Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Amandine (administrator) on AMANDINE-HP on 15-03-2015 20:55:04 Running from C:\Users\Amandine\Downloads Loaded Profiles: Amandine (Available profiles: Amandine) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe () C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\jnsaD183.tmp (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\nsrE314.tmp (ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe () C:\Windows\SysWOW64\srvany.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe (Dropbox, Inc.) C:\Users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe (Google Inc.) C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-06-19] (Hewlett-Packard Company) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2012-09-02] (IDT, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11265536 2009-12-12] (Hewlett-Packard) HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [gmsd_fr_286] => [X] HKLM-x32\...\Run: [gmsd_fr_300] => [X] HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [EPSON SX100 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2009-07-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Run: [Google Update] => C:\Users\Amandine\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-15] (Google Inc.) HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: D - D:\start.exe HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: G - G:\LaunchU3.exe HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {491f6970-a006-11e4-8aa7-e02a82965cfd} - D:\start.exe HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {58d82caa-0f55-11e4-971d-e02a82965cfd} - D:\LaunchU3.exe -a HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\MountPoints2: {d546675c-3ca4-11e2-b62d-e02a82a58ce6} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW&q={searchTerms} HKU\S-1-5-21-3494486946-2990348000-502095539-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW HKU\S-1-5-21-3494486946-2990348000-502095539-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW SearchScopes: HKLM -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=ST9320423AS_5VH5S7AW&ts=1426108573&type=default&q={searchTerms} BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-02] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-02] (Oracle Corporation) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited) BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3494486946-2990348000-502095539-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Winsock: Catalog9 01 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.) Winsock: Catalog9 02 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.) Winsock: Catalog9 03 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.) Winsock: Catalog9 04 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.) Winsock: Catalog9 16 C:\windows\SysWOW64\BDL.dll [319392] (BD Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-09-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3494486946-2990348000-502095539-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Amandine\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF Plugin HKU\S-1-5-21-3494486946-2990348000-502095539-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Amandine\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-09-02] FF HKU\S-1-5-21-3494486946-2990348000-502095539-1001\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension Chrome: ======= CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW" CHR DefaultSearchKeyword: Default -> istartsurf CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (Google Wallet) - C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Users\Amandine\AppData\Local\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1426107640&from=ill&uid=ST9320423AS_5VH5S7AW ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-12-16] (McAfee, Inc.) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd) R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112 2010-05-10] (Hewlett-Packard Company) [File not signed] R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.) R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company) R2 hyxuduge; C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\jnsaD183.tmp [175104 2015-03-07] () [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-10] (XTab system) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 ryqofisu; C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA\nsrE314.tmp [136704 2015-03-11] () [File not signed] R2 uArcCapture; C:\windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.) R2 WIN-srvGA; C:\windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-11] (SysTool PasSame LIMITED) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-12-16] (McAfee, Inc.) R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.) R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-12-16] () [File not signed] R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-12-16] (McAfee, Inc.) R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.) R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-12-16] (McAfee, Inc.) R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2009-12-18] () R1 {c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64; C:\Windows\System32\drivers\{c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64.sys [48784 2015-03-11] (StdLib) S1 MpKsl1ad4faf6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1B3DBF7-2E12-457D-BA13-C7DF3D6601C4}\MpKsl1ad4faf6.sys [X] S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-15 20:55 - 2015-03-15 20:58 - 00026221 _____ () C:\Users\Amandine\Downloads\FRST.txt 2015-03-15 20:54 - 2015-03-15 20:55 - 00000000 ____D () C:\FRST 2015-03-15 20:54 - 2015-03-15 20:54 - 02095616 _____ (Farbar) C:\Users\Amandine\Downloads\FRST64.exe 2015-03-11 22:18 - 2015-03-15 20:51 - 00004082 _____ () C:\windows\Tasks\cbd6b99d-5071-4681-815b-5687dc2cf47f-12.job 2015-03-11 22:18 - 2015-03-11 22:18 - 00007112 _____ () C:\windows\System32\Tasks\cbd6b99d-5071-4681-815b-5687dc2cf47f-12 2015-03-11 22:18 - 2015-03-11 22:18 - 00000000 ____D () C:\Program Files (x86)\winservice86 2015-03-11 22:16 - 2015-03-11 22:16 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-03-11 22:15 - 2015-03-11 22:16 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-03-11 22:15 - 2015-03-11 22:15 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-03-11 22:07 - 2015-03-11 22:08 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\istartsurf 2015-03-11 21:25 - 2015-03-11 05:21 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{c68dca94-1bf7-448a-8cc5-428cddf04bbd}Gw64.sys 2015-03-11 21:18 - 2015-03-11 21:27 - 00000000 ____D () C:\AdwCleaner 2015-03-11 21:16 - 2015-03-11 21:17 - 02171392 _____ () C:\Users\Amandine\Downloads\adwcleaner_4.112.exe 2015-03-10 19:07 - 2015-03-10 19:08 - 00000000 ____D () C:\Program Files (x86)\ca52404f-fdbf-4592-bc1d-1474ee74f4cc 2015-03-10 18:41 - 2015-03-11 21:25 - 00000000 ____D () C:\Program Files (x86)\Mountain Bike 2015-03-10 18:14 - 2015-03-10 18:14 - 00003128 _____ () C:\windows\System32\Tasks\{DC215D9A-2FD3-4FCC-B8F0-EA313B9716CD} 2015-03-07 18:52 - 2015-03-07 18:52 - 00613255 _____ (CMI Limited) C:\Users\Amandine\AppData\Local\nsn3CC.tmp 2015-03-07 18:47 - 2015-03-10 17:49 - 00000000 ____D () C:\ProgramData\{9979b1c9-e625-9253-9979-9b1c9e62c727} 2015-03-07 18:37 - 2015-03-07 18:37 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf 2015-03-07 18:36 - 2015-03-10 18:35 - 00008672 _____ () C:\windows\SysWOW64\BasementDusterOff.ini 2015-03-07 18:36 - 2015-03-10 18:35 - 00008672 _____ () C:\windows\system32\BasementDusterOff.ini 2015-03-07 18:35 - 2015-03-06 10:29 - 00319392 _____ (BD Inc.) C:\windows\SysWOW64\BDL.dll 2015-03-07 18:11 - 2015-03-10 17:52 - 00000000 ____D () C:\Users\Amandine\AppData\Local\16A0B31B-1425751866-11E0-B057-0884B30040EA 2015-03-07 18:01 - 2015-03-15 20:49 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\16A0B31B-1425747700-11E0-B057-0884B30040EA 2015-03-07 11:21 - 2015-03-07 12:05 - 00012732 _____ () C:\Users\Amandine\Documents\Comptes parents.xlsx 2015-03-04 22:54 - 2015-03-04 22:54 - 00000000 ____D () C:\041c52916900fe40ccdb916fdd 2015-03-02 14:29 - 2015-03-10 19:17 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-02-25 23:49 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls 2015-02-25 23:49 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls 2015-02-25 21:05 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll 2015-02-25 21:05 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll 2015-02-25 21:05 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll 2015-02-25 21:05 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll 2015-02-23 21:24 - 2015-02-23 21:24 - 00000000 __SHD () C:\Users\Amandine\AppData\Local\EmieBrowserModeList 2015-02-22 18:53 - 2015-02-22 18:53 - 00003286 _____ () C:\windows\System32\Tasks\OBIWahe2Tev6RDj 2015-02-22 18:53 - 2015-02-22 18:53 - 00003246 _____ () C:\windows\System32\Tasks\9fb2jX7tSXJeeae 2015-02-22 18:53 - 2015-02-22 18:53 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\LNwJyj1 2015-02-22 18:52 - 2015-02-22 18:53 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\qMFj9qU 2015-02-20 17:36 - 2015-02-20 17:36 - 00000000 ____D () C:\Program Files (x86)\93dabc92-2c3c-49f6-b30b-6fb9e1094381 2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL 2015-02-14 10:16 - 2015-02-14 10:16 - 00000000 ____D () C:\Users\Amandine\Documents\208 2015-02-13 09:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-02-13 09:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-02-13 09:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-02-13 09:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-15 20:58 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-15 20:58 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-15 20:56 - 2012-06-15 21:40 - 01088459 _____ () C:\windows\WindowsUpdate.log 2015-03-15 20:52 - 2014-10-27 19:32 - 00000000 ___RD () C:\Users\Amandine\Dropbox 2015-03-15 20:52 - 2014-10-27 19:28 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\Dropbox 2015-03-15 20:51 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\HPQLOG 2015-03-15 20:50 - 2012-09-29 07:46 - 00288724 _____ () C:\windows\PFRO.log 2015-03-15 20:50 - 2012-09-29 07:46 - 00064792 _____ () C:\windows\setupact.log 2015-03-15 20:50 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-03-15 20:48 - 2013-01-04 16:18 - 00001090 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3494486946-2990348000-502095539-1001UA.job 2015-03-15 20:48 - 2013-01-04 16:18 - 00001038 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3494486946-2990348000-502095539-1001Core.job 2015-03-15 20:48 - 2012-08-19 22:15 - 00001002 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-03-11 22:07 - 2012-06-15 21:59 - 00001175 _____ () C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-11 21:26 - 2012-06-15 21:43 - 00000000 ____D () C:\Users\Amandine 2015-03-11 21:26 - 2009-07-14 03:34 - 00000580 _____ () C:\windows\win.ini 2015-03-11 21:05 - 2013-11-29 10:40 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-10 19:44 - 2014-11-23 16:07 - 00000118 _____ () C:\Users\Amandine\AppData\Local\recently-fix.db 2015-03-10 19:08 - 2012-06-15 23:21 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-10 18:39 - 2010-12-07 13:05 - 00000000 ____D () C:\ProgramData\PDFC 2015-03-10 18:29 - 2012-09-18 21:21 - 00000000 ____D () C:\Users\Amandine\AppData\Local\CrashDumps 2015-03-10 17:53 - 2014-10-27 19:32 - 00001029 _____ () C:\Users\Amandine\Desktop\Dropbox.lnk 2015-03-10 17:53 - 2014-10-27 19:31 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-07 13:14 - 2010-12-07 13:01 - 00702650 _____ () C:\windows\system32\perfh00C.dat 2015-03-07 13:14 - 2010-12-07 13:01 - 00129748 _____ () C:\windows\system32\perfc00C.dat 2015-03-07 13:14 - 2009-07-14 06:13 - 01565540 _____ () C:\windows\system32\PerfStringBackup.INI 2015-03-07 11:21 - 2013-09-15 15:20 - 00000000 ____D () C:\Users\Amandine\Documents\Informations perso 2015-03-05 23:17 - 2014-03-04 11:48 - 00000000 ____D () C:\Users\Amandine\Documents\RECHERCHES 2015-03-05 22:34 - 2012-07-05 20:46 - 00947200 ___SH () C:\Users\Amandine\Downloads\Thumbs.db 2015-03-04 20:49 - 2014-10-15 21:19 - 00000000 ____D () C:\Users\Amandine\Documents\TCRH 2015-03-03 14:17 - 2012-06-15 22:32 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-02-26 18:19 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing 2015-02-24 20:42 - 2012-07-09 18:36 