Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01 Ran by Mazi (administrator) on MAZI-PC on 28-05-2015 17:01:05 Running from C:\Users\Mazi\Desktop Loaded Profiles: Mazi & UpdatusUser (Available Profiles: Mazi & UpdatusUser) Platform: Microsoft Windows 7 Édition Intégrale (X86) OS Language: Français (France) Internet Explorer Version 9 (Default browser path: "C:\Program Files\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ClaraLabs) C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (iCinema) C:\Program Files\I - Cinema\03740980-0cfd-4ede-baa0-6a0d519b8476-6.exe (iCinema) C:\Program Files\I - Cinema\03740980-0cfd-4ede-baa0-6a0d519b8476-10.exe (iCinema) C:\Program Files\I - Cinema\03740980-0cfd-4ede-baa0-6a0d519b8476-1-6.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe () C:\Users\Mazi\AppData\Local\gmsd_fr_578\upgmsd_fr_578.exe () C:\Program Files\gmsd_fr_578\gmsd_fr_578.exe (Opera Software) C:\Program Files\Opera\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Spykey] => C:\Users\Mazi\Downloads\Spykey.exe [169840 2010-11-03] (The Spykey Team) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [gmsd_fr_571] => "C:\Program Files\gmsd_fr_571\gmsd_fr_571.exe" HKLM\...\Run: [gmsd_fr_569] => "C:\Program Files\gmsd_fr_569\gmsd_fr_569.exe" HKLM\...\Run: [gmsd_fr_579] => [X] HKLM\...\Run: [gmsd_fr_578] => C:\Program Files\gmsd_fr_578\gmsd_fr_578.exe [3980968 2015-05-26] () HKLM\...\RunOnce: [upgmsd_fr_578.exe] => C:\Users\Mazi\AppData\Local\gmsd_fr_578\upgmsd_fr_578.exe [3288520 2015-05-26] () HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-941474947-1101879431-2883593184-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation) HKU\S-1-5-21-941474947-1101879431-2883593184-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team) HKU\S-1-5-21-941474947-1101879431-2883593184-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-941474947-1101879431-2883593184-1000\...\MountPoints2: {2ea21340-fb3f-11e0-9c91-806e6f6e6963} - H:\Autorun.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp HKU\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm HKU\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2&q={searchTerms} SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-941474947-1101879431-2883593184-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=395049983_266162_427DA0E2&ts=1432751214&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-941474947-1101879431-2883593184-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=395049983_266162_427DA0E2&ts=1432751214&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-941474947-1101879431-2883593184-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=395049983_266162_427DA0E2&ts=1432751214&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-941474947-1101879431-2883593184-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=395049983_266162_427DA0E2&ts=1432751214&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-941474947-1101879431-2883593184-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=395049983_266162_427DA0E2&ts=1432751214&type=default&q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Edu App 1.0.0.7 -> {cf07d83b-d1b0-4642-b955-e7eb9b9cf5b3} -> C:\Program Files\Edu App\EduAppbho.dll [2015-05-27] (Edu App) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Winsock: Catalog5 000000000001 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 000000000002 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 000000000007 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corp.) Winsock: Catalog5 000000000008 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2 FireFox: ======== FF ProfilePath: C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default FF DefaultSearchEngine: Trovi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] () FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-11-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-11-06] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Mazi\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation) FF Extension: SNT - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\Extensions\e_iiioi@kcy-aii.com [2014-05-25] FF Extension: sbconformingmasahalinfo - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\Extensions\sbconforming@masahal.info [2015-05-08] FF Extension: winservice86 - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\Extensions\taylorralston@hotmail.com [2014-09-16] FF Extension: Savings Wizard - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\Extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C} [2014-07-03] FF Extension: c4080853c6994120b8e0618bff8a4474 - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [2015-05-14] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release115.