Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Simon (administrator) on SIMON on 09-07-2015 12:32:05
Running from C:\Users\Simon\Desktop
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows 10 Home Insider Preview (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6004.42261.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Simon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Mozilla Corporation) C:\Installed Programs\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apache Software Foundation) C:\XAMPP\Serveurs\apache\bin\httpd.exe
(Apache Software Foundation) C:\XAMPP\Serveurs\apache\bin\httpd.exe
() C:\XAMPP\Serveurs\mysql\bin\mysqld.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
() C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(BitTorrent Inc.) C:\Users\Simon\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsBroker.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Installed Programs\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\bin\EpmNews.exe
HKLM-x32\...\Run: [SoundTouch Music Server] => "C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871968 2015-06-26] (Dropbox, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7738536 2015-05-23] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7738536 2015-05-23] (Microsoft Corporation)
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [OneDrive] => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-08] (Microsoft Corporation)
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [OnPlay] => C:\ProgramData\OnPlay.exe
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [ShuameDaemon] => C:\Program Files (x86)\Shuame\3.3.2.167\ShuameDaemon.exe
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => "AirfoilInjector_3_7.dll" File not found
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Simon.exe [2015-06-08] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-168422143-2221164617-2328260565-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
SearchScopes: HKU\S-1-5-21-168422143-2221164617-2328260565-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Installed Programs\Java\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Installed Programs\Java\bin\jp2ssv.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{09734cbd-fa27-4f59-938a-ff452a8dc4b7}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{d7c8bf23-0f5f-4869-bd5b-686146c84979}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Google
FF Homepage: hxxp://yourtv.link
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-05] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Installed Programs\Java\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Installed Programs\Java\bin\plugin2\npjp2.dll [2015-07-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF SearchPlugin: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\searchplugins\ecosia.xml [2015-07-08]
FF Extension: Addictive Typing Lessons - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\addictive_typing_lessons@tomkennedy.net.xpi [2015-07-07]
FF Extension: MEGA EXTENSION - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\firefox@mega.co.nz.xpi [2015-07-07]
FF Extension: Simple White - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\Simple@White.Theme.xpi [2015-07-07]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-07-07]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2015-07-07]
FF Extension: Adblock Plus - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [20480 2015-05-23] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-05-23] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-05-23] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R3 ClipSVC; C:\Windows\System32\ClipSVC.dll [595736 2015-05-23] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [729936 2015-05-23] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [481280 2015-05-23] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-09] (Dropbox, Inc.)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [196096 2015-05-23] (Microsoft Corporation)
R3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [33280 2015-05-23] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27648 2015-05-23] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [270848 2015-05-23] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [195584 2015-05-23] (Microsoft Corporation)
S2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [63488 2015-05-23] (Microsoft Corporation)
R2 DoSvc; C:\Windows\system32\svchost.exe [39992 2015-05-23] (Microsoft Corporation)
R2 DoSvc; C:\Windows\SysWOW64\svchost.exe [34800 2015-05-23] (Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [143872 2015-05-23] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [251904 2015-05-23] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [144896 2015-05-23] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2015-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [32768 2015-05-23] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [26112 2015-05-23] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [18944 2015-05-23] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-05-23] (Microsoft Corporation)
S2 MBAMService; C:\Installed Programs\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [182272 2015-05-23] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [288256 2015-05-23] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [528896 2015-05-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [670208 2015-05-23] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [876032 2015-05-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1017344 2015-05-23] ()
S3 SensorService; C:\Windows\system32\SensorService.dll [227328 2015-05-23] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [585728 2015-05-23] (Microsoft Corporation)
S3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2715648 2015-05-23] (Microsoft Corporation)
S3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2055168 2015-05-23] (Microsoft Corporation)
R2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [496640 2015-05-23] (Microsoft Corporation)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
R2 UserManager; C:\Windows\System32\usermgr.dll [711680 2015-05-23] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [337408 2015-05-23] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [513024 2015-05-23] (Microsoft Corporation)
S3 WalletSvc; C:\Windows\system32\WalletService.dll [485376 2015-05-23] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [353392 2015-05-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [17240 2015-05-23] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-05-23] (Microsoft Corporation)
R3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [803840 2015-05-23] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1158656 2015-05-23] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1016320 2015-05-23] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-06-21] (Google Inc)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-05-23] (Microsoft Corporation)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [32256 2015-05-23] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [116736 2015-05-23] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [39400 2015-05-23] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_000af53bbd77d2bf\CompositeBus.sys [39936 2015-05-23] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3437032 2015-05-23] (QLogic Corporation)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [31232 2015-05-23] (Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [84480 2015-05-23] (Microsoft Corporation)
S3 genericusbfnclass; C:\Windows\System32\drivers\genericusbfnclass.sys [20992 2015-05-23] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-05-23] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [50152 2015-05-23] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424936 2015-05-23] (Mellanox)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [28160 2015-05-23] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [104936 2015-05-23] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99304 2015-05-23] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59880 2015-05-23] (Avago Technologies)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705512 2015-05-23] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [48128 2015-05-23] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76264 2015-05-23] (Mellanox)
U5 NdisWan; C:\Windows\System32\Drivers\NdisWan.sys [188928 2015-05-23] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [94720 2015-05-23] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 OneSyncSvc; No ImagePath
R2 OneSyncSvc_Session1; No ImagePath
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58344 2015-05-23] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [58856 2015-05-23] (Avago Technologies)
