OTL logfile created on: 4/26/2017 12:42:59 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hp\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.99 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.16% Memory free 5.98 Gb Paging File | 4.51 Gb Available in Paging File | 75.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 176.93 Gb Total Space | 84.91 Gb Free Space | 47.99% Space Free | Partition Type: NTFS Drive D: | 105.87 Gb Total Space | 8.81 Gb Free Space | 8.32% Space Free | Partition Type: NTFS Computer Name: HP-HP | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2017/04/19 00:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe PRC - [2017/04/17 16:13:30 | 028,344,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2017/04/12 14:45:20 | 000,017,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\TrueKey\McTkSchedulerService.exe PRC - [2017/04/12 14:44:52 | 000,997,272 | ---- | M] (McAfee, Inc.) -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe PRC - [2017/03/20 08:54:52 | 000,423,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe PRC - [2017/02/02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2016/05/23 03:42:35 | 000,369,488 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\Elex-tech\YAC\iSafeTray.exe PRC - [2016/05/23 03:37:15 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe PRC - [2016/05/23 03:37:15 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\Elex-tech\YAC\iSafeSvc.exe PRC - [2016/03/29 00:06:32 | 000,388,968 | ---- | M] (Digital Wave Ltd.) -- C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe PRC - [2015/11/05 02:46:52 | 000,144,008 | ---- | M] (© 2015 Microsoft Corporation) -- C:\Users\hp\AppData\Local\Microsoft\BingSvc\BingSvc.exe PRC - [2015/04/30 00:04:12 | 000,284,504 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2015/04/30 00:04:12 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2015/04/29 23:18:28 | 000,981,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2014/11/03 23:33:48 | 000,773,632 | ---- | M] () -- c:\ProgramData\Trusted Publisher\SW_Booster\SW_Booster.exe PRC - [2013/04/30 03:42:08 | 000,260,160 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/05/16 23:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) -- C:\Windows\System32\escsvc.exe PRC - [2012/04/09 00:00:00 | 001,318,056 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNABFSWK.EXE PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/10/15 00:00:00 | 000,226,784 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE PRC - [2010/10/15 00:00:00 | 000,181,696 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/28 00:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009/07/14 00:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/07/14 00:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe PRC - [2009/06/17 17:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/06/17 17:56:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2017/04/17 16:14:04 | 000,025,432 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd MOD - [2017/04/17 16:14:04 | 000,023,896 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd MOD - [2017/04/17 16:14:02 | 000,054,608 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd MOD - [2017/04/17 16:14:02 | 000,026,456 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd MOD - [2017/04/17 16:14:02 | 000,022,872 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd MOD - [2017/04/17 16:14:00 | 000,026,456 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd MOD - [2017/04/17 16:14:00 | 000,022,864 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd MOD - [2017/04/17 16:14:00 | 000,021,848 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd MOD - [2017/04/17 16:13:58 | 000,030,536 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd MOD - [2017/04/17 16:13:58 | 000,022,872 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd MOD - [2017/04/17 16:13:58 | 000,022,864 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd MOD - [2017/04/17 16:13:56 | 000,392,512 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd MOD - [2017/04/17 16:13:54 | 000,019,776 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd MOD - [2017/04/17 16:13:48 | 003,928,896 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd MOD - [2017/04/17 16:13:48 | 000,224,064 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd MOD - [2017/04/17 16:13:48 | 000,171,336 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd MOD - [2017/04/17 16:13:48 | 000,133,432 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd MOD - [2017/04/17 16:13:46 | 000,546,104 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd MOD - [2017/04/17 16:13:46 | 000,357,688 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd MOD - [2017/04/17 16:13:46 | 000,207,680 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd MOD - [2017/04/17 16:13:46 | 000,042,816 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd MOD - [2017/04/17 16:13:44 | 001,972,024 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd MOD - [2017/04/17 16:13:44 | 001,826,104 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd MOD - [2017/04/17 16:13:44 | 000,531,264 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd MOD - [2017/04/17 16:13:42 | 000,060,736 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd MOD - [2017/04/17 16:13:42 | 000,025,936 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd MOD - [2017/04/17 16:13:40 | 000,084,288 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL MOD - [2017/04/17 16:13:40 | 000,038,712 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\fastpath.pyd MOD - [2017/04/17 16:13:38 | 000,027,488 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd MOD - [2017/04/17 16:13:38 | 000,020,816 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd MOD - [2017/04/17 16:13:36 | 001,729,360 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd MOD - [2017/04/17 16:13:36 | 000,246,608 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd MOD - [2017/04/17 16:13:36 | 000,022,336 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd MOD - [2017/04/17 16:13:36 | 000,020,824 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd MOD - [2017/04/17 16:09:48 | 000,870,720 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll MOD - [2017/03/29 01:02:44 | 000,697,304 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll MOD - [2017/03/29 01:00:28 | 001,631,184 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\libGLESv2.dll MOD - [2017/03/29 01:00:28 | 000,017,864 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\libEGL.dll MOD - [2017/03/29 00:56:46 | 000,349,128 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\winxpgui.pyd MOD - [2017/03/29 00:56:46 | 000,116,176 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32security.pyd MOD - [2017/03/29 00:56:46 | 000,048,592 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32service.pyd MOD - [2017/03/29 00:56:46 | 000,028,616 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32ts.pyd MOD - [2017/03/29 00:56:44 | 000,060,880 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32print.pyd MOD - [2017/03/29 00:56:44 | 000,043,472 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32process.pyd MOD - [2017/03/29 00:56:44 | 000,030,160 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32pipe.pyd MOD - [2017/03/29 00:56:44 | 000,024,016 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32profile.pyd MOD - [2017/03/29 00:56:42 | 000,175,560 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32gui.pyd MOD - [2017/03/29 00:56:42 | 000,124,880 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32file.pyd MOD - [2017/03/29 00:56:42 | 000,057,808 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32evtlog.pyd MOD - [2017/03/29 00:56:42 | 000,024,528 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32event.pyd MOD - [2017/03/29 00:56:40 | 000,105,928 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32api.pyd MOD - [2017/03/29 00:56:40 | 000,024,016 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\win32clipboard.pyd MOD - [2017/03/29 00:56:40 | 000,020,936 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\mmapfile.pyd MOD - [2017/03/29 00:55:32 | 000,241,104 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\_jpegtran.pyd MOD - [2017/03/29 00:54:54 | 000,123,856 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd MOD - [2017/03/29 00:54:52 | 000,083,912 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\sip.pyd MOD - [2017/03/29 00:54:52 | 000,019,408 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\faulthandler.pyd MOD - [2017/03/29 00:54:10 | 000,035,792 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd MOD - [2017/03/29 00:54:08 | 000,694,224 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\unicodedata.pyd MOD - [2017/03/29 00:54:08 | 000,100,296 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\_ctypes.pyd MOD - [2017/03/29 00:54:08 | 000,018,888 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\select.pyd MOD - [2017/03/29 00:54:06 | 000,145,864 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\pyexpat.pyd MOD - [2017/03/29 00:54:04 | 000,116,688 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\pywintypes27.dll MOD - [2017/03/29 00:54:02 | 000,392,656 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\pythoncom27.dll MOD - [2017/03/29 00:52:12 | 000,036,296 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\librsync.dll MOD - [2016/05/23 03:37:19 | 000,065,696 | ---- | M] () -- C:\Program Files\Elex-tech\YAC\zlib1.dll MOD - [2016/05/23 03:37:15 | 000,179,200 | ---- | M] () -- C:\Program Files\Elex-tech\YAC\libpng.dll