OTL logfile created on: 14/01/2018 23:27:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hp\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17843) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,88 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 76,58% Memory free 4,88 Gb Paging File | 3,98 Gb Available in Paging File | 81,47% Paging File free Paging file location(s): c:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 35,00 Gb Free Space | 23,89% Space Free | Partition Type: NTFS Drive D: | 151,60 Gb Total Space | 140,37 Gb Free Space | 92,59% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2018/01/14 23:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Downloads\OTL.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2017/11/04 12:42:39 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2016/05/24 09:19:52 | 000,193,696 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Security\eshasrv.exe -- (eshasrv) SRV:[b]64bit:[/b] - [2016/05/24 09:18:12 | 000,051,872 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Security\ehttpsrv.exe -- (EHttpSrv) SRV:[b]64bit:[/b] - [2016/05/24 09:14:22 | 001,648,224 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2014/09/26 15:26:22 | 000,318,568 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0) SRV:[b]64bit:[/b] - [2014/01/19 22:04:46 | 000,340,480 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2017/09/27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/09/26 15:26:22 | 000,280,680 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2017/08/26 21:07:46 | 000,572,504 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2016/05/23 10:08:14 | 000,264,864 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2016/05/23 10:08:14 | 000,215,720 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2016/05/23 10:08:14 | 000,196,768 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2016/05/23 10:08:14 | 000,084,640 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2016/05/23 10:08:14 | 000,061,096 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:[b]64bit:[/b] - [2014/09/26 15:26:18 | 003,826,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2014/09/26 15:26:12 | 000,454,416 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2014/07/21 08:44:06 | 000,495,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:[b]64bit:[/b] - [2014/07/16 17:15:52 | 007,765,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2014/04/24 15:34:12 | 000,633,704 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2014/04/24 15:34:12 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:[b]64bit:[/b] - [2014/01/19 22:04:46 | 000,551,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2013/12/10 13:15:46 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2013/10/02 01:05:40 | 000,172,760 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:[b]64bit:[/b] - [2013/08/29 02:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2013/04/26 08:40:22 | 000,176,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2012/11/20 11:14:40 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2012/04/15 22:32:14 | 001,071,032 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM) DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008/07/31 09:32:24 | 000,058,880 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2013/11/21 09:22:08 | 000,115,448 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/01/25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Users\hp\Desktop\Selfishnet win 7\npf.sys -- (NPF) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp IE - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 5F 1A 54 DA 53 D3 01 [binary data] IE - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaffdpaiepancalmjdliimagfomfklk\1.0.0.3011_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlkcjfhiofedjdnbagmjhmkemmnnggg\13.321.12.18577_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1042632735-1191582378-356171645-1000..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\wcmmon.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1042632735-1191582378-356171645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15:[b]64bit:[/b] - ..Trusted Domains: eset.com ([help] http in Trusted sites) O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4AE9EA2-9833-4B64-91F0-181B4F202E1E}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{255e7f96-d8cb-11e7-adb5-f4b7e294ea92}\Shell - "" = AutoRun O33 - MountPoints2\{255e7f96-d8cb-11e7-adb5-f4b7e294ea92}\Shell\AutoRun\command - "" = F:\Lenovo_Suite.exe O33 - MountPoints2\{6424a998-e94c-11e7-a859-f4b7e2fbd548}\Shell - "" = AutoRun O33 - MountPoints2\{6424a998-e94c-11e7-a859-f4b7e2fbd548}\Shell\AutoRun\command - "" = F:\Lenovo_Suite.exe O33 - MountPoints2\{9a86d1e9-d1b2-11e7-b002-f4b7e294ea92}\Shell - "" = AutoRun O33 - MountPoints2\{9a86d1e9-d1b2-11e7-b002-f4b7e294ea92}\Shell\AutoRun\command - "" = F:\Lenovo_Suite.exe O33 - MountPoints2\{f3c14f82-dcab-11e7-9537-f4b7e294ea92}\Shell - "" = AutoRun O33 - MountPoints2\{f3c14f82-dcab-11e7-9537-f4b7e294ea92}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2018/01/14 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\hp\WPDNSE [2018/01/14 23:12:07 | 000,000,000 | ---D | C] -- C:\cygwin64 [2018/01/14 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\hp\msdt [2018/01/14 20:26:54 | 000,000,000 | -HSD | C] -- C:\Users\hp\eset.temp [2018/01/14 08:54:32 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\system.ext4 [2018/01/13 13:02:26 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\VirtualStore [2018/01/13 05:02:07 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\MigWiz [2018/01/12 20:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo [2018/01/12 14:31:19 | 000,000,000 | ---D | C] -- C:\Users\hp\OIS [2018/01/12 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\MTK-TWRP [2018/01/12 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\hp\TWRP [2018/01/12 09:08:31 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2018/01/12 09:08:31 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2018/01/12 09:03:51 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2018/01/12 09:02:22 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2018/01/12 09:02:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2018/01/12 08:59:38 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2018/01/11 22:17:16 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\Selfishnet win 7 [2018/01/11 22:15:11 | 063,666,752 | ---- | C] (Oracle Corporation) -- C:\Users\hp\Desktop\jre-8u151-windows-i586.exe [2018/01/11 14:42:58 | 000,000,000 | ---D | C] -- C:\Nouveau dossier [2018/01/11 00:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2018/01/11 00:52:31 | 000,000,000 | ---D | C] -- C:\Users\hp\msdtadmin [2018/01/11 00:22:49 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Users\hp\Desktop\calc.exe [2018/01/11 00:00:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2018/01/11 00:00:10 | 126,925,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe [2018/01/10 21:00:20 | 000,000,000 | ---D | C] -- C:\Users\hp\acrord32_sbx [2018/01/10 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\hp\Low [2018/01/10 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\IDT [2018/01/09 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Notepad++ [2018/01/09 20:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2018/01/09 20:30:32 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Notepad++ [2018/01/09 20:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2018/01/09 13:21:37 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\lala [2018/01/08 22:51:25 | 000,000,000 | ---D | C] -- C:\SWTOOLS [2018/01/08 20:09:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2018/01/08 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\BlueStacks [2018/01/07 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2018/01/07 14:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2018/01/07 13:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2018/01/07 11:37:46 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\pgn [2018/01/07 10:45:22 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\clockworkmod [2018/01/04 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\My Music [2017/12/31 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\CEF [2017/12/31 19:10:49 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Macromedia [2017/12/31 19:10:49 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Macromedia [2017/12/31 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Mozilla [2017/12/31 17:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2017/12/31 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\bac [2017/12/31 11:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive [2017/12/31 11:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos Interactive [2017/12/21 19:12:31 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Freedom Fighters [2017/12/21 19:10:20 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freedom Fighters [2017/12/21 19:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom Fighters [2017/12/21 19:08:04 | 000,000,000 | ---D | C] -- C:\Games [2017/12/21 18:57:11 | 000,000,000 | R--D | C] -- C:\Users\hp\Desktop\gta [2017/12/21 18:56:02 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\GTA San Andreas User Files [2017/12/21 18:54:32 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\freedom fighters [2017/12/21 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\pictures [2017/12/16 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Lenovo [2017/12/16 15:29:22 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2017/12/16 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2018/01/14 23:28:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2018/01/14 23:20:07 | 000,000,000 | -H-- | M] () -- C:\Users\hp\etilqs_Mza0ozixJmXMD1V [2018/01/14 23:19:08 | 000,000,000 | -H-- | M] () -- C:\Users\hp\etilqs_XanlPD9oSV61vVd [2018/01/14 23:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2018/01/14 