S3 PimIndexMaintenanceSvc; No ImagePath
R3 PimIndexMaintenanceSvc_Session1; No ImagePath
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [934888 2015-05-23] (Microsoft Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-24] (Realsil Semiconductor Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-06-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-05-23] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [40424 2015-05-23] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_128fa32ed5edb85d\swenum.sys [17896 2015-05-23] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [53248 2015-05-23] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [44032 2015-05-23] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-05-23] ()
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [241128 2015-05-23] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [94184 2015-05-23] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [126952 2015-05-23] (Microsoft Corporation)
S3 UnistoreSvc; No ImagePath
R3 UnistoreSvc_Session1; No ImagePath
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [19968 2015-05-23] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [54760 2015-05-23] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [18944 2015-05-23] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2015-05-23] (Microsoft Corporation)
S3 UserDataSvc; No ImagePath
R3 UserDataSvc_Session1; No ImagePath
S3 vhf; C:\Windows\System32\drivers\vhf.sys [31744 2015-05-23] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [682496 2015-05-23] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117736 2015-05-23] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106528 2015-05-23] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17952 2015-05-23] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [27112 2015-05-23] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59368 2015-05-23] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [218112 2015-05-23] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [26112 2015-05-23] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: WalletSvc -> C:\Windows\system32\WalletService.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RDXService.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-09 12:32 - 2015-07-09 12:33 - 00034069 _____ C:\Users\Simon\Desktop\FRST.txt
2015-07-09 12:28 - 2015-07-09 12:28 - 00016148 _____ C:\WINDOWS\system32\SIMON_Simon_HistoryPrediction.bin
2015-07-09 03:08 - 2015-07-09 03:29 - 00000000 ____D C:\Users\Simon\Downloads\Matrix Reloaded (www.ThePirateFilmes.com)
2015-07-09 03:07 - 2015-07-09 03:39 - 00000000 ____D C:\Users\Simon\Downloads\The Matrix Revolutions (2003)
2015-07-09 03:03 - 2015-07-09 03:11 - 00000000 ____D C:\Users\Simon\Downloads\The Matrix (1999)
2015-07-09 03:01 - 2015-07-09 03:01 - 00000000 ____D C:\Users\Simon\Downloads\Matrix (1999)Blu-Ray 720p Dublado PT-BR - mo93438
2015-07-09 00:04 - 2015-07-09 00:05 - 00000000 ___RD C:\Users\Simon\Dropbox
2015-07-09 00:04 - 2015-07-09 00:04 - 00001303 _____ C:\Users\Simon\Desktop\Dropbox.lnk
2015-07-09 00:03 - 2015-07-09 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-09 00:02 - 2015-07-09 00:02 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dropbox
2015-07-09 00:01 - 2015-07-09 09:06 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-09 00:01 - 2015-07-09 00:06 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-09 00:01 - 2015-07-09 00:04 - 00000000 ____D C:\Users\Simon\AppData\Local\Dropbox
2015-07-09 00:01 - 2015-07-09 00:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-09 00:01 - 2015-07-09 00:01 - 00660960 _____ (Dropbox, Inc.) C:\Users\Simon\Downloads\DropboxInstaller.exe
2015-07-09 00:01 - 2015-07-09 00:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-09 00:01 - 2015-07-09 00:01 - 00003746 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-09 00:01 - 2015-07-09 00:01 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-08 20:37 - 2015-07-08 21:38 - 00000000 ____D C:\Users\Simon\Desktop\resultats
2015-07-08 20:36 - 2015-07-08 20:36 - 01843712 _____ C:\Users\Simon\Desktop\ZHPCleaner.exe
2015-07-08 18:51 - 2015-07-08 18:51 - 01836032 _____ C:\Users\Simon\Desktop\ZHPDiag3.exe
2015-07-08 12:24 - 2015-07-08 15:35 - 00132219 _____ C:\Users\Simon\Downloads\Addition.txt
2015-07-08 12:16 - 2015-07-09 12:32 - 00000000 ____D C:\FRST
2015-07-08 12:16 - 2015-07-08 15:32 - 00068367 _____ C:\Users\Simon\Downloads\FRST.txt
2015-07-08 12:14 - 2015-07-08 12:15 - 02112512 _____ (Farbar) C:\Users\Simon\Desktop\FRST64.exe
2015-07-08 12:11 - 2015-07-08 12:12 - 01636352 _____ (Farbar) C:\Users\Simon\Downloads\FRST.exe
2015-07-08 11:40 - 2015-07-08 11:40 - 00285032 _____ C:\WINDOWS\Minidump\070815-25875-01.dmp
2015-07-08 10:00 - 2015-07-08 10:00 - 00000000 _____ C:\autoexec.bat
2015-07-08 09:57 - 2015-07-08 09:57 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Simon\Downloads\SpyHunter-Installer.exe
2015-07-06 23:54 - 2015-07-06 23:57 - 155834672 _____ (Apple Inc.) C:\Users\Simon\Downloads\itunes6464setup.exe
2015-07-06 18:07 - 2015-07-08 19:15 - 00000000 ____D C:\Users\Simon\AppData\Local\Sublime Text 3
2015-07-06 18:07 - 2015-07-06 18:07 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Sublime Text 3
2015-07-06 18:02 - 2015-07-06 18:02 - 00000926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-07-06 18:01 - 2015-07-06 18:01 - 08064616 _____ (Sublime HQ Pty Ltd ) C:\Users\Simon\Downloads\Sublime Text Build 3083 x64 Setup.exe
2015-07-06 14:59 - 2015-07-06 14:59 - 00000000 ____D C:\Users\Simon\Desktop\bookmarkbackups
2015-07-06 12:05 - 2015-07-06 12:07 - 00000000 ____D C:\Users\Simon\Desktop\Haier backup
2015-07-06 01:22 - 2015-07-06 01:22 - 00000000 ____D C:\Users\Simon\.gradle
2015-07-06 01:21 - 2015-07-06 01:21 - 00000000 ____D C:\Users\Simon\AndroidStudioProjects
2015-07-06 00:56 - 2015-07-06 00:56 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Oracle
2015-07-06 00:54 - 2015-07-06 00:54 - 00000000 ____D C:\Users\Simon\.jmc
2015-07-06 00:52 - 2015-07-06 00:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-06 00:49 - 2015-07-06 00:49 - 00000000 _____ C:\WINDOWS\SysWOW64\RENEF79.tmp
2015-07-06 00:47 - 2015-07-06 00:47 - 00561248 _____ (Oracle Corporation) C:\Users\Simon\Downloads\jxpiinstall.exe
2015-07-05 22:29 - 2015-07-05 23:24 - 91931728 _____ (The GIMP Team ) C:\Users\Simon\Downloads\gimp-2.8.14-setup-1.exe
2015-07-05 13:23 - 2015-07-05 13:23 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Simon\Downloads\WinPcap_4_1_3.exe
2015-07-05 13:23 - 2015-07-05 13:23 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Wireshark
2015-07-05 13:23 - 2015-07-05 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-07-05 13:23 - 2015-07-05 13:23 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-07-05 13:19 - 2015-07-05 13:19 - 00001583 _____ C:\Users\Public\Desktop\Wireshark.lnk
2015-07-05 13:12 - 2015-07-05 13:31 - 1150844928 _____ C:\Users\Simon\Downloads\ubuntu-15.04-desktop-amd64.iso
2015-07-05 01:01 - 2015-07-09 09:03 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-05 01:01 - 2015-07-05 01:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-04 23:05 - 2015-07-04 23:06 - 29849552 _____ (Wireshark development team) C:\Users\Simon\Downloads\Wireshark-win64-1.12.6.exe
2015-07-04 21:37 - 2015-07-04 21:37 - 00000000 ____D C:\Users\Simon\AppData\Roaming\JetBrains
2015-07-04 21:35 - 2015-07-04 21:35 - 00000000 ____D C:\Users\Simon\.AndroidStudio1.2
2015-07-04 20:30 - 2015-07-04 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-07-04 20:28 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-07-04 20:14 - 2015-07-04 20:14 - 00000947 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-04 20:00 - 2015-07-04 20:00 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-04 20:00 - 2015-07-04 19:59 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-07-04 20:00 - 2015-07-04 19:59 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-07-04 20:00 - 2015-07-04 19:59 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-07-04 19:59 - 2015-07-06 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-07-04 19:59 - 2015-07-04 19:59 - 00000000 ____D C:\Program Files\Java
2015-07-04 19:51 - 2015-07-04 19:54 - 146861984 _____ (Oracle Corporation) C:\Users\Simon\Downloads\jdk-7u79-windows-x64.exe
2015-07-04 17:42 - 2015-07-04 18:01 - 930456592 _____ (Google Inc.) C:\Users\Simon\Downloads\android-studio-bundle-141.1980579-windows.exe
2015-07-01 20:45 - 2015-07-01 20:45 - 00001702 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-01 20:45 - 2015-07-01 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-01 20:44 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-07-01 20:43 - 2015-07-01 20:44 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-01 20:43 - 2015-07-01 20:43 - 00000000 ____D C:\Program Files\iPod