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForAmandine 2015-02-24 20:42 - 2012-07-09 18:36 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForAmandine.job 2015-02-23 21:10 - 2012-09-18 21:14 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\CorelHomeOffice 2015-02-23 21:09 - 2012-09-18 21:14 - 00002516 ___SH () C:\ProgramData\KGyGaAvL.sys 2015-02-23 21:09 - 2012-09-18 21:14 - 00000088 __RSH () C:\ProgramData\2120BE8EA9.sys 2015-02-22 18:53 - 2015-01-22 21:51 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\M3dJOXh 2015-02-22 18:53 - 2014-11-22 22:11 - 00000000 ____D () C:\Users\Amandine\AppData\Roaming\25CImBP 2015-02-13 09:28 - 2012-09-29 07:46 - 00437688 _____ () C:\windows\system32\FNTCACHE.DAT 2015-02-13 09:25 - 2014-12-24 19:35 - 00000000 ____D () C:\windows\system32\appraiser 2015-02-13 09:25 - 2014-05-09 12:41 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-02-13 09:04 - 2012-06-15 22:13 - 00001912 _____ () C:\windows\epplauncher.mif 2015-02-13 09:04 - 2012-06-15 22:12 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-13 09:04 - 2012-06-15 22:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-13 09:03 - 2012-06-15 22:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client ==================== Files in the root of some directories ======= 2012-07-09 20:30 - 2012-07-09 20:30 - 0000006 _____ () C:\Program Files (x86)\Common Files\WPVersion.txt 2014-12-30 17:08 - 2014-12-30 17:08 - 0003584 _____ () C:\Users\Amandine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-07 18:52 - 2015-03-07 18:52 - 0613255 _____ (CMI Limited) C:\Users\Amandine\AppData\Local\nsn3CC.tmp 2014-11-23 16:07 - 2015-03-10 19:44 - 0000118 _____ () C:\Users\Amandine\AppData\Local\recently-fix.db 2012-09-18 21:14 - 2015-02-23 21:09 - 0000088 __RSH () C:\ProgramData\2120BE8EA9.sys 2014-01-04 17:41 - 2014-01-04 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-09-18 21:14 - 2015-02-23 21:09 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys Some content of TEMP: ==================== C:\Users\Amandine\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.dll C:\Users\Amandine\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.exe C:\Users\Amandine\AppData\Local\Temp\3668.exe C:\Users\Amandine\AppData\Local\Temp\6165.exe C:\Users\Amandine\AppData\Local\Temp\A39437BA-EF23-7C17-A1D9-1FC617AF6386.exe C:\Users\Amandine\AppData\Local\Temp\BackupSetup.exe C:\Users\Amandine\AppData\Local\Temp\bitool.dll C:\Users\Amandine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplqn6y.dll C:\Users\Amandine\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Amandine\AppData\Local\Temp\nsbE616.exe C:\Users\Amandine\AppData\Local\Temp\nsc2B86.exe C:\Users\Amandine\AppData\Local\Temp\nsc8AE6.exe C:\Users\Amandine\AppData\Local\Temp\nsf8B99.exe C:\Users\Amandine\AppData\Local\Temp\nsg22DA.exe C:\Users\Amandine\AppData\Local\Temp\nsh2F9C.exe C:\Users\Amandine\AppData\Local\Temp\nsq3D8B.exe C:\Users\Amandine\AppData\Local\Temp\nsqB859.exe C:\Users\Amandine\AppData\Local\Temp\nsrDF71.exe C:\Users\Amandine\AppData\Local\Temp\nss8EED.exe C:\Users\Amandine\AppData\Local\Temp\nsu853A.exe C:\Users\Amandine\AppData\Local\Temp\nsv3437.exe C:\Users\Amandine\AppData\Local\Temp\nsvABAB.exe C:\Users\Amandine\AppData\Local\Temp\nsw2951.exe C:\Users\Amandine\AppData\Local\Temp\nsxA94F.exe C:\Users\Amandine\AppData\Local\Temp\OnlineBackup.exe C:\Users\Amandine\AppData\Local\Temp\optsetup.exe C:\Users\Amandine\AppData\Local\Temp\qEf9AF7.exe C:\Users\Amandine\AppData\Local\Temp\Quarantine.exe C:\Users\Amandine\AppData\Local\Temp\Resource.exe C:\Users\Amandine\AppData\Local\Temp\setupWizard.exe C:\Users\Amandine\AppData\Local\Temp\sp58915.exe C:\Users\Amandine\AppData\Local\Temp\SpOrder.dll C:\Users\Amandine\AppData\Local\Temp\SQLite.dll C:\Users\Amandine\AppData\Local\Temp\sqlite3.dll C:\Users\Amandine\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Amandine\AppData\Local\Temp\unzip.exe C:\Users\Amandine\AppData\Local\Temp\~bsrufyi.exe C:\Users\Amandine\AppData\Local\Temp\~fyalyua.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-04 11:26 ==================== End Of Log ============================