22:32:10 | 000,257,928 | ---- | M] () -- C:\Users\hp\ArmUI.ini [2018/01/14 22:30:25 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2018/01/14 22:30:25 | 000,031,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2018/01/14 18:22:56 | 000,938,003 | ---- | M] () -- C:\Users\hp\Desktop\setup-x86_64.exe [2018/01/14 14:56:32 | 000,001,550 | ---- | M] () -- C:\Users\hp\wmplog04.sqm [2018/01/14 14:56:10 | 000,001,478 | ---- | M] () -- C:\Users\hp\wmplog03.sqm [2018/01/14 07:30:52 | 306,851,328 | ---- | M] () -- C:\Users\hp\Desktop\system.ext4.tar.a [2018/01/14 07:23:02 | 355,420,816 | ---- | M] () -- C:\Users\hp\Desktop\CondorC4 .zip [2018/01/14 07:18:50 | 415,412,406 | ---- | M] () -- C:\Users\hp\Desktop\NeXos7.0bMar8.zip [2018/01/14 07:15:31 | 000,001,330 | ---- | M] () -- C:\Users\hp\wmplog02.sqm [2018/01/13 23:41:47 | 000,001,378 | ---- | M] () -- C:\Users\hp\wmplog01.sqm [2018/01/13 20:10:58 | 000,001,298 | ---- | M] () -- C:\Users\hp\wmplog00.sqm [2018/01/13 13:02:34 | 000,000,144 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [2018/01/13 06:19:54 | 001,675,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2018/01/13 06:19:54 | 000,750,190 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2018/01/13 06:19:54 | 000,656,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2018/01/13 06:19:54 | 000,150,804 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2018/01/13 06:19:54 | 000,122,720 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2018/01/12 23:18:35 | 003,955,592 | ---- | M] () -- C:\cab_4780_2 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_6 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_5 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_4 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_3 [2018/01/12 22:42:28 | 257,805,450 | ---- | M] () -- C:\Users\hp\Desktop\NeXos7.0bMar8 - Copie.zip [2018/01/12 20:40:56 | 220,714,904 | ---- | M] () -- C:\Users\hp\Desktop\getxfer.548.0.zip [2018/01/12 20:32:55 | 000,000,134 | ---- | M] () -- C:\Users\hp\32507191.od [2018/01/12 20:32:55 | 000,000,000 | ---- | M] () -- C:\Users\hp\CVR537.tmp.cvr [2018/01/11 23:44:36 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2018/01/11 22:09:26 | 063,666,752 | ---- | M] (Oracle Corporation) -- C:\Users\hp\Desktop\jre-8u151-windows-i586.exe [2018/01/11 00:00:11 | 126,925,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe [2018/01/10 20:07:10 | 000,041,384 | ---- | M] () -- C:\Users\hp\KB3035490_20180110_200658152.html [2018/01/10 15:57:11 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk [2018/01/08 07:55:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2018/01/07 14:19:08 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk [2018/01/07 07:57:20 | 382,947,452 | ---- | M] () -- C:\Users\hp\Desktop\rom kitkat.zip [2018/01/03 12:37:19 | 001,696,586 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2017/12/31 17:50:37 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2017/12/31 11:13:59 | 000,001,154 | ---- | M] () -- C:\Users\hp\Desktop\Play Hitman 2.lnk [2017/12/21 19:10:19 | 000,000,761 | ---- | M] () -- C:\Users\hp\Desktop\Freedom Fighters.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2018/01/14 23:28:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2018/01/14 23:20:07 | 000,000,000 | -H-- | C] () -- C:\Users\hp\etilqs_Mza0ozixJmXMD1V [2018/01/14 23:19:08 | 000,000,000 | -H-- | C] () -- C:\Users\hp\etilqs_XanlPD9oSV61vVd [2018/01/14 22:32:10 | 000,257,928 | ---- | C] () -- C:\Users\hp\ArmUI.ini [2018/01/14 18:22:56 | 000,938,003 | ---- | C] () -- C:\Users\hp\Desktop\setup-x86_64.exe [2018/01/14 14:56:32 | 000,001,550 | ---- | C] () -- C:\Users\hp\wmplog04.sqm [2018/01/14 14:56:10 | 000,001,478 | ---- | C] () -- C:\Users\hp\wmplog03.sqm [2018/01/14 08:56:22 | 002,346,514 | ---- | C] () -- C:\Users\hp\Desktop\SystemUI.apk [2018/01/14 07:31:01 | 306,851,328 | ---- | C] () -- C:\Users\hp\Desktop\system.ext4.tar.a [2018/01/14 07:15:31 | 000,001,330 | ---- | C] () -- C:\Users\hp\wmplog02.sqm [2018/01/13 23:41:47 | 000,001,378 | ---- | C] () -- C:\Users\hp\wmplog01.sqm [2018/01/13 20:10:58 | 000,001,298 | ---- | C] () -- C:\Users\hp\wmplog00.sqm [2018/01/13 13:02:34 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [2018/01/13 05:33:11 | 004,726,784 | ---- | C] () -- C:\Users\hp\Desktop\boot.img [2018/01/12 23:18:17 | 003,955,592 | ---- | C] () -- C:\cab_4780_2 [2018/01/12 23:18:17 | 000,000,000 | ---- | C] () -- C:\cab_4780_6 [2018/01/12 23:18:17 | 000,000,000 | ---- | C] () -- C:\cab_4780_5 [2018/01/12 23:18:17 | 000,000,000 | ---- | C] () -- C:\cab_4780_4 [2018/01/12 23:18:17 | 000,000,000 | ---- | C] () -- C:\cab_4780_3 [2018/01/12 22:38:08 | 257,805,450 | ---- | C] () -- C:\Users\hp\Desktop\NeXos7.0bMar8 - Copie.zip [2018/01/12 22:33:54 | 220,714,904 | ---- | C] () -- C:\Users\hp\Desktop\getxfer.548.0.zip [2018/01/12 20:32:55 | 000,000,134 | ---- | C] () -- C:\Users\hp\32507191.od [2018/01/12 20:32:55 | 000,000,000 | ---- | C] () -- C:\Users\hp\CVR537.tmp.cvr [2018/01/11 23:44:36 