2015-07-01 20:43 - 2015-07-01 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-01 20:42 - 2015-07-01 20:42 - 00000000 ____D C:\Program Files\Bonjour
2015-07-01 20:42 - 2015-07-01 20:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-01 20:29 - 2015-07-01 20:29 - 00000000 ____D C:\Users\Simon\AppData\Local\Cyberlink
2015-07-01 20:09 - 2015-07-01 20:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-07-01 17:52 - 2015-07-01 17:52 - 00000000 ____D C:\Users\Simon\AppData\Roaming\CareCenter
2015-07-01 17:52 - 2015-07-01 17:52 - 00000000 ____D C:\Users\Simon\AppData\Local\CareCenter
2015-07-01 16:17 - 2015-07-08 11:40 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-01 16:17 - 2015-07-08 11:39 - 331402697 _____ C:\WINDOWS\MEMORY.DMP
2015-07-01 16:17 - 2015-07-01 16:17 - 00284976 _____ C:\WINDOWS\Minidump\070115-33812-01.dmp
2015-07-01 14:45 - 2015-07-08 16:11 - 00000359 _____ C:\Users\Simon\Desktop\Corbeille - Raccourci.lnk
2015-07-01 14:41 - 2015-07-01 14:51 - 00000000 ____D C:\Users\Simon\Desktop\TEST
2015-06-29 21:36 - 2015-07-01 22:10 - 00000000 ____D C:\Users\Simon\AppData\Local\Popcorn-Time
2015-06-29 21:31 - 2015-07-01 22:01 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2
2015-06-29 21:30 - 2015-06-29 21:31 - 00000000 ____D C:\Users\Simon\AppData\Local\Popcorn Time
2015-06-26 12:14 - 2015-06-26 12:14 - 00000000 ____D C:\Users\Simon\AppData\Roaming\CyberLink
2015-06-25 23:56 - 2015-06-25 23:56 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-24 15:33 - 2015-06-24 15:33 - 00003160 _____ C:\WINDOWS\System32\Tasks\tet3008
2015-06-23 22:47 - 2015-06-23 22:48 - 02244096 _____ C:\Users\Simon\Desktop\adwcleaner_4.207.exe
2015-06-23 22:40 - 2015-07-04 20:09 - 01845248 _____ C:\Users\Simon\ZHPCleaner.exe
2015-06-23 22:23 - 2015-06-23 22:23 - 00003150 _____ C:\WINDOWS\System32\Tasks\sol3007
2015-06-23 22:17 - 2015-06-23 22:27 - 00000000 ___HD C:\ProgramData\gjw
2015-06-23 22:15 - 2015-06-23 22:15 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-06-23 22:15 - 2015-06-23 22:15 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-06-23 22:13 - 2015-06-23 22:13 - 00631808 _____ C:\WINDOWS\gjw.dat
2015-06-23 20:06 - 2015-06-23 21:02 - 00000000 ____D C:\ProgramData\Shuame
2015-06-23 19:56 - 2015-06-23 19:57 - 00000000 ____D C:\Users\Public\Documents\RootGenius
2015-06-23 19:56 - 2015-06-23 19:56 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-06-23 19:50 - 2015-06-23 19:50 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Shuame
2015-06-23 01:04 - 2015-07-08 22:05 - 00000290 __RSH C:\Users\Simon\ntuser.pol
2015-06-22 22:53 - 2015-06-22 22:53 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudserd.sys
2015-06-22 22:43 - 2015-06-22 22:43 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-06-22 22:43 - 2015-06-22 22:43 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-06-22 22:36 - 2015-06-22 23:40 - 00000000 ____D C:\Users\Simon\Desktop\Odin307
2015-06-22 22:12 - 2015-06-22 22:12 - 00000000 ____D C:\ProgramData\Samsung
2015-06-22 14:51 - 2015-06-22 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-06-22 14:51 - 2015-06-22 14:51 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-06-22 14:37 - 2015-07-08 22:59 - 00000000 __SHD C:\ProgramData\Google
2015-06-22 14:30 - 2015-06-22 21:31 - 00000000 ____D C:\Users\Simon\AppData\Local\Rogue Amoeba
2015-06-22 10:14 - 2015-06-22 10:14 - 00000000 ____D C:\ProgramData\Unknown
2015-06-21 01:01 - 2015-06-21 01:10 - 00013168 _____ C:\WINDOWS\DPINST.LOG
2015-06-21 01:01 - 2015-06-21 01:01 - 00000000 ____D C:\Program Files\DIFX
2015-06-21 00:53 - 2015-07-01 18:00 - 00000000 ____D C:\Program Files (x86)\HTC
2015-06-21 00:52 - 2015-06-21 00:52 - 00032768 _____ (Google Inc) C:\WINDOWS\system32\Drivers\androidusb.sys
2015-06-20 14:21 - 2015-06-20 14:21 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2015-06-20 14:21 - 2015-06-20 14:21 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2015-06-20 14:21 - 2015-06-20 14:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-06-18 16:53 - 2015-06-18 16:53 - 00000000 ____D C:\Users\Simon\Tracing
2015-06-18 16:52 - 2015-07-05 13:08 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Skype
2015-06-18 16:52 - 2015-06-18 16:52 - 00000000 ____D C:\Users\Simon\AppData\Local\Skype
2015-06-18 16:52 - 2015-06-18 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-18 16:51 - 2015-06-18 16:52 - 00000000 ____D C:\ProgramData\Skype
2015-06-18 13:22 - 2015-06-18 13:22 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-06-17 20:00 - 2015-06-22 14:07 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SoundTouchPersist
2015-06-17 20:00 - 2015-06-17 20:00 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SoundTouch
2015-06-17 19:58 - 2015-06-17 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTouch
2015-06-17 19:57 - 2015-06-17 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-06-17 19:56 - 2015-07-08 22:56 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-06-13 14:37 - 2015-06-13 14:37 - 00000000 ____D C:\Users\Simon\AppData\Local\Publishers
2015-06-13 12:20 - 2015-07-06 11:57 - 00000512 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-06-13 11:44 - 2015-06-18 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-06-12 23:08 - 2015-06-09 16:35 - 03600208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-12 23:08 - 2015-06-09 15:20 - 02859560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-12 23:08 - 2015-06-09 14:58 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-12 23:08 - 2015-06-09 14:24 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-12 23:08 - 2015-06-09 14:05 - 24608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-12 23:08 - 2015-06-09 13:54 - 12552192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-12 23:08 - 2015-06-09 13:54 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-12 23:08 - 2015-06-09 13:50 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 02693632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 01576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-12 23:08 - 2015-06-09 13:48 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-06-12 23:08 - 2015-06-09 13:48 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-06-12 23:08 - 2015-06-09 13:47 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-06-12 23:08 - 2015-06-09 13:47 - 02114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-12 23:08 - 2015-06-09 13:47 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-06-12 23:08 - 2015-06-09 13:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-06-12 23:08 - 2015-06-09 13:47 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-06-12 23:08 - 2015-06-09 13:26 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-12 23:08 - 2015-06-09 13:09 - 19364864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 21983232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-12 23:08 - 2015-06-09 12:57 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-06-12 23:08 - 2015-06-09 12:57 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-12 23:08 - 2015-06-09 12:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-06-12 23:08 - 2015-06-09 12:57 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-06-12 23:08 - 2015-06-09 12:56 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-06-12 23:08 - 2015-06-09 12:46 - 04797440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-12 23:08 - 2015-06-09 12:43 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-06-12 23:08 - 2015-06-09 12:15 - 03584000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-12 23:08 - 2015-06-09 12:12 - 19170816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-06-12 23:08 - 2015-06-09 12:12 - 11311616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-12 23:08 - 2015-06-09 12:09 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-06-12 23:08 - 2015-06-09 12:09 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-06-12 23:08 - 2015-06-09 12:09 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-12 18:16 - 2015-06-09 17:17 - 00088528 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-06-12 18:16 - 2015-06-09 17:16 - 00403104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-06-12 18:16 - 2015-06-09 17:14 - 00517264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-06-12 18:16 - 2015-06-09 17:13 - 00498032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-06-12 18:16 - 2015-06-09 17:13 - 00110176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-06-12 18:16 - 2015-06-09 17:05 - 00362776 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-06-12 18:16 - 2015-06-09 16:16 - 00073496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-06-12 18:16 - 2015-06-09 16:15 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-06-12 18:16 - 2015-06-09 16:11 - 00442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-06-12 18:16 - 2015-06-09 16:11 - 00394368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-06-12 18:16 - 2015-06-09 14:03 - 01061376 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-06-12 18:16 - 2015-06-09 14:01 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-06-12 18:16 - 2015-06-09 13:10 - 03591680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-06-12 18:16 - 2015-06-09 13:10 - 01370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-06-12 18:16 - 2015-06-09 13:09 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-12 18:16 - 2015-06-09 12:46 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2015-06-12 18:16 - 2015-06-09 12:12 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2015-06-12 18:16 - 2015-06-06 15:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2015-06-12 18:16 - 2015-06-06 13:13 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2015-06-12 18:16 - 2015-06-04 10:30 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-12 18:16 - 2015-06-04 09:51 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 19:35 - 2015-06-10 19:35 - 00000000 ____D C:\ProgramData\Steam