MOD - [2013/10/09 12:44:43 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll MOD - [2013/10/09 12:44:00 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll MOD - [2013/10/09 12:43:38 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll MOD - [2013/10/09 12:42:57 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll MOD - [2013/10/09 12:42:43 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll MOD - [2013/09/11 15:38:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll MOD - [2013/08/18 20:56:11 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll MOD - [2013/08/18 20:55:05 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013/08/18 20:54:37 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f2e5378561f764edc55f1de44264019b\System.Xml.ni.dll MOD - [2013/08/18 20:54:29 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013/07/10 13:35:51 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll MOD - [2013/07/10 13:33:45 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll MOD - [2013/07/10 13:32:19 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2010/11/13 01:58:32 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:58:09 | 000,385,024 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/01/16 22:56:23 | 000,245,760 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/16 22:56:23 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2010/01/16 22:39:12 | 000,116,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009/07/16 02:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2009/07/16 02:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2009/07/16 02:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2009/07/16 02:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2009/07/16 02:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2009/07/16 02:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2009/07/16 02:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2009/07/16 02:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/06/17 20:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/06/17 20:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/06/17 20:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService) SRV - File not found [Auto | Stopped] -- C:\Users\hp\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2017/04/12 14:57:48 | 000,073,880 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper) SRV - [2017/04/12 14:45:20 | 000,017,208 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler) SRV - [2017/04/12 14:44:52 | 000,997,272 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey) SRV - [2017/03/20 08:54:42 | 000,321,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe -- (McComponentHostService) SRV - [2017/02/22 09:29:02 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2017/02/02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2016/12/09 18:04:52 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2016/11/08 21:49:40 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016/05/23 03:37:15 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Running] -- C:\Program Files\Elex-tech\YAC\iSafeSvc.exe -- (iSafeService) SRV - [2016/03/29 00:06:32 | 000,388,968 | ---- | M] (Digital Wave Ltd.) [Auto | Running] -- C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe -- (DigitalWave.Update.Service) SRV - [2015/04/30 00:04:12 | 000,284,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2015/04/30 00:04:12 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013/11/26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/16 23:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\System32\escsvc.exe -- (EpsonScanSvc) SRV - [2012/01/27 18:10:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 00:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV) SRV - [2009/06/17 17:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV - [2016/05/23 03:41:44 | 000,227,776 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys -- (iSafeKrnl) DRV - [2016/05/23 03:41:44 | 000,097,912 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys -- (iSafeKrnlKit) DRV - [2016/05/23 03:41:44 | 000,050,280 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys -- (iSafeKrnlBoot) DRV - [2016/05/23 03:41:43 | 000,045,032 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys -- (iSafeKrnlMon) DRV - [2016/05/23 03:41:16 | 000,073,232 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys -- (iSafeKrnlR3) DRV - [2016/05/19 07:42:01 | 000,059,152 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Windows\System32\drivers\iSafeNetFilter.sys -- (iSafeNetFilter) DRV - [2015/03/04 18:34:52 | 000,095,408 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/10/24 00:52:30 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009/07/27 16:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/20 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 00:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009/07/02 10:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/04/20 18:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/08/29 16:54:40 | 000,103,552 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (cmusbser) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410281048&from=epom3&uid=WDCXWD3200BEKT-60V5T1_WD-WXH1A10P2106P2106&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410281048&from=epom3&uid=WDCXWD3200BEKT-60V5T1_WD-WXH1A10P2106P2106&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites) IE - HKLM\..