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2018/01/10 20:06:56 | 000,041,384 | ---- | C] () -- C:\Users\hp\KB3035490_20180110_200658152.html [2018/01/10 15:57:11 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk [2018/01/09 15:58:29 | 415,412,406 | ---- | C] () -- C:\Users\hp\Desktop\NeXos7.0bMar8.zip [2018/01/08 07:55:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2018/01/07 14:19:08 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk [2018/01/07 07:57:21 | 382,947,452 | ---- | C] () -- C:\Users\hp\Desktop\rom kitkat.zip [2018/01/04 23:27:24 | 355,420,816 | ---- | C] () -- C:\Users\hp\Desktop\CondorC4 .zip [2017/12/31 17:50:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [2017/12/31 17:50:37 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2017/12/31 11:13:59 | 000,001,154 | ---- | C] () -- C:\Users\hp\Desktop\Play Hitman 2.lnk [2017/12/21 19:10:19 | 000,000,761 | ---- | C] () -- C:\Users\hp\Desktop\Freedom Fighters.lnk [2017/11/01 20:49:46 | 001,696,586 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2017/10/18 12:22:27 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2017/10/18 12:22:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2017/10/18 12:19:33 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2017/10/18 12:19:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2017/10/18 12:55:11 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2018/01/11 23:44:36 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2018/01/12 23:18:35 | 003,955,592 | ---- | M] () -- C:\cab_4780_2 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_3 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_4 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_5 [2018/01/12 23:18:17 | 000,000,000 | ---- | M] () -- C:\cab_4780_6 [2017/10/18 14:41:46 | 000,386,255 | RHS- | M] () -- C:\JXZNG [2018/01/14 23:17:51 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys [2018/01/14 23:28:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2017/10/18 14:41:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2017/12/31 17:50:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2017/11/02 09:50:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer [2018/01/08 20:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2017/12/31 11:13:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Eidos Interactive [2017/10/18 12:21:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2017/11/04 12:58:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2018/01/10 19:40:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lenovo [2018/01/12 09:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2017/11/04 10:44:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2017/10/18 14:36:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio [2017/10/18 14:34:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2017/11/04 09:46:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2017/11/01 20:49:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2017/10/18 14:36:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2018/01/09 20:30:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Notepad++ [2017/11/02 09:52:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pro Evolution Soccer 2017 [2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2017/12/14 00:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UltraISO [2009/07/14 05:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2017/10/18 14:33:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2017/10/31 11:55:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WebcamMax [2017/11/04 12:09:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2010/11/21 04:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2018/01/07 16:54:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM >[/color] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002] [HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices] [HKEY_LOCAL_MACHINE\SYSTEM\RNG] [HKEY_LOCAL_MACHINE\SYSTEM\Select] [HKEY_LOCAL_MACHINE\SYSTEM\Setup] [HKEY_LOCAL_MACHINE\SYSTEM\Software] [HKEY_LOCAL_MACHINE\SYSTEM\WPA] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2017/12/21 18:39:56 | 000,000,000 | ---D | M](C:\Users\hp\Desktop\??????) -- C:\Users\hp\Desktop\أناشيد [2017/12/21 18:39:33 | 000,000,000 | ---D | C](C:\Users\hp\Desktop\??????) -- C:\Users\hp\Desktop\أناشيد [2017/12/21 18:37:10 | 000,000,000 | ---D | M](C:\Users\hp\Desktop\?????? ??????) -- C:\Users\hp\Desktop\القرأن الكريم [2017/12/21 18:30:32 | 000,000,000 | ---D | C](C:\Users\hp\Desktop\?????? ??????) -- C:\Users\hp\Desktop\القرأن الكريم [2017/11/03 10:59:13 | 000,086,350 | ---- | M] ()(C:\Users\hp\Documents\?????? ???? ??????? ???????? ???? ?? ??? ????? 15.docx) -- C:\Users\hp\Documents\منهجية النص الفلسفي بتضبيقها أضمن لك على الأقل 15.docx [2017/11/03 10:59:12 | 000,086,350 | ---- | C] ()(C:\Users\hp\Documents\?????? ???? ??????? ???????? ???? ?? ??? ????? 15.docx) -- C:\Users\hp\Documents\منهجية النص الفلسفي بتضبيقها أضمن لك على الأقل 15.docx < End of report >