2015-06-09 20:52 - 2015-06-09 22:20 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Apple Computer
2015-06-09 20:52 - 2015-06-09 20:52 - 00000000 ____D C:\Users\Simon\AppData\Local\Apple Computer
2015-06-09 20:49 - 2015-06-09 20:49 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-09 20:47 - 2015-07-01 20:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-09 20:47 - 2015-06-09 20:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-09 20:47 - 2015-06-09 20:47 - 00000000 ____D C:\Users\Simon\AppData\Local\Apple
2015-06-09 20:46 - 2015-06-09 20:47 - 00000000 ____D C:\ProgramData\Apple
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-09 12:31 - 2015-05-21 21:39 - 00000000 ____D C:\Users\Simon\AppData\Roaming\uTorrent
2015-07-09 12:31 - 2015-05-14 20:48 - 00000000 ____D C:\Users\Simon\Desktop\SECURITE
2015-07-09 12:28 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-09 08:53 - 2015-05-14 12:53 - 00000340 _____ C:\WINDOWS\Tasks\Chromium.job
2015-07-09 07:01 - 2015-05-12 19:06 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{24C31AD1-B6D2-4A37-A2BE-E7F20C31E4E3}
2015-07-09 05:03 - 2015-05-23 15:41 - 00000000 ____D C:\ProgramData\USOShared
2015-07-09 00:04 - 2015-06-07 23:41 - 00000000 ____D C:\Users\Simon
2015-07-08 22:55 - 2015-05-12 21:25 - 00000000 ____D C:\Users\Simon\AppData\Local\Google
2015-07-08 22:10 - 2015-05-12 21:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-08 21:27 - 2015-05-13 22:43 - 00000000 ____D C:\Users\Simon\AppData\Roaming\ZHP
2015-07-08 20:51 - 2015-05-20 20:37 - 00000000 ____D C:\Users\Simon\AppData\Local\ActiveSync
2015-07-08 20:51 - 2015-05-14 12:28 - 00000191 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-08 20:49 - 2015-05-23 15:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-08 20:49 - 2015-05-23 13:52 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-08 20:43 - 2015-05-13 22:26 - 00000000 ____D C:\AdwCleaner
2015-07-08 15:37 - 2015-05-13 18:31 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2015-07-08 15:32 - 2015-06-08 00:18 - 00360137 _____ C:\WINDOWS\WindowsUpdate_AU_deprecated.log
2015-07-08 12:18 - 2015-05-16 18:20 - 00000000 ____D C:\Users\Simon\Desktop\AUTRES
2015-07-08 10:43 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-08 09:56 - 2015-05-23 20:34 - 00820446 _____ C:\WINDOWS\system32\perfh00C.dat
2015-07-08 09:56 - 2015-05-23 20:34 - 00154090 _____ C:\WINDOWS\system32\perfc00C.dat
2015-07-08 09:56 - 2015-05-20 17:32 - 01838528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-08 09:51 - 2015-06-07 23:29 - 00057284 _____ C:\WINDOWS\PFRO.log
2015-07-07 19:23 - 2015-05-23 15:39 - 00051467 _____ C:\WINDOWS\setupact.log
2015-07-06 10:30 - 2015-05-23 15:38 - 01344528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-06 01:22 - 2015-05-21 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-06 01:19 - 2015-05-13 15:23 - 00000000 ____D C:\Users\Simon\.android
2015-07-06 00:53 - 2015-05-21 21:18 - 00000000 ____D C:\ProgramData\Oracle
2015-07-05 12:59 - 2015-05-20 23:22 - 00000000 ____D C:\Users\Simon\Desktop\COURS
2015-07-05 12:08 - 2015-05-21 21:01 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-05 01:02 - 2015-05-13 13:59 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-07-04 21:47 - 2015-05-20 23:18 - 00000000 ____D C:\Users\Simon\Desktop\PROGRA
2015-07-04 20:28 - 2015-06-07 23:34 - 00000000 ____D C:\Program Files\Intel
2015-07-04 20:16 - 2015-05-14 11:01 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-04 20:14 - 2015-05-14 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 22:13 - 2015-05-28 22:33 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2015-07-01 20:35 - 2015-05-20 15:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-01 20:08 - 2014-07-25 11:31 - 00000000 ____D C:\Program Files (x86)\Acer
2015-07-01 17:57 - 2015-05-12 19:04 - 00000000 ___RD C:\Users\Simon\OneDrive
2015-07-01 17:49 - 2015-05-12 19:14 - 00000000 ____D C:\Users\Public\OEM
2015-07-01 17:49 - 2015-05-12 18:59 - 00000000 ____D C:\Users\Simon\AppData\Local\clear.fi
2015-07-01 17:47 - 2014-07-25 11:32 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-07-01 17:46 - 2014-07-25 11:37 - 00000000 ____D C:\Program Files\Acer
2015-07-01 17:44 - 2015-05-12 18:56 - 00000000 ____D C:\Users\Simon\AppData\Local\Packages
2015-07-01 15:07 - 2015-05-23 14:33 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-30 19:32 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-26 12:20 - 2015-05-23 23:00 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Foxit Software
2015-06-26 12:15 - 2014-12-17 14:44 - 00000000 ____D C:\Users\Public\CyberLink
2015-06-26 12:14 - 2014-07-25 11:33 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-24 16:49 - 2015-05-23 20:38 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-24 15:40 - 2015-05-12 20:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Notepad++
2015-06-23 22:49 - 2015-05-16 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2015-06-23 22:29 - 2015-05-13 18:31 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-23 01:04 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-06-23 01:04 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-22 18:48 - 2015-05-23 15:08 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-22 18:48 - 2015-05-23 15:08 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 08:42 - 2015-05-14 10:56 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-05-14 10:56 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-05-14 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-14 23:07 - 2015-05-20 23:03 - 00000000 ____D C:\Users\Simon\AppData\Roaming\FileZilla
2015-06-14 22:33 - 2015-05-20 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-06-13 12:43 - 2015-05-12 18:56 - 00000000 ____D C:\Users\Simon\AppData\Local\VirtualStore
2015-06-10 19:10 - 2015-05-23 14:52 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-06-10 19:10 - 2015-05-23 14:52 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-06-10 19:10 - 2015-05-23 14:52 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-06-10 19:10 - 2015-05-23 14:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-06-10 13:51 - 2015-06-08 21:16 - 00000000 __SHD C:\ProgramData\SIMON
2015-06-09 19:04 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
==================== Files in the root of some directories =======
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Simon\AppData\Roaming\mIYcoTkwCmjAOB86q356q
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Simon\AppData\Roaming\v4BuuhJVTeNisB2
2015-06-07 23:37 - 2015-06-07 23:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Simon\ZHPCleaner.exe
Some files in TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\Simon\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\Simon\AppData\Local\Temp\CM.Launcher.Win.exe
C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtcw5y.dll
C:\Users\Simon\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Simon\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Simon\AppData\Local\Temp\Newtonsoft.Json.dll
C:\Users\Simon\AppData\Local\Temp\NLog.dll
C:\Users\Simon\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\Simon\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon\AppData\Local\Temp\Shuame_Uninst.exe
C:\Users\Simon\AppData\Local\Temp\sqlite3.dll
C:\Users\Simon\AppData\Local\Temp\System.Core.dll
C:\Users\Simon\AppData\Local\Temp\System.Xml.Linq.dll
C:\Users\Simon\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-22 18:45
==================== End of log ============================
Ran by Simon (administrator) on SIMON on 09-07-2015 12:32:05
Running from C:\Users\Simon\Desktop
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows 10 Home Insider Preview (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6004.42261.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Simon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Mozilla Corporation) C:\Installed Programs\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apache Software Foundation) C:\XAMPP\Serveurs\apache\bin\httpd.exe