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release115\ff FF HKLM\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha4667.net] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha4667\ff FF HKU\S-1-5-21-941474947-1101879431-2883593184-1000\...\Firefox\Extensions: [{E634117B-33A8-4C70-8210-198010F03834}] - C:\Users\Mazi\AppData\Roaming\07003.115 FF Extension: Java Link Helper - C:\Users\Mazi\AppData\Roaming\07003.115 [2013-11-06] FF Extension: No Name - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\extensions\faststartff@gmail.com [not found] FF Extension: No Name - C:\Users\Mazi\AppData\Roaming\Mozilla\Firefox\Profiles\xmtcd1sr.default\extensions\quick_searchff@gmail.com [not found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-04-10] <==== ATTENTION Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Mazi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Mazi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2015-05-26] CHR Extension: (No Name) - C:\Users\Mazi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk [2015-05-27] CHR Extension: (No Name) - C:\Users\Mazi\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhkmcfanijhphphomamdkaejjadkhgn [2015-05-27] CHR HKLM\...\Chrome\Extension: [fmgcacdoiabejjobhmhdhbifobmefnfk] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release115\ch\RichMediaViewV1release115.crx [Not Found] CHR HKLM\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM\...\Chrome\Extension: [nfcfkgcdgpcjpagdjegdjpglblcllimo] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode8657\ch\MediaBuzzV1mode8657.crx [Not Found] CHR HKLM\...\Chrome\Extension: [pigmnjdjbekfpnfmblhnhfogbdmbcnif] - C:\ProgramData\Browse2save\pigmnjdjbekfpnfmblhnhfogbdmbcnif.crx [Not Found] StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2 Opera: ======= OPR Extension: (cnhdjbfjheoohmhpakglckehdcgfffbl) - C:\Users\Mazi\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2015-05-26] OPR Extension: (I - Cinema) - C:\Users\Mazi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk [2015-05-27] OPR Extension: (Assist Point) - C:\Users\Mazi\AppData\Roaming\Opera Software\Opera Stable\Extensions\gddfnoocepfjlafagonbpkmocgofkdna [2015-05-01] OPR Extension: (iilcekgoelpgecpjnnoikhbleipnjdhf) - C:\Users\Mazi\AppData\Roaming\Opera Software\Opera Stable\Extensions\iilcekgoelpgecpjnnoikhbleipnjdhf [2015-05-14] OPR Extension: (oipgklkggfaokcoipmecomffdpebimle) - C:\Users\Mazi\AppData\Roaming\Opera Software\Opera Stable\Extensions\oipgklkggfaokcoipmecomffdpebimle [2015-05-09] OPR Extension: (winservice86) - C:\Users\Mazi\AppData\Roaming\Opera Software\Opera Stable\Extensions\onhcengeacabehdkdhbdcigfolmmakof [2014-10-12] StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe http://www.mystartsearch.com/?type=sc&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2 ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ClaraUpdater; C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe [887376 2015-05-27] (ClaraLabs) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370620 2009-12-23] (StarWind Software) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40736 2013-11-27] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.) S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [18944 2013-04-24] (Windows (R) Win 7 DDK provider) S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [431672 2011-05-20] () [File not signed] S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2015-05-04] (The OpenVPN Project) S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed] S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2012-04-27] (Texas Instruments) U3 ayvzedq5; C:\Windows\system32\Drivers\ayvzedq5.