\SearchScopes,DefaultScope = {ielnksrch} IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71caea8&query={searchTerms}&cat=webs&bar=true IE - HKLM\..\SearchScopes\{1BA281F0-7349-4A8C-85A9-947ECBC99703}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsurf.com/web/?type=ds&ts=1410281048&from=epom3&uid=WDCXWD3200BEKT-60V5T1_WD-WXH1A10P2106P2106&q={searchTerms} IE - HKLM\..\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}: "URL" = http://www.v9.com/web?type=ds&ts=1445883069&from=zzgbkk123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=c627299619e0403750958e5g7z9z2wbbfbeccedq8b&q={searchTerms} IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\ielnksrch: "URL" = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduPOKYv8ivP8PxvuFtjEzbHMArcWKpYHy4gawIgzuXO_dGmjM1Qofs8BONAgfTGKQiKgIHSXAQBX_-OR3t2-RWVGXPKAgRSbFSIdjRRE0dQVxyHOAx5C3Ea9S1Vb8aJb2xf3HquJ4B70JHp0a&q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {425ED333-6083-428a-92C9-0CFC28B9D1BF} IE - HKU\.DEFAULT\..\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {425ED333-6083-428a-92C9-0CFC28B9D1BF} IE - HKU\S-1-5-18\..\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410281048&from=epom3&uid=WDCXWD3200BEKT-60V5T1_WD-WXH1A10P2106P2106&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduPOKYv8ivP8PxvuFtjEzbHMArcWKpYHy4gawIgzuXO_dGmjM1Qofs8BONAgfTGKQiKgIHSXAQBX_-OR3t2-RWVGXPKAgRSbFSIdjRRE0dQVxyHOAx5C3Ea9S1Vb8aJb2xf3HquJ4B70JHp0a&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduPOKYv8ivP8PxvuFtjEzbHMArcWKpYHy4gawIgzuXO_dGmjM1Qofs8BONAgfTGKQiKgIHSXAQBX_-OR3t2-RWVGXPKAgRSbFSIdjRRE0dQVxyHOAx5C3Ea9S1Vb8aJb2xf3HquJ4B70JHp0a&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com?type=hp&ts=1435588941&from=mych123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=e46fc2dc1954b6179b7873dg0z7c6w3w5b4bftcz7g IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduPOKYv8ivP8PxvuFtjEzbHMArcWKpYHy4gawIgzuXO_dGmjM1Qofs8BONAgfTGKQiKgIHSXAQBX_-OR3t2-RWVGXPKAgRSbFSIdjRRE0dQVxyHOAx5C3Ea9S1Vb8aJb2xf3HquJ4B70JHp0a&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?source=6987e315b363f4b09672a1cda71caea8&query={searchTerms}&cat=webs&bar=true IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes,DefaultScope = {425ED333-6083-428a-92C9-0CFC28B9D1BF} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{1BA281F0-7349-4A8C-85A9-947ECBC99703}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{2F68D71F-FC1E-4DA5-8A91-150DA0AFD13F}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}: "URL" = http://www.v9.com/web?type=ds&ts=1445883069&from=zzgbkk123&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=c627299619e0403750958e5g7z9z2wbbfbeccedq8b&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{A4658BC6-BF65-4D7D-9D8F-669F8871F02C}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{E0C6DF0E-E151-4F57-928B-3CB0CE5F3E12}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\{ielnksrch}: "URL" = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduPOKYv8ivP8PxvuFtjEzbHMArcWKpYHy4gawIgzuXO_dGmjM1Qofs8BONAgfTGKQiKgIHSXAQBX_-OR3t2-RWVGXPKAgRSbFSIdjRRE0dQVxyHOAx5C3Ea9S1Vb8aJb2xf3HquJ4B70JHp0a&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\SearchScopes\88F906086D554B538C5E92027AA67C1E: "URL" = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} IE - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "DZ" FF - prefs.js..browser.search.defaultenginename: "nice" FF - prefs.js..browser.search.order.1: "nice" FF - prefs.js..browser.search.region: "DZ" FF - prefs.js..browser.search.searchengine.alias: "" FF - prefs.js..browser.search.searchengine.iconURL: "http://www.nicesearches.com/favicon.ico?t=1" FF - prefs.js..browser.search.searchengine.name: "nice" FF - prefs.js..browser.search.searchengine.ref: "" FF - prefs.js..browser.search.searchengine.searchengine.uid: "[xpconnect wrapped nsIUUIDGenerator]" FF - prefs.js..browser.search.searchengine.ts: "1478017518" FF - prefs.js..browser.search.searchengine.type: "" FF - prefs.js..browser.search.searchengine.uid: "wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106" FF - prefs.js..browser.search.searchengine.url: "http://www.nicesearches.com/search.php?type=ds&ts=1478017518&from=d1580002&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=6c12ce2d77c834c6057a06eg9zbmcb3e9gfm5wcg6w&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "nice" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.nicesearches.com?type=hp&ts=1459161194&from=10637238&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=65afadd71fec34cc9e44b7egezbw2t6g9q3gbg9t0g" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.0.2 FF - user.js..browser.search.defaultenginename: "nice" FF - user.js..browser.search.order.1: "nice" FF - user.js..browser.search.searchengine.alias: "" FF - user.js..browser.search.searchengine.iconURL: "http://www.nicesearches.com/favicon.ico?t=1" FF - user.js..browser.search.searchengine.name: "nice" FF - user.js..browser.search.searchengine.ref: "" FF - user.js..browser.search.searchengine.ts: "1478017518" FF - user.js..browser.search.searchengine.type: "" FF - user.js..browser.search.searchengine.uid: "wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106" FF - user.js..browser.search.searchengine.url: "http://www.nicesearches.com/search.php?type=ds&ts=1478017518&from=d1580002&uid=wdcxwd3200bekt-60v5t1_wd-wxh1a10p2106p2106&z=6c12ce2d77c834c6057a06eg9zbmcb3e9gfm5wcg6w&q={searchTerms}" FF - user.js..browser.search.selectedEngine: "nice" FF - user.js..browser.search.useDBForOrder: true FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\hp\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG) FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\hp\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\hp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quick_searchff@gmail.com: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\07jek214.default\extensions\quick_searchff@gmail.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\sweetsearch@gmail.com: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\07jek214.default\extensions\sweetsearch@gmail.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\arthurj8283@gmail.com: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\07jek214.default\extensions\arthurj8283@gmail.com [2016/11/01 17:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\freegames4357@BestOffers: C:\Users\hp\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014/02/02 00:24:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: removed FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/02 00:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions [2014/02/02 00:24:49 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions\freegames4357@BestOffers [2013/06/24 15:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\extensions [2013/06/24 15:05:00 | 000,000,000 | ---D | M] (01NET.com Main) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\extensions\{f531b93a-b50b-4ff1-8288-404c881ac4da} [2013/11/27 18:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2014/02/23 18:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2013/10/08 01:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins [2016/11/01 17:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions [2016/08/16 20:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\1471375589_xpi [2015/03/24 21:53:56 | 000,000,000 | ---D | M] (DigiCoupon) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\1Wv@kAye6q9.edu [2016/11/01 17:25:35 | 000,000,000 | ---D | M] (xRocket Toolbar) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\arthurj8283@gmail.com [2015/03/24 21:53:56 | 000,000,000 | ---D | M] (FUn2Save) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\ayNyU@c.com [2015/03/24 21:53:56 | 000,000,000 | ---D | M] ("Bing Search Engine") -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\bingsearch.full@microsoft.com [2015/10/20 19:47:50 | 000,000,000 | ---D | M] ("Default NewTab") -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\default_newtabff@gmail.com [2014/12/23 18:15:57 | 000,000,000 | ---D | M] ("Security Protection") -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\detgdp@gmail.com [2015/03/24 21:53:56 | 000,000,000 | ---D | M] (JOniCoUopoon) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\E@9Zu3f4Qmif.com [2015/03/24 21:53:56 | 000,000,000 | ---D | M] (NetoCoupon) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\EBg@DXZOplyn.net [2014/11/25 17:01:02 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\faststartff@gmail.com [2014/12/23 18:15:57 | 000,000,000 | ---D | M] (BestSaveForYou) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\G@yIU.org [2015/03/24 21:53:56 | 000,000,000 | ---D | M] (JooniCoupon) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\ncWAS@p.com [2015/03/24 21:53:56 | 000,000,000 | ---D | M] (DigiSaver) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\07jek214.default\extensions\qKx69C@gueg.org [2014/01/24 19:10:20 | 000,000,000 | ---D | M] (WeatherBlink) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\gcffxtbr@WeatherBlink.com [2016/05/23 23:34:25 | 000,014,651 | ---- | M] () (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\extensions\bingsearch.full@microsoft.com.xpi [2016/09/07 21:48:49 | 000,023,373 | ---- | M] () (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\extensions\firefox-hotfix@mozilla.org.xpi [2015/12/03 20:40:39 | 000,123,183 | ---- | M] () (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\extensions\yahooprotected@gmail.com.xpi [2012/07/31 12:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi [2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2014/01/30 19:23:36 | 000,490,422 | ---- | M] () (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2015/12/03 20:40:59 | 000,002,195 | ---- | M] () -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\searchplugins\delta-homes.xml [2016/11/01 17:25:32 | 000,000,765 | ---- | M] () -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\searchplugins\nice.xml [2015/03/02 20:07:19 | 000,002,383 | ---- | M] () -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\searchplugins\V9.xml [2015/12/19 20:29:35 | 000,005,800 | ---- | M] () -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\07jek214.default\searchplugins\webssearches.xml [2016/12/09 18:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\balimbofoedmklhpnchbgmlfipgpbjnl\1.1.2_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion\0.0.0.8_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eigpnaophaaomlabafjmpedmaapogobf\1.4_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakpajgggjjcjmidfbnnncnbaihjneaj\10.31.4.510_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakpajgggjjcjmidfbnnncnbaihjneaj\10.31.4.510_0\nativeMessaging\nmHost CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl\4.0.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidkebcigjgheaahopdnlfaohgnocfai\1.0.12_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\9.0.0.7200_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\ O1 HOSTS File: ([2017/04/05 20:31:00 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 0.0.0.1 mssplus.mcafee.com O2 - BHO: (True Key Helper) - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (LuckyTab Class) - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files\MiuiTab\SupTab.dll File not found O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (True Key) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll (Intel Security) O3 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\Toolbar\WebBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found. O3 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Chedot] C:\Users\hp\AppData\Local\Chedot\Application\chedot.exe File not found O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE File not found O4 - HKLM..\Run: [HSPALauncher] C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001..\Run: [BingSvc] C:\Users\hp\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation) O4 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001..\Run: [Delta Toolbar] C:\Users\hp\AppData\Local\\delta\\delta\\2.2.0.0\delta.exe () O4 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001..\Run: [Dropbox Update] C:\Users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) O4 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001..\Run: [Facebook Update] C:\Users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001..\Run: [NextLive] C:\Users\hp\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G-Recorder.lnk = C:\Program Files\G-Recorder\G-Recorder.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKU\S-1-5-21-3264120472-1325676752-3238478876-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Télécharger avec BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Tout télécharger avec BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarSites) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{606A8795-363F-48A4-9261-96ED6F4508E4}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\ProgramData\AppnormanetouQ\Reotlab.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0173808c-400a-11e3-b574-002713a2ed96}\Shell - "" = AutoRun O33 - MountPoints2\{0173808c-400a-11e3-b574-002713a2ed96}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{017380ca-400a-11e3-b574-002713a2ed96}\Shell - "" = AutoRun O33 - MountPoints2\{017380ca-400a-11e3-b574-002713a2ed96}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{01738108-400a-11e3-b574-002713a2ed96}\Shell - "" = AutoRun O33 - MountPoints2\{01738108-400a-11e3-b574-002713a2ed96}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{049e9830-1c61-11e2-8131-002713a2ed96}\Shell - "" = AutoRun O33 - MountPoints2\{049e9830-1c61-11e2-8131-002713a2ed96}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{049e987b-1c61-11e2-8131-002713a2ed96}\Shell - "" = AutoRun O33 - MountPoints2\{049e987b-1c61-11e2-8131-002713a2ed96}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{b79377e8-6e77-11e1-90cd-002713a2ed96}\Shell - "" = AutoRun O33 - MountPoints2\{b79377e8-6e77-11e1-90cd-002713a2ed96}\Shell\AutoRun\command - "" = E:\EMP_UDSe.