(Apache Software Foundation) C:\XAMPP\Serveurs\apache\bin\httpd.exe
() C:\XAMPP\Serveurs\mysql\bin\mysqld.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
() C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(BitTorrent Inc.) C:\Users\Simon\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsBroker.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-05] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Installed Programs\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\bin\EpmNews.exe
HKLM-x32\...\Run: [SoundTouch Music Server] => "C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [43871968 2015-06-26] (Dropbox, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7738536 2015-05-23] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7738536 2015-05-23] (Microsoft Corporation)
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [OneDrive] => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-08] (Microsoft Corporation)
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [OnPlay] => C:\ProgramData\OnPlay.exe
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\...\Run: [ShuameDaemon] => C:\Program Files (x86)\Shuame\3.3.2.167\ShuameDaemon.exe
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => "AirfoilInjector_3_7.dll" File not found
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Simon.exe [2015-06-08] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\amd64\FileSyncShell64.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5860.0512_2\FileSyncShell.dll [2015-06-08] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-168422143-2221164617-2328260565-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-168422143-2221164617-2328260565-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
SearchScopes: HKU\S-1-5-21-168422143-2221164617-2328260565-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Installed Programs\Java\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Installed Programs\Java\bin\jp2ssv.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{09734cbd-fa27-4f59-938a-ff452a8dc4b7}: [DhcpNameServer] 212.27.40.241 212.27.40.240
Tcpip\..\Interfaces\{d7c8bf23-0f5f-4869-bd5b-686146c84979}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Google
FF Homepage: hxxp://yourtv.link
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-05] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Installed Programs\Java\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Installed Programs\Java\bin\plugin2\npjp2.dll [2015-07-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF SearchPlugin: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\searchplugins\ecosia.xml [2015-07-08]
FF Extension: Addictive Typing Lessons - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\addictive_typing_lessons@tomkennedy.net.xpi [2015-07-07]
FF Extension: MEGA EXTENSION - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\firefox@mega.co.nz.xpi [2015-07-07]
FF Extension: Simple White - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\Simple@White.Theme.xpi [2015-07-07]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-07-07]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2015-07-07]
FF Extension: Adblock Plus - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\etg2dnfm.default-1436187552731\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [20480 2015-05-23] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-05-23] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-05-23] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R3 ClipSVC; C:\Windows\System32\ClipSVC.dll [595736 2015-05-23] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [729936 2015-05-23] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [481280 2015-05-23] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-09] (Dropbox, Inc.)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [196096 2015-05-23] (Microsoft Corporation)
R3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [33280 2015-05-23] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27648 2015-05-23] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [270848 2015-05-23] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [195584 2015-05-23] (Microsoft Corporation)
S2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [63488 2015-05-23] (Microsoft Corporation)
R2 DoSvc; C:\Windows\system32\svchost.exe [39992 2015-05-23] (Microsoft Corporation)
R2 DoSvc; C:\Windows\SysWOW64\svchost.exe [34800 2015-05-23] (Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [143872 2015-05-23] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [251904 2015-05-23] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [144896 2015-05-23] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2015-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [32768 2015-05-23] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [26112 2015-05-23] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [18944 2015-05-23] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-05-23] (Microsoft Corporation)
S2 MBAMService; C:\Installed Programs\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [182272 2015-05-23] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [288256 2015-05-23] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [528896 2015-05-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [670208 2015-05-23] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [876032 2015-05-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1017344 2015-05-23] ()
S3 SensorService; C:\Windows\system32\SensorService.dll [227328 2015-05-23] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [585728 2015-05-23] (Microsoft Corporation)
S3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2715648 2015-05-23] (Microsoft Corporation)
S3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2055168 2015-05-23] (Microsoft Corporation)
R2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [496640 2015-05-23] (Microsoft Corporation)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
R2 UserManager; C:\Windows\System32\usermgr.dll [711680 2015-05-23] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [337408 2015-05-23] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [513024 2015-05-23] (Microsoft Corporation)
S3 WalletSvc; C:\Windows\system32\WalletService.dll [485376 2015-05-23] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [353392 2015-05-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [17240 2015-05-23] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-05-23] (Microsoft Corporation)
R3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [803840 2015-05-23] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1158656 2015-05-23] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1016320 2015-05-23] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2015-06-21] (Google Inc)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-05-23] (Microsoft Corporation)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [32256 2015-05-23] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [116736 2015-05-23] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [39400 2015-05-23] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_000af53bbd77d2bf\CompositeBus.sys [39936 2015-05-23] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3437032 2015-05-23] (QLogic Corporation)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [31232 2015-05-23] (Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [84480 2015-05-23] (Microsoft Corporation)
S3 genericusbfnclass; C:\Windows\System32\drivers\genericusbfnclass.sys [20992 2015-05-23] (Microsoft Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-05-23] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [50152 2015-05-23] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424936 2015-05-23] (Mellanox)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [28160 2015-05-23] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [104936 2015-05-23] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99304 2015-05-23] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59880 2015-05-23] (Avago Technologies)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705512 2015-05-23] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [48128 2015-05-23] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76264 2015-05-23] (Mellanox)
U5 NdisWan; C:\Windows\System32\Drivers\NdisWan.sys [188928 2015-05-23] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [94720 2015-05-23] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 OneSyncSvc; No ImagePath
R2 OneSyncSvc_Session1; No ImagePath
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58344 2015-05-23] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [58856 2015-05-23] (Avago Technologies)