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) S3 cpuz134; \??\C:\Users\Mazi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S1 ngiym2v2m3nibgf; system32\drivers\ngiym2v2m3nibgf.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 17:01 - 2015-05-28 17:01 - 00017422 _____ () C:\Users\Mazi\Desktop\FRST.txt 2015-05-28 17:00 - 2015-05-28 17:01 - 00000000 ____D () C:\FRST 2015-05-28 16:59 - 2015-05-28 16:59 - 01147392 _____ (Farbar) C:\Users\Mazi\Desktop\FRST.exe 2015-05-28 13:21 - 2015-05-28 13:21 - 00022335 _____ () C:\Users\Mazi\Desktop\RKreport_DEL_05282015_132053.log 2015-05-28 13:20 - 2015-05-28 16:26 - 00000000 ____D () C:\Users\Mazi\AppData\Local\gmsd_fr_578 2015-05-28 13:20 - 2015-05-28 13:20 - 00000000 ____D () C:\Program Files\gmsd_fr_578 2015-05-28 13:04 - 2015-05-28 13:04 - 03480040 _____ (McAfee, Inc.) C:\Users\Mazi\Desktop\MCPR.exe 2015-05-28 12:48 - 2015-05-28 12:48 - 00022033 _____ () C:\Users\Mazi\Desktop\Rapport RogueKiller.txt 2015-05-28 12:38 - 2015-05-28 12:38 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\mystartsearch 2015-05-28 12:38 - 2015-05-28 12:38 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer 2015-05-28 12:38 - 2015-05-28 12:38 - 00000000 ____D () C:\Program Files\predm 2015-05-28 12:38 - 2015-05-28 12:38 - 00000000 ____D () C:\Program Files\GUPlayer 2015-05-28 12:21 - 2015-05-28 12:21 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{C4D5BF44-D3A8-4E92-B9D6-3FC9678B1E42} 2015-05-27 23:32 - 2015-05-27 23:32 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{9FA665CC-1794-4ACF-ADC0-0A03AFEA5276} 2015-05-27 21:31 - 2015-05-28 12:43 - 00000000 ____D () C:\Users\Mazi\AppData\Local\CrashDumps 2015-05-27 21:29 - 2015-05-28 13:12 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-05-27 21:29 - 2015-05-27 21:37 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-27 21:18 - 2015-05-27 21:19 - 00000128 _____ () C:\Windows\Reimage.ini 2015-05-27 21:14 - 2015-05-28 16:14 - 00005826 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-6.job 2015-05-27 21:14 - 2015-05-28 16:14 - 00003102 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-1-6.job 2015-05-27 21:14 - 2015-05-28 16:14 - 00002076 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-10_user.job 2015-05-27 21:14 - 2015-05-28 15:14 - 00005482 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-7.job 2015-05-27 21:14 - 2015-05-28 15:14 - 00005148 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-11.job 2015-05-27 21:14 - 2015-05-28 15:14 - 00004458 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-3.job 2015-05-27 21:14 - 2015-05-28 15:14 - 00003438 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-1-7.job 2015-05-27 21:14 - 2015-05-28 15:14 - 00002754 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-5_user.job 2015-05-27 21:14 - 2015-05-28 15:14 - 00002754 _____ () C:\Windows\Tasks\03740980-0cfd-4ede-baa0-6a0d519b8476-5.job 2015-05-27 21:14 - 2015-05-27 21:14 - 00000000 ____D () C:\Program Files\I - Cinema 2015-05-27 21:14 - 2015-05-27 21:14 - 00000000 ____D () C:\Program Files\bf3902a6-1f7b-48a2-a960-2125170239db 2015-05-27 21:13 - 2015-05-27 21:14 - 00000892 _____ () C:\Windows\system32\${LOGFILE} 2015-05-27 21:13 - 2015-05-27 21:13 - 00007862 _____ () C:\claraInstaller.txt 2015-05-27 21:13 - 2015-05-27 21:13 - 00000000 ____D () C:\Users\Mazi\AppData\Local\BoBrowser 2015-05-27 21:13 - 2015-05-27 21:13 - 00000000 ____D () C:\Program Files\Common Files\ClaraUpdater 2015-05-27 21:12 - 2015-05-27 21:12 - 00000000 ____D () C:\ProgramData\f6ab02470000049d 2015-05-27 20:39 - 2015-05-28 15:19 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-05-27 20:39 - 2015-05-27 20:39 - 00000000 ____D () C:\Program Files\Edu App 2015-05-27 20:38 - 2015-05-28 13:09 - 00000896 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-05-27 20:38 - 2015-05-28 12:36 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\WTools 2015-05-27 20:38 - 2015-05-28 12:30 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Store 2015-05-27 20:38 - 2015-05-27 20:38 - 00000078 _____ () C:\Users\Mazi\AppData\Roaming\WindApp.installation.log 2015-05-27 20:38 - 2015-05-27 20:38 - 00000078 _____ () C:\Users\Mazi\AppData\Roaming\Selection Tools.installation.log 2015-05-27 20:38 - 2015-05-27 20:38 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Crossbrowse 2015-05-27 20:38 - 2015-05-27 20:38 - 00000000 ____D () C:\Users\Mazi\AppData\Local\globalUpdate 2015-05-27 20:38 - 2015-05-27 20:38 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Crossbrowse 2015-05-27 20:38 - 2015-05-27 20:38 - 00000000 ____D () C:\Users\Invité\AppData\Local\Crossbrowse 2015-05-27 20:38 - 2015-05-27 20:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse 2015-05-27 20:38 - 2015-05-27 20:38 - 00000000 ____D () C:\Users\Administrateur\AppData\Local\Crossbrowse 2015-05-27 20:37 - 2015-05-27 21:14 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Nosibay 2015-05-27 20:37 - 2015-05-27 20:38 - 00005708 _____ () C:\Users\Mazi\AppData\Roaming\Bubble Dock.installation.log 2015-05-27 20:37 - 2015-05-27 20:38 - 00001306 _____ () C:\Users\Mazi\AppData\Roaming\Bubble Dock.boostrap.log 2015-05-27 20:37 - 2015-05-27 20:37 - 00000097 _____ () C:\Users\Mazi\AppData\Roaming\WindApp.boostrap.log 2015-05-27 20:26 - 2015-05-27 21:11 - 00000000 ____D () C:\Users\Mazi\AppData\Local\SmartWeb 2015-05-27 20:26 - 2015-05-27 20:27 - 00000000 ____D () C:\Program Files\XTab 2015-05-27 20:26 - 2015-05-27 20:26 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\oursurfing 2015-05-27 20:26 - 2015-05-27 20:26 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-05-27 20:26 - 2015-05-27 20:26 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-05-27 19:56 - 2015-05-27 19:56 - 00015512 _____ () C:\Users\Mazi\Desktop\AdwCleaner[S2].txt 2015-05-27 19:44 - 2015-05-27 19:44 - 00585180 _____ () C:\Users\Mazi\Desktop\ZHPCleaner.txt 2015-05-27 19:30 - 2015-05-28 12:58 - 00000828 _____ () C:\Users\Mazi\Desktop\ZHPCleaner.lnk 2015-05-27 19:30 - 2015-05-27 19:30 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Opera Software 2015-05-27 16:38 - 2015-05-27 16:38 - 00001933 _____ () C:\Users\Mazi\Desktop\ZHPFix.lnk 2015-05-27 16:38 - 2015-05-27 16:38 - 00001806 _____ () C:\Users\Mazi\Desktop\ZHPDiag.lnk 2015-05-27 16:38 - 2015-05-27 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-05-27 15:54 - 2015-05-28 12:38 - 00002061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-05-27 15:54 - 2015-05-28 12:38 - 00002049 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-05-27 12:27 - 2015-05-27 12:27 - 00157977 _____ () C:\Users\Mazi\Desktop\ZHPDiag.txt 2015-05-27 12:26 - 2015-05-27 12:26 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2015-05-27 12:18 - 2015-05-27 16:38 - 00000000 ____D () C:\Program Files\ZHPDiag 2015-05-27 12:03 - 2015-05-27 12:03 - 00613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsh7F5D.tmp 2015-05-27 11:31 - 2015-05-27 11:31 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{0B42B49E-2534-4575-9A19-7E030893F291} 2015-05-26 23:41 - 2015-05-26 23:41 - 00613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nss738.tmp 2015-05-26 23:40 - 2015-05-27 21:18 - 00000000 ____D () C:\Program Files\8eb6b49d-3c54-4bc8-9a37-e9d20ec0bba8 2015-05-26 23:08 - 2015-05-26 23:08 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{F8AA5C91-6E35-419E-B699-22CECE7CCF43} 2015-05-25 20:21 - 2015-05-25 20:21 - 00613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsaBE62.tmp 2015-05-25 17:40 - 2015-05-25 17:40 - 00000000 ____D () C:\ProgramData\99ddd194860b49de9c3d4fa67f327de5 2015-05-25 16:18 - 2015-05-25 16:18 - 00613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsx95AB.tmp 2015-05-25 15:14 - 2015-05-25 15:14 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{17CD3238-89CA-451C-80A0-05C9A48F7A64} 2015-05-25 00:22 - 2015-05-25 00:22 - 00613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsj638F.tmp 2015-05-24 18:05 - 2015-05-24 18:05 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Skype 2015-05-24 13:21 - 2015-05-25 01:22 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{DFB5D40D-7AFA-4615-85EA-1D4B97EE9CD1} 2015-05-23 11:48 - 2015-05-23 23:49 - 00000000 ____D () C:\Users\Mazi\AppData\Local\{0B903D86-EC83-4EF5-B363-40B5250856F1} 2015-05-23 11:47 - 2015-05-23 19:31 - 00000000 ____D () C:\Users\Mazi\AppData\Local\VirtualStore 2015-05-23 11:47 - 2015-05-23 11:47 - 00071224 _____ () C:\Users\Mazi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-23 00:04 - 2015-05-23 00:04 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Adobe 2015-05-22 19:41 - 2015-05-27 19:30 - 01840640 _____ () C:\Users\Mazi\ZHPCleaner.exe 2015-05-22 16:30 - 2015-05-28 12:58 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\ZHP 2015-05-22 13:40 - 2015-05-22 13:44 - 00000000 ____D () C:\ProgramData\wVerUb 2015-05-21 15:54 - 2015-05-28 12:38 - 00001226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk 2015-05-21 00:31 - 2015-05-21 00:31 - 00000000 ____D () C:\ProgramData\Ruussiafkabar 2015-05-20 20:27 - 2015-05-20 20:27 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Picexa Viewer 2015-05-20 19:20 - 2015-05-20 19:20 - 00000000 ____D () C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 2015-05-20 19:20 - 2015-05-20 19:20 - 00000000 ____D () C:\ProgramData\10311bf341d64c51bba171380dae5e03 2015-05-16 13:39 - 2015-05-22 13:35 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Desktop Search 2015-05-14 22:09 - 2015-05-28 13:08 - 00001736 _____ () C:\Windows\setupact.log 2015-05-14 22:09 - 2015-05-28 12:54 - 00086658 _____ () C:\Windows\PFRO.log 2015-05-14 22:09 - 2015-05-14 22:09 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-14 20:59 - 2015-05-14 20:59 - 06484352 _____ (Piriform Ltd) C:\Users\Mazi\Downloads\ccsetup505 [1].exe 2015-05-14 16:01 - 2015-05-14 16:01 - 00013524 _____ () C:\Windows\system32\cfg 2015-05-13 21:00 - 2015-05-13 21:00 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\00000000-1431543630-0000-0000-6C626D9EA8C0 2015-05-13 21:00 - 2015-05-13 21:00 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\00000000-1431543620-0000-0000-6C626D9EA8C0 2015-05-11 21:44 - 2015-05-11 21:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-11 21:44 - 2015-05-11 21:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-11 19:45 - 2015-05-11 19:45 - 00000000 ____D () C:\Windows\system32\Flash 2015-05-11 18:30 - 2015-05-27 18:27 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0 2015-05-11 18:26 - 2015-05-11 18:26 - 00000000 ____D () C:\Users\Mazi\A8B9466986544126BD28D0D2412CDED6.TMP 2015-05-11 18:13 - 2015-05-27 16:31 - 00000000 ____D () C:\ProgramData\b6b45000002a98 2015-05-10 22:39 - 2015-05-10 22:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Opera Software 2015-05-10 14:36 - 2015-05-10 14:36 - 33411912 _____ (Opera Software) C:\Users\Mazi\Downloads\opera_29_fr_18773 [1].exe 2015-05-10 13:22 - 2015-05-10 13:22 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Voisinage réseau 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Voisinage d'impression 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Modèles 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Menu Démarrer 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Mes vidéos 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Mes images 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Ma musique 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes 2015-05-10 13:22 - 2015-05-10 13:22 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Historique 2015-05-10 13:22 - 2013-12-09 01:26 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia 2015-05-10 13:22 - 2013-07-17 15:01 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google 2015-05-10 13:22 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-10 13:22 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-10 13:21 - 2015-05-10 13:22 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-10 13:21 - 2013-02-19 21:33 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-05-10 13:21 - 2013-01-31 11:01 - 03970848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-05-10 13:21 - 2013-01-31 11:01 - 02859296 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll 2015-05-10 13:21 - 2013-01-31 11:00 - 02557728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-05-10 13:21 - 2013-01-31 11:00 - 00634656 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-05-10 