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2017/04/25 19:59:51 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\PHOTO [2017/04/23 22:49:51 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2017/04/19 19:49:58 | 000,000,000 | -HSD | C] -- C:\found.008 [2017/04/19 00:42:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2017/04/13 13:44:18 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\fichier bureau [2017/04/06 23:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2017/04/06 23:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2017/04/06 23:05:57 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2017/04/06 22:49:26 | 001,631,704 | ---- | C] (Skype Technologies S.A.) -- C:\Users\hp\Desktop\SkypeSetup.exe [2017/04/05 20:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2017/04/04 15:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueKey [2017/04/04 15:51:14 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\tkdata [2017/04/04 15:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Security [2017/04/04 15:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2017/04/04 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV [2017/04/04 15:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2017/04/04 15:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2017/04/04 15:33:59 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\CEF [2017/04/04 15:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\TrueKey [4 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ] [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [3 C:\Users\hp\Documents\*.tmp files -> C:\Users\hp\Documents\*.tmp -> ] [2 C:\Users\hp\AppData\Roaming\*.tmp files -> C:\Users\hp\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2017/04/25 23:07:22 | 000,019,760 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2017/04/25 23:07:22 | 000,019,760 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2017/04/25 22:58:49 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2017/04/25 22:58:46 | 000,000,474 | -H-- | M] () -- C:\windows\tasks\SW_Booster-S-2982133423.job [2017/04/25 22:58:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2017/04/25 22:57:35 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys [2017/04/25 19:57:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\True Key.lnk [2017/04/25 19:55:50 | 007,500,884 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2017/04/25 19:55:50 | 002,734,352 | ---- | M] () -- C:\windows\System32\perfh009.dat [2017/04/25 19:55:50 | 002,423,378 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2017/04/25 19:55:50 | 002,109,784 | ---- | M] () -- C:\windows\System32\perfc009.dat [2017/04/23 23:17:53 | 002,597,927 | ---- | M] () -- C:\Users\hp\Desktop\compositions 5 ap.rar [2017/04/23 22:50:25 | 000,001,123 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017/04/23 19:36:17 | 000,013,287 | ---- | M] () -- C:\Users\hp\Desktop\téléchargement.jpg [2017/04/22 20:01:40 | 000,037,624 | ---- | M] () -- C:\Users\hp\Desktop\17952971_288198584957109_3207923030950137197_n.jpg [2017/04/19 00:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe [2017/04/17 22:45:10 | 008,289,707 | ---- | M] () -- C:\Users\hp\Desktop\video-1492455863.mp4 [2017/04/17 22:16:40 | 000,000,996 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2017/04/17 22:01:49 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017/04/15 15:08:54 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2017/04/07 23:06:55 | 000,430,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2017/04/06 23:06:00 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2017/04/06 22:49:33 | 001,631,704 | ---- | M] (Skype Technologies S.A.) -- C:\Users\hp\Desktop\SkypeSetup.exe [2017/04/05 20:30:59 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2017/04/05 20:30:59 | 000,002,005 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017/04/04 15:29:07 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [4 C:\Users\hp\Desktop\*.tmp files -> C:\Users\hp\Desktop\*.tmp -> ] [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [3 C:\Users\hp\Documents\*.tmp files -> C:\Users\hp\Documents\*.tmp -> ] [2 C:\Users\hp\AppData\Roaming\*.tmp files -> C:\Users\hp\AppData\Roaming\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2017/04/23 23:17:38 | 002,597,927 | ---- | C] () -- C:\Users\hp\Desktop\compositions 5 ap.rar [2017/04/23 19:36:12 | 000,013,287 | ---- | C] () -- C:\Users\hp\Desktop\téléchargement.jpg [2017/04/22 20:01:38 | 000,037,624 | ---- | C] () -- C:\Users\hp\Desktop\17952971_288198584957109_3207923030950137197_n.jpg [2017/04/17 22:44:35 | 