S3 PimIndexMaintenanceSvc; No ImagePath
R3 PimIndexMaintenanceSvc_Session1; No ImagePath
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [934888 2015-05-23] (Microsoft Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-24] (Realsil Semiconductor Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-06-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-05-23] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [40424 2015-05-23] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_128fa32ed5edb85d\swenum.sys [17896 2015-05-23] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [53248 2015-05-23] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [44032 2015-05-23] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-05-23] ()
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [241128 2015-05-23] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [94184 2015-05-23] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [126952 2015-05-23] (Microsoft Corporation)
S3 UnistoreSvc; No ImagePath
R3 UnistoreSvc_Session1; No ImagePath
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [19968 2015-05-23] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [54760 2015-05-23] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [18944 2015-05-23] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2015-05-23] (Microsoft Corporation)
S3 UserDataSvc; No ImagePath
R3 UserDataSvc_Session1; No ImagePath
S3 vhf; C:\Windows\System32\drivers\vhf.sys [31744 2015-05-23] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [682496 2015-05-23] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117736 2015-05-23] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106528 2015-05-23] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17952 2015-05-23] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [27112 2015-05-23] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59368 2015-05-23] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [218112 2015-05-23] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [26112 2015-05-23] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: WalletSvc -> C:\Windows\system32\WalletService.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RDXService.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-09 12:32 - 2015-07-09 12:33 - 00034069 _____ C:\Users\Simon\Desktop\FRST.txt
2015-07-09 12:28 - 2015-07-09 12:28 - 00016148 _____ C:\WINDOWS\system32\SIMON_Simon_HistoryPrediction.bin
2015-07-09 03:08 - 2015-07-09 03:29 - 00000000 ____D C:\Users\Simon\Downloads\Matrix Reloaded (www.ThePirateFilmes.com)
2015-07-09 03:07 - 2015-07-09 03:39 - 00000000 ____D C:\Users\Simon\Downloads\The Matrix Revolutions (2003)
2015-07-09 03:03 - 2015-07-09 03:11 - 00000000 ____D C:\Users\Simon\Downloads\The Matrix (1999)
2015-07-09 03:01 - 2015-07-09 03:01 - 00000000 ____D C:\Users\Simon\Downloads\Matrix (1999)Blu-Ray 720p Dublado PT-BR - mo93438
2015-07-09 00:04 - 2015-07-09 00:05 - 00000000 ___RD C:\Users\Simon\Dropbox
2015-07-09 00:04 - 2015-07-09 00:04 - 00001303 _____ C:\Users\Simon\Desktop\Dropbox.lnk
2015-07-09 00:03 - 2015-07-09 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-09 00:02 - 2015-07-09 00:02 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dropbox
2015-07-09 00:01 - 2015-07-09 09:06 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-09 00:01 - 2015-07-09 00:06 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-09 00:01 - 2015-07-09 00:04 - 00000000 ____D C:\Users\Simon\AppData\Local\Dropbox
2015-07-09 00:01 - 2015-07-09 00:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-09 00:01 - 2015-07-09 00:01 - 00660960 _____ (Dropbox, Inc.) C:\Users\Simon\Downloads\DropboxInstaller.exe
2015-07-09 00:01 - 2015-07-09 00:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-09 00:01 - 2015-07-09 00:01 - 00003746 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-09 00:01 - 2015-07-09 00:01 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-08 20:37 - 2015-07-08 21:38 - 00000000 ____D C:\Users\Simon\Desktop\resultats
2015-07-08 20:36 - 2015-07-08 20:36 - 01843712 _____ C:\Users\Simon\Desktop\ZHPCleaner.exe
2015-07-08 18:51 - 2015-07-08 18:51 - 01836032 _____ C:\Users\Simon\Desktop\ZHPDiag3.exe
2015-07-08 12:24 - 2015-07-08 15:35 - 00132219 _____ C:\Users\Simon\Downloads\Addition.txt
2015-07-08 12:16 - 2015-07-09 12:32 - 00000000 ____D C:\FRST
2015-07-08 12:16 - 2015-07-08 15:32 - 00068367 _____ C:\Users\Simon\Downloads\FRST.txt
2015-07-08 12:14 - 2015-07-08 12:15 - 02112512 _____ (Farbar) C:\Users\Simon\Desktop\FRST64.exe
2015-07-08 12:11 - 2015-07-08 12:12 - 01636352 _____ (Farbar) C:\Users\Simon\Downloads\FRST.exe
2015-07-08 11:40 - 2015-07-08 11:40 - 00285032 _____ C:\WINDOWS\Minidump\070815-25875-01.dmp
2015-07-08 10:00 - 2015-07-08 10:00 - 00000000 _____ C:\autoexec.bat
2015-07-08 09:57 - 2015-07-08 09:57 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Simon\Downloads\SpyHunter-Installer.exe
2015-07-06 23:54 - 2015-07-06 23:57 - 155834672 _____ (Apple Inc.) C:\Users\Simon\Downloads\itunes6464setup.exe
2015-07-06 18:07 - 2015-07-08 19:15 - 00000000 ____D C:\Users\Simon\AppData\Local\Sublime Text 3
2015-07-06 18:07 - 2015-07-06 18:07 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Sublime Text 3
2015-07-06 18:02 - 2015-07-06 18:02 - 00000926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-07-06 18:01 - 2015-07-06 18:01 - 08064616 _____ (Sublime HQ Pty Ltd ) C:\Users\Simon\Downloads\Sublime Text Build 3083 x64 Setup.exe
2015-07-06 14:59 - 2015-07-06 14:59 - 00000000 ____D C:\Users\Simon\Desktop\bookmarkbackups
2015-07-06 12:05 - 2015-07-06 12:07 - 00000000 ____D C:\Users\Simon\Desktop\Haier backup
2015-07-06 01:22 - 2015-07-06 01:22 - 00000000 ____D C:\Users\Simon\.gradle
2015-07-06 01:21 - 2015-07-06 01:21 - 00000000 ____D C:\Users\Simon\AndroidStudioProjects
2015-07-06 00:56 - 2015-07-06 00:56 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Oracle
2015-07-06 00:54 - 2015-07-06 00:54 - 00000000 ____D C:\Users\Simon\.jmc
2015-07-06 00:52 - 2015-07-06 00:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-06 00:49 - 2015-07-06 00:49 - 00000000 _____ C:\WINDOWS\SysWOW64\RENEF79.tmp
2015-07-06 00:47 - 2015-07-06 00:47 - 00561248 _____ (Oracle Corporation) C:\Users\Simon\Downloads\jxpiinstall.exe
2015-07-05 22:29 - 2015-07-05 23:24 - 91931728 _____ (The GIMP Team ) C:\Users\Simon\Downloads\gimp-2.8.14-setup-1.exe
2015-07-05 13:23 - 2015-07-05 13:23 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Simon\Downloads\WinPcap_4_1_3.exe
2015-07-05 13:23 - 2015-07-05 13:23 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Wireshark
2015-07-05 13:23 - 2015-07-05 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-07-05 13:23 - 2015-07-05 13:23 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-07-05 13:19 - 2015-07-05 13:19 - 00001583 _____ C:\Users\Public\Desktop\Wireshark.lnk
2015-07-05 13:12 - 2015-07-05 13:31 - 1150844928 _____ C:\Users\Simon\Downloads\ubuntu-15.04-desktop-amd64.iso
2015-07-05 01:01 - 2015-07-09 09:03 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-05 01:01 - 2015-07-05 01:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-04 23:05 - 2015-07-04 23:06 - 29849552 _____ (Wireshark development team) C:\Users\Simon\Downloads\Wireshark-win64-1.12.6.exe
2015-07-04 21:37 - 2015-07-04 21:37 - 00000000 ____D C:\Users\Simon\AppData\Roaming\JetBrains
2015-07-04 21:35 - 2015-07-04 21:35 - 00000000 ____D C:\Users\Simon\.AndroidStudio1.2
2015-07-04 20:30 - 2015-07-04 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-07-04 20:28 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-07-04 20:14 - 2015-07-04 20:14 - 00000947 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-04 20:00 - 2015-07-04 20:00 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-04 20:00 - 2015-07-04 19:59 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-07-04 20:00 - 2015-07-04 19:59 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-07-04 20:00 - 2015-07-04 19:59 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-07-04 19:59 - 2015-07-06 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-07-04 19:59 - 2015-07-04 19:59 - 00000000 ____D C:\Program Files\Java
2015-07-04 19:51 - 2015-07-04 19:54 - 146861984 _____ (Oracle Corporation) C:\Users\Simon\Downloads\jdk-7u79-windows-x64.exe
2015-07-04 17:42 - 2015-07-04 18:01 - 930456592 _____ (Google Inc.) C:\Users\Simon\Downloads\android-studio-bundle-141.1980579-windows.exe
2015-07-01 20:45 - 2015-07-01 20:45 - 00001702 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-01 20:45 - 2015-07-01 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-01 20:44 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-07-01 20:43 - 2015-07-01 20:44 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-01 20:43 - 2015-07-01 20:43 - 00000000 ____D C:\Program Files\iPod
