Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Heavy problems with searchult.com [Closed]

malware otl searchult

  • This topic is locked This topic is locked

#1
fabienbo

fabienbo

    New Member

  • Member
  • Pip
  • 1 posts

Hello,

 

I have problema since a few weeks with malwares such as searchult.com. I ve been trying every single solution and software shown on google but still... my explorers are still infected. I ve finaly find a tool called OTL by old timer witch seem to go deeper but as i m not an expert i dont want to mess up anything. Could somone who actualy knows about it help me to spot my troubles on the repport?

 

 

OTL logfile created on: 04/05/2015 03:08:20 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fabien\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
7.98 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 68.16% Memory free
15.96 Gb Paging File | 13.02 Gb Available in Paging File | 81.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 565.21 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
 
Computer Name: FABIEN-PC | User Name: Fabien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Archivos de programa\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Archivos de programa\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\11a24c8e5dd833c8de63c6a7ec19ca89\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f2637acce0919a29bdf53912a359dbf2\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a596d0525d78281d86abce9c2e6105b5\System.IdentityModel.ni.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (HitmanProScheduler) -- C:\Archivos de programa\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MaConfigAgent) -- C:\Archivos de programa\ma-config.com\MaConfigAgent.exe (CybelSoft)
SRV - (ss_conn_service) -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service 64) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Archivos de programa\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Intel® -- C:\Archivos de programa\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV - (Intel® -- C:\Archivos de programa\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (LBTServ) -- C:\Archivos de programa\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RichVideo64) -- C:\Archivos de programa\CyberLink\Shared files\RichVideo64.exe ()
SRV - (SQLWriter) -- C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.) -- C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ma-config_amd64) -- C:\Archivos de programa\ma-config.com\Drivers\ma-config_amd64.sys (CybelSoft)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = www.google.com
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...?q={searchTerms}
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "AR"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Diccionario RAE,DuckDuckGo,eBay,Twitter,Wikipedia (es)"
FF - prefs.js..browser.search.region: "AR"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/03/25 12:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/04/16 14:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2015/03/02 18:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabien\AppData\Roaming\mozilla\Extensions
[2015/05/03 19:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabien\AppData\Roaming\mozilla\Firefox\Profiles\iqag84gg.default-1430635995401\extensions
[2015/05/03 00:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015/05/03 00:46:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/03/31 10:23:10 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2015/05/03 19:15:57 | 000,001,380 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    practivate.adobe.com
O1 - Hosts: 127.0.0.1    ereg.adobe.com
O1 - Hosts: 127.0.0.1    activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1    wip3.adobe.com
O1 - Hosts: 127.0.0.1    3dns-3.adobe.com
O1 - Hosts: 127.0.0.1    3dns-2.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1    adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1    ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1    activate-sea.adobe.com
O1 - Hosts: 127.0.0.1    wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 serials.wilcopub.com
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Archivos de programa\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Archivos de programa\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Archivos de programa\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CDAServer] C:\Archivos de programa\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.210 200.49.130.47
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B16E242D-44D4-44A4-AC74-FABCFC6C9F85}: DhcpNameServer = 200.42.4.210 200.49.130.47
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Archivos de programa\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/04/21 14:28:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67a26788-be89-11e3-829e-74f06dde6650}\Shell - "" = AutoRun
O33 - MountPoints2\{67a26788-be89-11e3-829e-74f06dde6650}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/05/04 14:27:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fabien\Desktop\OTL.exe
[2015/05/03 19:08:58 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\ZHP
[2015/05/03 19:04:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/05/03 18:44:06 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2015/05/03 18:44:06 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\Temp
[2015/05/03 12:20:30 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015/05/03 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\zoek
[2015/05/03 02:48:49 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Datos antiguos de Firefox