13:21 - 2013-01-31 11:00 - 00108832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-05-10 13:21 - 2013-01-31 11:00 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-05-10 13:20 - 2015-05-10 13:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-05-10 13:20 - 2015-05-10 13:20 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-05-10 13:10 - 2015-05-10 13:10 - 00000000 ____D () C:\Users\Mazi\Documents\Optimizer Pro 2015-05-09 14:05 - 2015-05-09 14:05 - 00000000 ____D () C:\Program Files\Talking Tom Cat 4 2015-05-04 20:01 - 2015-05-04 20:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Crossbrowse 2015-05-04 20:01 - 2015-05-04 20:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Crossbrowse 2015-05-04 19:26 - 2015-05-04 19:26 - 00023040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2015-05-04 19:26 - 2015-05-04 19:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf 2015-05-04 19:26 - 2015-05-04 19:26 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\EasyVpn 2015-05-04 19:26 - 2015-05-04 19:26 - 00000000 ____D () C:\Program Files\Teal Kitty 2015-05-04 19:25 - 2015-05-27 14:41 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\ngyyy2vxm2tibwf 2015-05-04 19:12 - 2015-05-04 19:12 - 00000000 ____D () C:\Users\Mazi\Documents\ProPCCleaner 2015-04-20 16:05 - 2015-04-20 16:05 - 01579520 _____ () C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK.exe 2015-04-19 14:20 - 2015-04-19 14:20 - 00005872 _____ () C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK 2015-04-18 01:43 - 2015-04-18 02:26 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-04-18 01:32 - 2015-05-04 19:12 - 00000020 _____ () C:\Users\Mazi\AppData\Roaming\appdataFr3.bin 2015-04-18 01:30 - 2015-04-18 01:30 - 88323920 _____ (Apple Inc.) C:\Users\Mazi\Downloads\iTunesSetup.exe 2015-04-17 00:31 - 2015-04-18 02:26 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-04-13 00:52 - 2015-05-11 17:29 - 00000000 ____D () C:\ProgramData\895660228918991537 2015-04-09 20:14 - 2015-04-09 17:50 - 00000000 ____D () C:\Users\Mazi\Desktop\Booba 2015-04-05 20:32 - 2015-04-05 20:33 - 00000000 ____D () C:\Converted Audio Files 2015-03-24 12:37 - 2015-03-28 14:23 - 00000000 ____D () C:\Users\Mazi\Desktop\Future - Monster (DatPiff.com) 2015-03-23 21:58 - 2015-05-28 13:08 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-03-23 20:59 - 2015-03-23 20:59 - 00000000 ____D () C:\Program Files\233ef4a7-f2dc-4b07-9e2b-94dc075461d7 2015-03-21 15:32 - 2015-02-22 15:33 - 00000000 ____D () C:\Users\Mazi\Desktop\Big_Sean_-_Dark_Sky_Paradise_2015 2015-03-20 22:52 - 2014-12-30 08:17 - 00000000 ____D () C:\Users\Mazi\Desktop\www.NewAlbumReleases.net_Rae Sremmurd - SremmLife (2015) 2015-03-06 20:29 - 2015-03-06 20:31 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Synthesia 2015-03-05 20:47 - 2015-03-05 20:47 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\TI-Nspire 2015-03-05 20:46 - 2015-03-05 20:46 - 00002288 _____ () C:\Users\Public\Desktop\TI-Nspire CAS Student Software.lnk 2015-03-05 20:46 - 2015-03-05 20:46 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel 2015-03-05 20:45 - 2015-03-05 20:46 - 00000000 ____D () C:\Windows\SysWOW64 2015-03-05 20:45 - 2015-03-05 20:45 - 00000000 ____D () C:\ProgramData\TI-Nspire CAS ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 16:33 - 2010-10-18 15:59 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-28 16:30 - 2010-10-13 04:32 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Skype 2015-05-28 15:52 - 2011-05-14 23:17 - 01697559 _____ () C:\Windows\WindowsUpdate.log 2015-05-28 13:16 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-28 13:16 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-28 13:08 - 2010-10-18 15:59 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-28 13:08 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-28 12:52 - 2011-10-25 00:18 - 00000000 ____D () C:\Windows\system32\config\Mazi 2015-05-28 12:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\config\Journal 2015-05-28 12:38 - 2011-05-14 23:18 - 00001703 _____ () C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-28 00:52 - 2014-08-14 23:49 - 00000000 ___RD () C:\Program Files\Skype 2015-05-28 00:26 - 2010-12-01 01:49 - 03450880 ___SH () C:\Users\Mazi\Desktop\Thumbs.db 2015-05-27 19:54 - 2014-07-02 19:37 - 00000000 ____D () C:\AdwCleaner 2015-05-27 19:30 - 2011-05-14 23:17 - 00000000 ____D () C:\Users\Mazi 2015-05-27 16:23 - 2013-11-09 18:44 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-27 15:54 - 2010-12-14 03:38 - 00000000 ____D () C:\Program Files\Opera 2015-05-27 11:30 - 2011-10-20 19:19 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Google 2015-05-23 11:48 - 2011-05-14 18:58 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Windows Live 2015-05-22 19:38 - 2011-05-14 17:40 - 00000000 ____D () C:\Users\Mazi\AppData\Local\Mozilla 2015-05-20 19:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fr-FR 2015-05-20 19:47 - 2011-05-14 17:22 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-17 22:18 - 2014-11-26 21:40 - 00000000 ____D () C:\Users\Mazi\Desktop\ii 2015-05-14 23:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-05-14 22:40 - 2011-05-17 22:04 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\vlc 2015-05-14 21:53 - 2011-10-14 15:41 - 00000000 ____D () C:\Windows\Minidump 2015-05-14 21:53 - 2011-05-15 00:10 - 00000000 ____D () C:\Windows\Panther 2015-05-14 19:57 - 2013-10-31 18:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-13 19:06 - 2011-05-07 19:02 - 00000000 ____D () C:\Program Files\Acoustica MP3 To Wave Converter PLUS 2015-05-13 19:00 - 2013-05-04 17:39 - 00000000 ____D () C:\Users\Mazi\Desktop\Booba - 0.9 110kbps 2015-05-11 18:25 - 2011-05-05 13:57 - 00000000 ____D () C:\Program Files\Audacity 2015-05-11 18:25 - 2011-01-11 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead 2015-05-11 18:25 - 2011-01-11 13:30 - 00000000 ____D () C:\Program Files\Propellerhead 2015-05-11 18:24 - 2011-05-21 00:44 - 00000000 ____D () C:\Program Files\Canon 2015-05-11 18:21 - 2013-10-22 17:36 - 00000000 ____D () C:\Program Files\DSPRobotics 2015-05-11 18:19 - 2011-10-20 19:42 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-05-11 18:16 - 2014-10-09 19:46 - 00000000 ____D () C:\Program Files\Samsung 2015-05-11 18:16 - 2014-04-09 00:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-05-11 18:07 - 2010-11-05 14:08 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2015-05-11 18:07 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2015-05-10 21:47 - 2011-05-14 17:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-10 21:23 - 2013-09-26 00:44 - 00000000 __SHD () C:\Windows\system32\MSDCSC 2015-05-10 19:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-10 18:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-05-10 18:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-05-10 15:34 - 2009-07-14 06:33 - 00353136 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-10 15:21 - 2012-09-04 22:41 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ 2015-05-10 15:21 - 2012-09-04 22:41 - 00000000 ____D () C:\Program Files\VirtualDJ 2015-05-10 14:47 - 2013-10-22 17:36 - 00000000 ____D () C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2015-05-10 13:27 - 2010-10-13 04:30 - 00000000 ____D () C:\ProgramData\Skype 2015-05-10 13:21 - 2014-04-06 00:16 - 00000000 ____D () C:\temp 2015-05-10 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2015-05-06 16:43 - 2011-05-14 19:02 - 00000000 ____D () C:\Program Files\Windows Live 2015-05-01 16:23 - 2014-04-02 16:26 - 00001716 __RSH () C:\ProgramData\ntuser.pol ==================== Files in the root of some directories ======= 2010-11-07 21:15 - 2013-01-06 03:36 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt 2013-07-12 21:48 - 2013-09-25 18:32 - 0000050 _____ () C:\Users\Mazi\AppData\Roaming\AcroIEHelpe.txt 2013-09-25 18:32 - 2013-09-25 18:32 - 0367712 _____ () C:\Users\Mazi\AppData\Roaming\AcroIEHelpe006288.dll 2013-04-27 11:35 - 2013-04-27 12:58 - 0000004 _____ () C:\Users\Mazi\AppData\Roaming\AltShell.ini 2015-04-18 01:32 - 2015-05-04 19:12 - 0000020 _____ () C:\Users\Mazi\AppData\Roaming\appdataFr3.bin 2013-07-12 21:48 - 2013-07-12 21:48 - 0007496 _____ () C:\Users\Mazi\AppData\Roaming\BAcroIEHelpe005285.dll 2013-09-25 18:32 - 2013-09-25 18:32 - 0007496 _____ () C:\Users\Mazi\AppData\Roaming\BAcroIEHelpe006288.dll 2015-05-27 20:37 - 2015-05-27 20:38 - 0001306 _____ () C:\Users\Mazi\AppData\Roaming\Bubble Dock.boostrap.log 2015-05-27 20:37 - 2015-05-27 20:38 - 0005708 _____ () C:\Users\Mazi\AppData\Roaming\Bubble Dock.installation.log 2011-06-30 15:57 - 2011-10-20 19:42 - 0000000 _____ () C:\Users\Mazi\AppData\Roaming\chrtmp 2013-07-12 21:47 - 2013-07-12 21:47 - 0552126 _____ () C:\Users\Mazi\AppData\Roaming\dict.txt 2013-07-12 21:47 - 2013-07-12 21:47 - 0001308 _____ () C:\Users\Mazi\AppData\Roaming\jserv.txt 2005-04-08 04:16 - 2012-09-18 23:15 - 0009317 ____H () C:\Users\Mazi\AppData\Roaming\Mazilog.dat 2013-07-12 21:48 - 2013-07-12 21:48 - 0000356 _____ () C:\Users\Mazi\AppData\Roaming\rost.dat 2015-05-27 20:38 - 2015-05-27 20:38 - 0000078 _____ () C:\Users\Mazi\AppData\Roaming\Selection Tools.installation.log 2013-07-12 21:46 - 2013-07-12 21:46 - 0000260 _____ () C:\Users\Mazi\AppData\Roaming\srvblck5.tmp 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK.exe 2014-01-14 01:56 - 2014-07-30 00:16 - 0000128 _____ () C:\Users\Mazi\AppData\Roaming\WB.CFG 2015-05-27 20:37 - 2015-05-27 20:37 - 0000097 _____ () C:\Users\Mazi\AppData\Roaming\WindApp.boostrap.log 2015-05-27 20:38 - 2015-05-27 20:38 - 0000078 _____ () C:\Users\Mazi\AppData\Roaming\WindApp.installation.log 2013-09-13 17:04 - 2013-11-05 18:05 - 0065536 _____ () C:\Users\Mazi\AppData\Roaming\xmtcd1sr.default.dat 2013-11-09 17:51 - 2013-11-09 17:56 - 0000000 _____ () C:\Users\Mazi\AppData\Roaming\xmtcd1sr.default.tmp 2015-05-25 20:21 - 2015-05-25 20:21 - 0613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsaBE62.tmp 2015-05-27 12:03 - 2015-05-27 12:03 - 0613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsh7F5D.tmp 2015-05-25 00:22 - 2015-05-25 00:22 - 0613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsj638F.tmp 2015-05-26 23:41 - 2015-05-26 23:41 - 0613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nss738.tmp 2015-05-25 16:18 - 2015-05-25 16:18 - 0613255 _____ (CMI Limited) C:\Users\Mazi\AppData\Local\nsx95AB.tmp 2009-07-14 01:41 - 2009-07-14 03:14 - 0848709 __RSH () C:\ProgramData\ADService 2014-04-09 00:27 - 2014-04-09 00:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-08 15:33 - 2013-11-09 17:56 - 0000000 _____ () C:\ProgramData\j7t84bjw.fvv 2013-01-06 03:36 - 2013-01-06 03:36 - 0000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Files to move or delete: ==================== C:\ProgramData\j7t84bjw.fvv C:\Users\Mazi\ZHPCleaner.exe C:\Users\Mazi\AppData\Roaming\AltShell.ini Some files in TEMP: ==================== C:\Users\Mazi\AppData\Local\Temp\1324.exe C:\Users\Mazi\AppData\Local\Temp\1432566120.exe C:\Users\Mazi\AppData\Local\Temp\657.exe C:\Users\Mazi\AppData\Local\Temp\6676.exe C:\Users\Mazi\AppData\Local\Temp\7844.exe C:\Users\Mazi\AppData\Local\Temp\8633.exe C:\Users\Mazi\AppData\Local\Temp\amisetup5595__13272.exe C:\Users\Mazi\AppData\Local\Temp\bd372f849e7c49f384c9189a1e5bd271457872.exe C:\Users\Mazi\AppData\Local\Temp\CmdLineExt03.dll C:\Users\Mazi\AppData\Local\Temp\dllnt_dump.dll C:\Users\Mazi\AppData\Local\Temp\jue1FDF.exe C:\Users\Mazi\AppData\Local\Temp\jue2146.exe C:\Users\Mazi\AppData\Local\Temp\jue54D3.exe C:\Users\Mazi\AppData\Local\Temp\jue5A30.exe C:\Users\Mazi\AppData\Local\Temp\jueA978.exe C:\Users\Mazi\AppData\Local\Temp\jueC13C.exe C:\Users\Mazi\AppData\Local\Temp\jueD78A.exe C:\Users\Mazi\AppData\Local\Temp\mytmpinstaller.exe C:\Users\Mazi\AppData\Local\Temp\OnlineBackup.exe C:\Users\Mazi\AppData\Local\Temp\optprosetup.exe C:\Users\Mazi\AppData\Local\Temp\Quarantine.exe C:\Users\Mazi\AppData\Local\Temp\ReimagePackage.exe C:\Users\Mazi\AppData\Local\Temp\ReiSysUpdate.exe C:\Users\Mazi\AppData\Local\Temp\sdf1AAD.exe C:\Users\Mazi\AppData\Local\Temp\sdf6F67.exe C:\Users\Mazi\AppData\Local\Temp\sdfB9CD.exe C:\Users\Mazi\AppData\Local\Temp\sqlite3.dll C:\Users\Mazi\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Mazi\AppData\Local\Temp\System.Data.SQLitebbb12e9f-4d5e-4aed-b1a6-ba5bed38ed43.dll C:\Users\Mazi\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 16:51 ==================== End of log ============================