2015-07-01 20:43 - 2015-07-01 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-01 20:42 - 2015-07-01 20:42 - 00000000 ____D C:\Program Files\Bonjour
2015-07-01 20:42 - 2015-07-01 20:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-01 20:29 - 2015-07-01 20:29 - 00000000 ____D C:\Users\Simon\AppData\Local\Cyberlink
2015-07-01 20:09 - 2015-07-01 20:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-07-01 17:52 - 2015-07-01 17:52 - 00000000 ____D C:\Users\Simon\AppData\Roaming\CareCenter
2015-07-01 17:52 - 2015-07-01 17:52 - 00000000 ____D C:\Users\Simon\AppData\Local\CareCenter
2015-07-01 16:17 - 2015-07-08 11:40 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-01 16:17 - 2015-07-08 11:39 - 331402697 _____ C:\WINDOWS\MEMORY.DMP
2015-07-01 16:17 - 2015-07-01 16:17 - 00284976 _____ C:\WINDOWS\Minidump\070115-33812-01.dmp
2015-07-01 14:45 - 2015-07-08 16:11 - 00000359 _____ C:\Users\Simon\Desktop\Corbeille - Raccourci.lnk
2015-07-01 14:41 - 2015-07-01 14:51 - 00000000 ____D C:\Users\Simon\Desktop\TEST
2015-06-29 21:36 - 2015-07-01 22:10 - 00000000 ____D C:\Users\Simon\AppData\Local\Popcorn-Time
2015-06-29 21:31 - 2015-07-01 22:01 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2
2015-06-29 21:30 - 2015-06-29 21:31 - 00000000 ____D C:\Users\Simon\AppData\Local\Popcorn Time
2015-06-26 12:14 - 2015-06-26 12:14 - 00000000 ____D C:\Users\Simon\AppData\Roaming\CyberLink
2015-06-25 23:56 - 2015-06-25 23:56 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-24 15:33 - 2015-06-24 15:33 - 00003160 _____ C:\WINDOWS\System32\Tasks\tet3008
2015-06-23 22:47 - 2015-06-23 22:48 - 02244096 _____ C:\Users\Simon\Desktop\adwcleaner_4.207.exe
2015-06-23 22:40 - 2015-07-04 20:09 - 01845248 _____ C:\Users\Simon\ZHPCleaner.exe
2015-06-23 22:23 - 2015-06-23 22:23 - 00003150 _____ C:\WINDOWS\System32\Tasks\sol3007
2015-06-23 22:17 - 2015-06-23 22:27 - 00000000 ___HD C:\ProgramData\gjw
2015-06-23 22:15 - 2015-06-23 22:15 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-06-23 22:15 - 2015-06-23 22:15 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-06-23 22:13 - 2015-06-23 22:13 - 00631808 _____ C:\WINDOWS\gjw.dat
2015-06-23 20:06 - 2015-06-23 21:02 - 00000000 ____D C:\ProgramData\Shuame
2015-06-23 19:56 - 2015-06-23 19:57 - 00000000 ____D C:\Users\Public\Documents\RootGenius
2015-06-23 19:56 - 2015-06-23 19:56 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-06-23 19:50 - 2015-06-23 19:50 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Shuame
2015-06-23 01:04 - 2015-07-08 22:05 - 00000290 __RSH C:\Users\Simon\ntuser.pol
2015-06-22 22:53 - 2015-06-22 22:53 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudserd.sys
2015-06-22 22:43 - 2015-06-22 22:43 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-06-22 22:43 - 2015-06-22 22:43 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-06-22 22:36 - 2015-06-22 23:40 - 00000000 ____D C:\Users\Simon\Desktop\Odin307
2015-06-22 22:12 - 2015-06-22 22:12 - 00000000 ____D C:\ProgramData\Samsung
2015-06-22 14:51 - 2015-06-22 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-06-22 14:51 - 2015-06-22 14:51 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-06-22 14:37 - 2015-07-08 22:59 - 00000000 __SHD C:\ProgramData\Google
2015-06-22 14:30 - 2015-06-22 21:31 - 00000000 ____D C:\Users\Simon\AppData\Local\Rogue Amoeba
2015-06-22 10:14 - 2015-06-22 10:14 - 00000000 ____D C:\ProgramData\Unknown
2015-06-21 01:01 - 2015-06-21 01:10 - 00013168 _____ C:\WINDOWS\DPINST.LOG
2015-06-21 01:01 - 2015-06-21 01:01 - 00000000 ____D C:\Program Files\DIFX
2015-06-21 00:53 - 2015-07-01 18:00 - 00000000 ____D C:\Program Files (x86)\HTC
2015-06-21 00:52 - 2015-06-21 00:52 - 00032768 _____ (Google Inc) C:\WINDOWS\system32\Drivers\androidusb.sys
2015-06-20 14:21 - 2015-06-20 14:21 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2015-06-20 14:21 - 2015-06-20 14:21 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2015-06-20 14:21 - 2015-06-20 14:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-06-18 16:53 - 2015-06-18 16:53 - 00000000 ____D C:\Users\Simon\Tracing
2015-06-18 16:52 - 2015-07-05 13:08 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Skype
2015-06-18 16:52 - 2015-06-18 16:52 - 00000000 ____D C:\Users\Simon\AppData\Local\Skype
2015-06-18 16:52 - 2015-06-18 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-18 16:51 - 2015-06-18 16:52 - 00000000 ____D C:\ProgramData\Skype
2015-06-18 13:22 - 2015-06-18 13:22 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-06-17 20:00 - 2015-06-22 14:07 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SoundTouchPersist
2015-06-17 20:00 - 2015-06-17 20:00 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SoundTouch
2015-06-17 19:58 - 2015-06-17 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTouch
2015-06-17 19:57 - 2015-06-17 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-06-17 19:56 - 2015-07-08 22:56 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-06-13 14:37 - 2015-06-13 14:37 - 00000000 ____D C:\Users\Simon\AppData\Local\Publishers
2015-06-13 12:20 - 2015-07-06 11:57 - 00000512 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-06-13 11:44 - 2015-06-18 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-06-12 23:08 - 2015-06-09 16:35 - 03600208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-12 23:08 - 2015-06-09 15:20 - 02859560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-12 23:08 - 2015-06-09 14:58 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-12 23:08 - 2015-06-09 14:24 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-12 23:08 - 2015-06-09 14:05 - 24608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-12 23:08 - 2015-06-09 13:54 - 12552192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-12 23:08 - 2015-06-09 13:54 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-12 23:08 - 2015-06-09 13:50 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 02693632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 01576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-06-12 23:08 - 2015-06-09 13:49 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-12 23:08 - 2015-06-09 13:48 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-06-12 23:08 - 2015-06-09 13:48 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-06-12 23:08 - 2015-06-09 13:47 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-06-12 23:08 - 2015-06-09 13:47 - 02114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-12 23:08 - 2015-06-09 13:47 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-06-12 23:08 - 2015-06-09 13:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-06-12 23:08 - 2015-06-09 13:47 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-06-12 23:08 - 2015-06-09 13:26 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-12 23:08 - 2015-06-09 13:09 - 19364864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 21983232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-12 23:08 - 2015-06-09 12:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-12 23:08 - 2015-06-09 12:57 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-06-12 23:08 - 2015-06-09 12:57 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-12 23:08 - 2015-06-09 12:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-06-12 23:08 - 2015-06-09 12:57 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-06-12 23:08 - 2015-06-09 12:56 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-06-12 23:08 - 2015-06-09 12:46 - 04797440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-12 23:08 - 2015-06-09 12:43 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-06-12 23:08 - 2015-06-09 12:15 - 03584000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-12 23:08 - 2015-06-09 12:12 - 19170816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-06-12 23:08 - 2015-06-09 12:12 - 11311616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-12 23:08 - 2015-06-09 12:09 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-06-12 23:08 - 2015-06-09 12:09 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-06-12 23:08 - 2015-06-09 12:09 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-12 18:16 - 2015-06-09 17:17 - 00088528 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-06-12 18:16 - 2015-06-09 17:16 - 00403104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-06-12 18:16 - 2015-06-09 17:14 - 00517264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-06-12 18:16 - 2015-06-09 17:13 - 00498032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-06-12 18:16 - 2015-06-09 17:13 - 00110176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-06-12 18:16 - 2015-06-09 17:05 - 00362776 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-06-12 18:16 - 2015-06-09 16:16 - 00073496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-06-12 18:16 - 2015-06-09 16:15 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-06-12 18:16 - 2015-06-09 16:11 - 00442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-06-12 18:16 - 2015-06-09 16:11 - 00394368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-06-12 18:16 - 2015-06-09 14:03 - 01061376 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-06-12 18:16 - 2015-06-09 14:01 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-06-12 18:16 - 2015-06-09 13:10 - 03591680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-06-12 18:16 - 2015-06-09 13:10 - 01370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-06-12 18:16 - 2015-06-09 13:09 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-12 18:16 - 2015-06-09 12:46 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2015-06-12 18:16 - 2015-06-09 12:12 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2015-06-12 18:16 - 2015-06-06 15:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2015-06-12 18:16 - 2015-06-06 13:13 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2015-06-12 18:16 - 2015-06-04 10:30 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-12 18:16 - 2015-06-04 09:51 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 19:35 - 2015-06-10 19:35 - 00000000 ____D C:\ProgramData\Steam