[2015/05/03 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2015/05/03 02:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/05/03 02:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/05/03 02:17:49 | 011,028,616 | ---- | C] (SurfRight B.V.) -- C:\Users\Fabien\Desktop\HitmanPro_x64.exe
[2015/05/03 02:12:20 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/05/03 02:01:27 | 002,716,306 | ---- | C] (Thisisu) -- C:\Users\Fabien\Desktop\JRT.exe
[2015/05/03 01:02:33 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/05/03 01:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/05/03 01:02:21 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/05/03 01:02:21 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/05/03 01:02:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/05/03 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/05/03 00:46:23 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\Mozilla
[2015/05/02 21:54:10 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2015/05/02 21:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2015/05/02 19:59:15 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Mactowebise
[2015/05/02 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\UIAutomationCore
[2015/05/01 18:52:08 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Licitacion
[2015/04/30 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\brochure-folders-free-by-designshock
[2015/04/23 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Cairo2011_High1.0
[2015/04/22 17:14:32 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Orbx systems
[2015/04/22 17:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbx
[2015/04/22 17:07:08 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\Orbx
[2015/04/22 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\FTXORBXLIBS_150331
[2015/04/22 15:16:30 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Documents\Abrosoft FantaMorph
[2015/04/22 15:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abrosoft FantaMorph 5
[2015/04/22 15:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abrosoft
[2015/04/22 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\morph
[2015/04/21 18:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FSGRW
[2015/04/21 18:28:12 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Dans EZCA Cameras
[2015/04/21 15:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/04/21 15:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/04/21 15:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/04/21 14:27:40 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Start Menu
[2015/04/21 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2015/04/21 09:17:08 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Bitdefender
[2015/04/21 09:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2015/04/21 09:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2015/04/21 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2015/04/21 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2015/04/20 21:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2015/04/20 21:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SchDownload
[2015/04/19 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FsxAdventures KLM Missions v1.00
[2015/04/16 14:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/04/16 14:41:04 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\TA_Software
[2015/04/16 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\GMap.NET
[2015/04/16 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\IsolatedStorage
[2015/04/16 14:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plan-G v3.1.2
[2015/04/16 14:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plan-G v3.1.2
[2015/04/16 14:07:48 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Documents\Plan-G Files
[2015/04/15 14:48:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\X86
[2015/04/15 14:48:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AMD64
[2015/04/14 23:05:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/04/14 23:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/04/14 23:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/04/06 21:10:36 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/04/06 21:10:36 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/04/06 09:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/04/06 14:35:27 | 001,367,776 | ---- | C] (VIRTUALI s.a.s.) -- C:\Users\Fabien\komu
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/05/04 15:03:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/04 15:02:37 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/05/04 14:44:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/05/04 14:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabien\Desktop\OTL.exe
[2015/05/04 14:27:55 | 000,001,946 | ---- | M] () -- C:\Users\Fabien\Desktop\Google Chrome.lnk
[2015/05/04 14:10:16 | 000,031,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/04 14:10:16 | 000,031,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/04 14:02:35 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/05/04 14:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/04 14:02:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2015/05/04 14:01:58 | 2133,065,727 | -HS- | M] () -- C:\hiberfil.sys
[2015/05/03 19:15:57 | 000,001,380 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/05/03 19:08:58 | 000,000,832 | ---- | M] () -- C:\Users\Fabien\Desktop\ZHPCleaner.lnk
[2015/05/03 17:57:31 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015/05/03 12:29:53 | 001,305,600 | ---- | M] () -- C:\Users\Fabien\Desktop\zoek.exe
[2015/05/03 12:20:07 | 004,170,178 | ---- | M] () -- C:\Users\Fabien\Desktop\zoek.zip
