 2015-07-16 13:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-16 12:44 - 2015-07-16 12:44 - 00242904 _____ C:\Users\Yassine\Downloads\Firefox Setup Stub 39.0.exe 2015-07-16 02:17 - 2015-07-17 15:14 - 00000000 ____D C:\Users\Yassine\Documents\Youcam 2015-07-16 01:14 - 2015-07-16 01:14 - 00143336 _____ C:\Windows\Minidump\071615-16255-01.dmp 2015-07-16 01:04 - 2015-07-16 01:04 - 00143336 _____ C:\Windows\Minidump\071615-87438-01.dmp 2015-07-15 23:46 - 2015-07-15 23:46 - 00143288 _____ C:\Windows\Minidump\071515-19234-01.dmp 2015-07-15 16:44 - 2015-07-15 16:44 - 00000000 ____D C:\Users\Yassine\AppData\Local\Good Guitar 2015-07-15 16:41 - 2015-07-15 16:41 - 00143336 _____ C:\Windows\Minidump\071515-14742-01.dmp 2015-07-10 23:53 - 2015-07-10 23:53 - 00143336 _____ C:\Windows\Minidump\071015-12698-01.dmp 2015-07-05 17:06 - 2015-07-16 22:56 - 00000020 _____ C:\Users\Yassine\AppData\Roaming\appdataFr2.bin 2015-07-01 17:47 - 2015-07-01 17:47 - 00143336 _____ C:\Windows\Minidump\070115-15241-01.dmp 2015-07-01 02:25 - 2015-07-01 02:25 - 00143336 _____ C:\Windows\Minidump\070115-15584-01.dmp 2015-06-29 20:49 - 2015-06-29 20:49 - 00143336 _____ C:\Windows\Minidump\062915-14242-01.dmp 2015-06-28 04:06 - 2015-06-28 04:06 - 00143288 _____ C:\Windows\Minidump\062815-13275-01.dmp 2015-06-27 23:43 - 2015-06-27 23:43 - 00143336 _____ C:\Windows\Minidump\062715-13135-01.dmp 2015-06-27 22:48 - 2015-06-27 22:48 - 00143336 _____ C:\Windows\Minidump\062715-13868-01.dmp 2015-06-27 22:37 - 2015-06-27 22:37 - 00143336 _____ C:\Windows\Minidump\062715-13650-01.dmp 2015-06-27 22:13 - 2015-06-27 22:13 - 00143336 _____ C:\Windows\Minidump\062715-15069-01.dmp 2015-06-27 21:49 - 2015-06-27 21:49 - 00143336 _____ C:\Windows\Minidump\062715-15256-01.dmp 2015-06-27 21:45 - 2015-06-27 21:45 - 00143336 _____ C:\Windows\Minidump\062715-13416-01.dmp 2015-06-27 21:16 - 2015-06-27 21:16 - 00143336 _____ C:\Windows\Minidump\062715-13681-02.dmp 2015-06-27 15:39 - 2015-06-27 15:39 - 00143336 _____ C:\Windows\Minidump\062715-14008-01.dmp 2015-06-27 15:29 - 2015-06-27 15:29 - 00143288 _____ C:\Windows\Minidump\062715-13993-01.dmp 2015-06-27 15:13 - 2015-06-27 15:13 - 00143336 _____ C:\Windows\Minidump\062715-14071-01.dmp 2015-06-27 14:07 - 2015-06-27 14:07 - 00143336 _____ C:\Windows\Minidump\062715-14274-01.dmp 2015-06-27 13:59 - 2015-06-27 13:59 - 00143336 _____ C:\Windows\Minidump\062715-13821-02.dmp 2015-06-27 02:20 - 2015-06-27 02:20 - 00143336 _____ C:\Windows\Minidump\062715-14508-01.dmp 2015-06-27 02:14 - 2015-06-27 02:14 - 00143336 _____ C:\Windows\Minidump\062715-13806-01.dmp 2015-06-27 01:30 - 2015-06-27 01:30 - 00143336 _____ C:\Windows\Minidump\062715-12667-01.dmp 2015-06-27 00:40 - 2015-06-27 00:40 - 00143336 _____ C:\Windows\Minidump\062715-13681-01.dmp 2015-06-26 23:50 - 2015-06-26 23:50 - 00143288 _____ C:\Windows\Minidump\062615-13962-01.dmp 2015-06-26 23:49 - 2015-06-26 23:49 - 00143336 _____ C:\Windows\Minidump\062615-13072-01.dmp 2015-06-26 23:33 - 2015-06-26 23:33 - 00143336 _____ C:\Windows\Minidump\062615-7114534-01.dmp 2015-06-26 21:11 - 2015-06-26 21:11 - 00143336 _____ C:\Windows\Minidump\062615-12604-01.dmp 2015-06-26 20:52 - 2015-06-26 20:52 - 00143336 _____ C:\Windows\Minidump\062615-12370-01.dmp 2015-06-26 19:32 - 2015-06-26 19:32 - 00143336 _____ C:\Windows\Minidump\062615-12885-02.dmp 2015-06-26 18:18 - 2015-06-26 18:18 - 00143336 _____ C:\Windows\Minidump\062615-12698-01.dmp 2015-06-26 17:09 - 2015-06-26 17:09 - 00143336 _____ C:\Windows\Minidump\062615-14414-01.dmp 2015-06-26 15:34 - 2015-06-26 15:34 - 00143336 _____ C:\Windows\Minidump\062615-12870-01.dmp 2015-06-26 14:26 - 2015-06-26 14:26 - 00143336 _____ C:\Windows\Minidump\062615-13244-01.dmp 2015-06-26 13:46 - 2015-06-26 13:46 - 00143336 _____ C:\Windows\Minidump\062615-13291-01.dmp 2015-06-18 01:33 - 2015-06-18 01:33 - 00076334 _____ C:\Users\Yassine\Downloads\td5.ps 2015-06-17 23:22 - 2015-06-17 23:22 - 00553934 _____ C:\Users\Yassine\Downloads\DC6B.tmp 2015-06-17 08:39 - 2015-06-17 08:39 - 00631808 _____ C:\Users\Yassine\Downloads\5_dualite (5).ppt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-17 15:20 - 2013-10-19 19:11 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-17 15:20 - 2009-07-14 04:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-17 15:20 - 2009-07-14 04:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-17 15:18 - 2014-11-18 09:46 - 00005492 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-6.job 2015-07-17 15:16 - 2013-10-19 20:44 - 01437573 _____ C:\Windows\WindowsUpdate.log 2015-07-17 15:13 - 2015-05-28 15:01 - 00000530 _____ C:\Windows\Tasks\monster_shopping_helper_service.job 2015-07-17 15:13 - 2015-04-03 19:41 - 00000000 ____D C:\ProgramData\Datamngr 2015-07-17 15:13 - 2015-04-02 21:51 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-07-17 15:13 - 2015-04-02 20:51 - 00001306 _____ C:\Windows\Tasks\green_game_notification_service.job 2015-07-17 15:13 - 2015-04-02 20:51 - 00000668 _____ C:\Windows\Tasks\green_game_updating_service.job 2015-07-17 15:13 - 2015-02-11 00:29 - 00000320 _____ C:\Windows\Tasks\Start Registry Reviver for Yassine-PC@Yassine(logon).job 2015-07-17 15:13 - 2014-11-18 09:46 - 00005156 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-7.job 2015-07-17 15:13 - 2014-11-18 09:46 - 00004468 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-4.job 2015-07-17 15:13 - 2014-11-18 09:46 - 00003086 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-1.job 2015-07-17 15:13 - 2014-11-18 09:46 - 00002420 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-5_user.job 2015-07-17 15:13 - 2014-11-18 09:46 - 00002420 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-5.job 2015-07-17 15:13 - 2014-11-18 09:46 - 00002084 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-2.job 2015-07-17 15:13 - 2014-11-18 09:45 - 00004814 _____ C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-11.job 2015-07-17 15:13 - 2014-11-18 09:45 - 00000932 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-07-17 15:13 - 2014-09-27 17:04 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\uTorrent 2015-07-17 15:13 - 2014-05-19 20:52 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\newnext.me 2015-07-17 15:13 - 2014-05-17 16:11 - 00000000 ____D C:\ProgramData\TorchCrashHandler 2015-07-17 15:13 - 2014-03-04 00:04 - 00000452 ____H C:\Windows\Tasks\WS-Booster-S-975730335.job 2015-07-17 15:13 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-17 15:13 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\tracing 2015-07-17 15:12 - 2014-01-05 00:28 - 218209449 _____ C:\Windows\MEMORY.DMP 2015-07-17 15:12 - 2014-01-05 00:28 - 00000000 ____D C:\Windows\Minidump 2015-07-17 15:12 - 2009-07-14 04:39 - 00330323 _____ C:\Windows\setupact.log 2015-07-17 13:15 - 2011-01-17 00:52 - 00022582 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-17 12:25 - 2014-11-18 09:45 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-07-17 07:29 - 2013-10-19 19:25 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Skype 2015-07-16 15:21 - 2014-09-22 17:39 - 00000000 ____D C:\Program Files\Opera 2015-07-16 15:16 - 2011-01-17 02:25 - 00131052 _____ C:\Windows\PFRO.log 2015-07-16 14:02 - 2013-10-19 19:15 - 00000000 ____D C:\Users\Yassine\AppData\Local\Adobe 2015-07-16 14:02 - 2013-10-19 19:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-07-16 14:02 - 2013-10-19 19:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-07-16 12:47 - 2015-06-05 12:01 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-16 04:55 - 2013-10-19 20:42 - 00000000 ____D C:\Users\Yassine 2015-07-16 03:53 - 2014-10-21 00:08 - 00000000 ____D C:\Program Files\Internet Mobile+ 2015-07-16 03:53 - 2013-10-23 23:24 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-07-16 03:53 - 2013-10-19 19:27 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\vlc 2015-07-16 03:53 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\wfp 2015-07-16 03:53 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\registration 2015-07-16 01:37 - 2014-01-07 18:32 - 00000000 ____D C:\Users\Yassine\Documents\Mobogenie 2015-07-16 00:59 - 2014-05-17 16:11 - 00001365 _____ C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk 2015-07-15 17:24 - 2014-03-04 00:03 - 00000000 ____D C:\Users\Yassine\AppData\Local\Torch 2015-07-15 16:55 - 2013-10-19 19:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-15 16:42 - 2014-11-18 09:45 - 00000000 ____D C:\Program Files\globalUpdate 2015-07-15 15:40 - 2015-04-11 17:10 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2015-07-15 15:40 - 2014-05-17 16:11 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch 2015-07-15 15:40 - 2009-07-14 09:00 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-07-15 15:40 - 2009-07-14 04:52 - 00000000 ____D C:\Program Files\Windows Defender 2015-07-15 15:39 - 2013-10-19 18:52 - 00000000 ____D C:\Program Files\Google 2015-07-14 14:24 - 2015-05-15 09:12 - 00000024 _____ C:\Users\Yassine\AppData\Roaming\appdataFr25.bin 2015-06-30 17:50 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF 2015-06-25 18:18 - 2009-07-14 04:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-23 13:27 - 2011-01-17 02:17 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-20 15:59 - 2015-02-06 00:09 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\codeblocks ==================== Files in the root of some directories ======= 2015-02-02 21:02 - 2015-04-17 19:49 - 0000079 _____ () C:\Program Files\prefs.js 2015-07-05 17:06 - 2015-07-16 22:56 - 0000020 _____ () C:\Users\Yassine\AppData\Roaming\appdataFr2.bin 2015-05-15 09:12 - 2015-07-14 14:24 - 0000024 _____ () C:\Users\Yassine\AppData\Roaming\appdataFr25.bin 2015-01-28 23:23 - 2015-05-15 08:40 - 0000020 _____ () C:\Users\Yassine\AppData\Roaming\appdataFr3.bin 2014-05-12 09:28 - 2014-05-12 09:28 - 0000337 _____ () C:\Users\Yassine\AppData\Local\Perfmon.PerfmonCfg Some files in TEMP: ==================== C:\Users\Yassine\AppData\Local\Temp\setacl.exe C:\Users\Yassine\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-17 06:40 ==================== End of log ============================