2015-06-09 20:52 - 2015-06-09 22:20 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Apple Computer
2015-06-09 20:52 - 2015-06-09 20:52 - 00000000 ____D C:\Users\Simon\AppData\Local\Apple Computer
2015-06-09 20:49 - 2015-06-09 20:49 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-09 20:47 - 2015-07-01 20:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-09 20:47 - 2015-06-09 20:47 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-09 20:47 - 2015-06-09 20:47 - 00000000 ____D C:\Users\Simon\AppData\Local\Apple
2015-06-09 20:46 - 2015-06-09 20:47 - 00000000 ____D C:\ProgramData\Apple
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-09 12:31 - 2015-05-21 21:39 - 00000000 ____D C:\Users\Simon\AppData\Roaming\uTorrent
2015-07-09 12:31 - 2015-05-14 20:48 - 00000000 ____D C:\Users\Simon\Desktop\SECURITE
2015-07-09 12:28 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-09 08:53 - 2015-05-14 12:53 - 00000340 _____ C:\WINDOWS\Tasks\Chromium.job
2015-07-09 07:01 - 2015-05-12 19:06 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{24C31AD1-B6D2-4A37-A2BE-E7F20C31E4E3}
2015-07-09 05:03 - 2015-05-23 15:41 - 00000000 ____D C:\ProgramData\USOShared
2015-07-09 00:04 - 2015-06-07 23:41 - 00000000 ____D C:\Users\Simon
2015-07-08 22:55 - 2015-05-12 21:25 - 00000000 ____D C:\Users\Simon\AppData\Local\Google
2015-07-08 22:10 - 2015-05-12 21:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-08 21:27 - 2015-05-13 22:43 - 00000000 ____D C:\Users\Simon\AppData\Roaming\ZHP
2015-07-08 20:51 - 2015-05-20 20:37 - 00000000 ____D C:\Users\Simon\AppData\Local\ActiveSync
2015-07-08 20:51 - 2015-05-14 12:28 - 00000191 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-08 20:49 - 2015-05-23 15:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-08 20:49 - 2015-05-23 13:52 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-08 20:43 - 2015-05-13 22:26 - 00000000 ____D C:\AdwCleaner
2015-07-08 15:37 - 2015-05-13 18:31 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2015-07-08 15:32 - 2015-06-08 00:18 - 00360137 _____ C:\WINDOWS\WindowsUpdate_AU_deprecated.log
2015-07-08 12:18 - 2015-05-16 18:20 - 00000000 ____D C:\Users\Simon\Desktop\AUTRES
2015-07-08 10:43 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-08 09:56 - 2015-05-23 20:34 - 00820446 _____ C:\WINDOWS\system32\perfh00C.dat
2015-07-08 09:56 - 2015-05-23 20:34 - 00154090 _____ C:\WINDOWS\system32\perfc00C.dat
2015-07-08 09:56 - 2015-05-20 17:32 - 01838528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-08 09:51 - 2015-06-07 23:29 - 00057284 _____ C:\WINDOWS\PFRO.log
2015-07-07 19:23 - 2015-05-23 15:39 - 00051467 _____ C:\WINDOWS\setupact.log
2015-07-06 10:30 - 2015-05-23 15:38 - 01344528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-06 01:22 - 2015-05-21 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-06 01:19 - 2015-05-13 15:23 - 00000000 ____D C:\Users\Simon\.android
2015-07-06 00:53 - 2015-05-21 21:18 - 00000000 ____D C:\ProgramData\Oracle
2015-07-05 12:59 - 2015-05-20 23:22 - 00000000 ____D C:\Users\Simon\Desktop\COURS
2015-07-05 12:08 - 2015-05-21 21:01 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-05 01:02 - 2015-05-13 13:59 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-07-04 21:47 - 2015-05-20 23:18 - 00000000 ____D C:\Users\Simon\Desktop\PROGRA
2015-07-04 20:28 - 2015-06-07 23:34 - 00000000 ____D C:\Program Files\Intel
2015-07-04 20:16 - 2015-05-14 11:01 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-04 20:14 - 2015-05-14 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 22:13 - 2015-05-28 22:33 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2015-07-01 20:35 - 2015-05-20 15:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-01 20:08 - 2014-07-25 11:31 - 00000000 ____D C:\Program Files (x86)\Acer
2015-07-01 17:57 - 2015-05-12 19:04 - 00000000 ___RD C:\Users\Simon\OneDrive
2015-07-01 17:49 - 2015-05-12 19:14 - 00000000 ____D C:\Users\Public\OEM
2015-07-01 17:49 - 2015-05-12 18:59 - 00000000 ____D C:\Users\Simon\AppData\Local\clear.fi
2015-07-01 17:47 - 2014-07-25 11:32 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-07-01 17:46 - 2014-07-25 11:37 - 00000000 ____D C:\Program Files\Acer
2015-07-01 17:44 - 2015-05-12 18:56 - 00000000 ____D C:\Users\Simon\AppData\Local\Packages
2015-07-01 15:07 - 2015-05-23 14:33 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-30 19:32 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-26 12:20 - 2015-05-23 23:00 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Foxit Software
2015-06-26 12:15 - 2014-12-17 14:44 - 00000000 ____D C:\Users\Public\CyberLink
2015-06-26 12:14 - 2014-07-25 11:33 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-24 16:49 - 2015-05-23 20:38 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-24 15:40 - 2015-05-12 20:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Notepad++
2015-06-23 22:49 - 2015-05-16 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2015-06-23 22:29 - 2015-05-13 18:31 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-23 01:04 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-06-23 01:04 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-22 18:48 - 2015-05-23 15:08 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-22 18:48 - 2015-05-23 15:08 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 08:42 - 2015-05-14 10:56 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-05-14 10:56 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-05-14 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-14 23:07 - 2015-05-20 23:03 - 00000000 ____D C:\Users\Simon\AppData\Roaming\FileZilla
2015-06-14 22:33 - 2015-05-20 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla
2015-06-13 12:43 - 2015-05-12 18:56 - 00000000 ____D C:\Users\Simon\AppData\Local\VirtualStore
2015-06-10 19:10 - 2015-05-23 14:52 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-06-10 19:10 - 2015-05-23 14:52 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-06-10 19:10 - 2015-05-23 14:52 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-06-10 19:10 - 2015-05-23 14:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-06-10 19:10 - 2015-05-23 14:52 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-06-10 13:51 - 2015-06-08 21:16 - 00000000 __SHD C:\ProgramData\SIMON
2015-06-09 19:04 - 2015-05-23 15:06 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
==================== Files in the root of some directories =======
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Simon\AppData\Roaming\mIYcoTkwCmjAOB86q356q
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Simon\AppData\Roaming\v4BuuhJVTeNisB2
2015-06-07 23:37 - 2015-06-07 23:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Simon\ZHPCleaner.exe
Some files in TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\Simon\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\Simon\AppData\Local\Temp\CM.Launcher.Win.exe
C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtcw5y.dll
C:\Users\Simon\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Simon\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Simon\AppData\Local\Temp\Newtonsoft.Json.dll
C:\Users\Simon\AppData\Local\Temp\NLog.dll
C:\Users\Simon\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\Simon\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon\AppData\Local\Temp\Shuame_Uninst.exe
C:\Users\Simon\AppData\Local\Temp\sqlite3.dll
C:\Users\Simon\AppData\Local\Temp\System.Core.dll
C:\Users\Simon\AppData\Local\Temp\System.Xml.Linq.dll
C:\Users\Simon\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-22 18:45
==================== End of log ============================