008,289,707 | ---- | C] () -- C:\Users\hp\Desktop\video-1492455863.mp4 [2017/04/15 15:08:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [2017/04/15 15:08:54 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2017/04/06 23:06:00 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2017/04/04 15:51:15 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk [2017/04/04 15:51:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\True Key.lnk [2017/04/04 15:31:13 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2017/04/04 15:29:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [2017/04/04 15:29:07 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2016/03/29 09:52:35 | 000,402,905 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Lamcom.bin [2016/03/29 09:52:26 | 000,126,464 | ---- | C] () -- C:\Users\hp\AppData\Roaming\noah.dat [2016/03/29 09:52:26 | 000,065,232 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Config.xml [2016/03/29 09:52:26 | 000,018,432 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Main.dat [2016/03/29 09:52:26 | 000,005,568 | ---- | C] () -- C:\Users\hp\AppData\Roaming\md.xml [2016/03/29 09:52:25 | 006,493,696 | ---- | C] () -- C:\Users\hp\AppData\Roaming\agent.dat [2016/03/29 09:52:25 | 001,621,055 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Donkix.tst [2016/03/29 09:51:31 | 000,154,044 | ---- | C] () -- C:\Users\hp\AppData\Roaming\inst.lat [2016/03/29 09:51:30 | 000,127,488 | ---- | C] () -- C:\Users\hp\AppData\Roaming\Installer.dat [2016/03/29 09:51:30 | 000,014,208 | ---- | C] () -- C:\Users\hp\AppData\Roaming\InstallationConfiguration.xml [2015/02/01 21:19:35 | 000,000,020 | ---- | C] () -- C:\Users\hp\AppData\Roaming\appdataFr3.bin [2014/10/18 23:34:02 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/10/17 22:07:44 | 000,003,584 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/08/28 19:27:34 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\{17595307-E8A6-4BAC-AB7E-686920D19500} [2014/08/19 22:43:04 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\{F4B257BB-5C78-4231-83A3-6FA7FA33193C} [2014/01/22 21:07:13 | 004,105,728 | ---- | C] () -- C:\Program Files\GS.Enabler [2013/08/19 15:40:36 | 000,000,290 | RHS- | C] () -- C:\Users\hp\ntuser.pol [2013/04/06 18:18:18 | 000,114,176 | ---- | C] () -- C:\Users\hp\AppData\Roaming\BabMaint.exe [2012/08/27 14:02:46 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/01/27 17:08:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012/01/27 16:12:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Files - Unicode (All) ==========[/color] [2016/09/15 17:57:28 | 001,002,691 | ---- | M] ()(C:\Users\hp\Documents\??????_?????_????????_?.??????_.rar) -- C:\Users\hp\Documents\بطاقات_تشجيع_للتلاميذ_ل.فرنسية_.rar [2016/09/15 17:57:00 | 001,002,691 | ---- | C] ()(C:\Users\hp\Documents\??????_?????_????????_?.??????_.rar) -- C:\Users\hp\Documents\بطاقات_تشجيع_للتلاميذ_ل.فرنسية_.rar [2015/11/08 18:48:46 | 001,360,306 | ---- | M] ()(C:\Users\hp\Documents\?????? ??????.pdf) -- C:\Users\hp\Documents\مسافات الحروف.pdf [2015/11/08 18:48:42 | 001,360,306 | ---- | C] ()(C:\Users\hp\Documents\?????? ??????.pdf) -- C:\Users\hp\Documents\مسافات الحروف.pdf [2015/11/07 15:46:28 | 001,740,111 | ---- | M] ()(C:\Users\hp\Documents\?????? ????? ????? ???????.rar) -- C:\Users\hp\Documents\مذكرات شاملة للسنة الخامسة.rar [2015/11/07 15:46:23 | 001,740,111 | ---- | C] ()(C:\Users\hp\Documents\?????? ????? ????? ???????.rar) -- C:\Users\hp\Documents\مذكرات شاملة للسنة الخامسة.rar [2015/11/07 15:25:20 | 002,494,293 | ---- | M] ()(C:\Users\hp\Documents\?????? ??? ????? ???????.rar) -- C:\Users\hp\Documents\مذكرات سنة خامسة ابتدائي.rar [2015/11/07 15:23:49 | 002,494,293 | ---- | C] ()(C:\Users\hp\Documents\?????? ??? ????? ???????.rar) -- C:\Users\hp\Documents\مذكرات سنة خامسة ابتدائي.rar [2015/11/07 15:07:34 | 001,460,207 | ---- | M] ()(C:\Users\hp\Documents\????_??????_?????_???????_???????.rar) -- C:\Users\hp\Documents\جميع_مذكرات_السنة_الخامسة_ابتدائي.rar [2015/11/07 15:06:57 | 001,460,207 | ---- | C] ()(C:\Users\hp\Documents\????_??????_?????_???????_???????.rar) -- C:\Users\hp\Documents\جميع_مذكرات_السنة_الخامسة_ابتدائي.rar [2015/04/30 18:31:29 | 000,000,162 | -H-- | M] ()(C:\Users\hp\Documents\~$??????????????????????.docx) -- C:\Users\hp\Documents\~$ـــــــــــــــــــيرة.docx [2015/04/30 18:31:29 | 000,000,162 | -H-- | C] ()(C:\Users\hp\Documents\~$??????????????????????.docx) -- C:\Users\hp\Documents\~$ـــــــــــــــــــيرة.docx [2013/11/17 19:08:34 | 000,000,162 | -H-- | M] ()(C:\Users\hp\Desktop\~$?????????? ???????????????????.docx) -- C:\Users\hp\Desktop\~$ســـيـــرة الـــــذاتـــيــــة.docx [2013/11/17 19:08:34 | 000,000,162 | -H-- | C] ()(C:\Users\hp\Desktop\~$?????????? ???????????????????.docx) -- C:\Users\hp\Desktop\~$ســـيـــرة الـــــذاتـــيــــة.docx < End of report >