[2015/05/03 02:40:43 | 000,004,260 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2015/05/03 02:34:52 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2015/05/03 02:20:51 | 011,028,616 | ---- | M] (SurfRight B.V.) -- C:\Users\Fabien\Desktop\HitmanPro_x64.exe
[2015/05/03 02:12:31 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-FABIEN-PC-Windows-7-Professional-(64-bit).dat
[2015/05/03 02:01:30 | 002,716,306 | ---- | M] (Thisisu) -- C:\Users\Fabien\Desktop\JRT.exe
[2015/05/03 02:00:47 | 002,204,160 | ---- | M] () -- C:\Users\Fabien\Desktop\adwcleaner_4.203.exe
[2015/05/03 01:02:23 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/05/02 19:54:34 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/05/02 18:35:33 | 000,079,581 | ---- | M] () -- C:\Users\Fabien\Desktop\UIAutomationCore.zip
[2015/05/02 18:17:40 | 000,005,820 | ---- | M] () -- C:\Users\Fabien\Documents\a321 qatar.ecs
[2015/05/01 19:13:36 | 000,232,815 | ---- | M] () -- C:\Users\Fabien\Documents\Sobre.pdf
[2015/05/01 18:25:18 | 000,683,834 | ---- | M] () -- C:\Users\Fabien\Desktop\final.pdf
[2015/04/30 21:05:38 | 001,167,945 | ---- | M] () -- C:\Users\Fabien\Desktop\cook_kitchen_restaurant_chef_gourmet_food_clean_cook_white.jpg
[2015/04/30 20:34:31 | 000,124,196 | ---- | M] () -- C:\Users\Fabien\Desktop\cafe_broglie_strasbourg.jpg
[2015/04/30 20:23:20 | 000,069,166 | ---- | M] () -- C:\Users\Fabien\Desktop\18.jpg
[2015/04/30 19:22:22 | 000,155,511 | ---- | M] () -- C:\Users\Fabien\Desktop\fiat-fiorino-2014-01.jpg
[2015/04/30 19:13:45 | 001,101,085 | ---- | M] () -- C:\Users\Fabien\Desktop\Food-image-7.jpg
[2015/04/30 19:10:33 | 000,338,337 | ---- | M] () -- C:\Users\Fabien\Desktop\buffet-self-service-panela-de-minas-tiradentes-mg.jpg
[2015/04/30 17:57:55 | 000,063,813 | ---- | M] () -- C:\Users\Fabien\Desktop\22660647-cloche-icon-Stock-Vector-tray-platter-cloche.jpg
[2015/04/30 17:54:35 | 298,309,324 | ---- | M] () -- C:\Users\Fabien\Desktop\Stacked-Presentation-Folders-Mockup-PSD-Template.zip
[2015/04/30 17:26:30 | 103,936,580 | ---- | M] () -- C:\Users\Fabien\Desktop\brochure-folders-free-by-designshock.zip
[2015/04/29 19:44:35 | 006,630,827 | ---- | M] () -- C:\Users\Fabien\Desktop\hoy.cwd
[2015/04/29 18:44:41 | 000,001,659 | ---- | M] () -- C:\Users\Fabien\Desktop\YMML V2.0 User Guide.lnk
[2015/04/27 11:25:42 | 000,001,021 | ---- | M] () -- C:\Users\Fabien\Desktop\Dropbox.lnk
[2015/04/23 15:23:47 | 042,100,059 | ---- | M] () -- C:\Users\Fabien\Desktop\Cairo2011_High1.0.zip
[2015/04/22 17:07:17 | 000,001,181 | ---- | M] () -- C:\Users\Fabien\Desktop\FTX Central 2  (FSX - FTX Global).lnk
[2015/04/21 18:43:31 | 000,002,512 | ---- | M] () -- C:\Users\Fabien\Desktop\FTX Vector Configurator (FSX).lnk
[2015/04/21 18:42:21 | 000,001,952 | ---- | M] () -- C:\Users\Fabien\Desktop\FS Global Real Weather.lnk
[2015/04/21 18:28:07 | 001,519,434 | ---- | M] () -- C:\Users\Fabien\Desktop\Dans EZCA Cameras.zip
[2015/04/21 14:28:09 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/04/21 09:19:38 | 000,533,238 | ---- | M] () -- C:\ProgramData\1429618186.bdinstall.bin
[2015/04/21 09:17:48 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2015/04/21 09:17:48 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2015/04/21 09:17:48 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2015/04/20 20:06:50 | 000,001,620 | ---- | M] () -- C:\Users\Fabien\Desktop\FS Global Homepage.lnk
[2015/04/19 12:21:05 | 001,905,895 | ---- | M] () -- C:\Users\Fabien\Desktop\20150306_210149.jpg
[2015/04/16 14:08:10 | 000,000,105 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/04/14 23:07:00 | 001,653,774 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/04/14 23:07:00 | 000,748,388 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2015/04/14 23:07:00 | 000,654,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/14 23:07:00 | 000,159,358 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2015/04/14 23:07:00 | 000,122,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/14 23:06:52 | 001,653,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/14 16:49:22 | 001,010,244 | ---- | M] () -- C:\Users\Fabien\Desktop\20150414_163954.jpg
[2015/04/14 16:49:18 | 001,065,291 | ---- | M] () -- C:\Users\Fabien\Desktop\20150414_163951.jpg
[2015/04/14 09:37:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/04/14 09:37:46 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/04/14 09:37:42 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/05/04 13:57:13 | 000,001,946 | ---- | C] () -- C:\Users\Fabien\Desktop\Google Chrome.lnk
[2015/05/03 19:08:58 | 000,000,832 | ---- | C] () -- C:\Users\Fabien\Desktop\ZHPCleaner.lnk
[2015/05/03 18:44:07 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015/05/03 12:29:53 | 001,305,600 | ---- | C] () -- C:\Users\Fabien\Desktop\zoek.exe
[2015/05/03 12:20:07 | 004,170,178 | ---- | C] () -- C:\Users\Fabien\Desktop\zoek.zip
[2015/05/03 02:40:43 | 000,004,260 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/05/03 02:34:52 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2015/05/03 02:12:31 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-FABIEN-PC-Windows-7-Professional-(64-bit).dat
[2015/05/03 02:00:35 | 002,204,160 | ---- | C] () -- C:\Users\Fabien\Desktop\adwcleaner_4.203.exe
[2015/05/03 01:02:23 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/05/03 00:46:18 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/05/02 19:54:34 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/05/02 18:35:33 | 000,079,581 | ---- | C] () -- C:\Users\Fabien\Desktop\UIAutomationCore.zip
[2015/05/02 18:17:40 | 000,005,820 | ---- | C] () -- C:\Users\Fabien\Documents\a321 qatar.ecs
[2015/05/01 19:13:36 | 000,232,815 | ---- | C] () -- C:\Users\Fabien\Documents\Sobre.pdf
[2015/05/01 18:25:18 | 000,683,834 | ---- | C] () -- C:\Users\Fabien\Desktop\final.pdf
[2015/04/30 21:06:35 | 001,167,945 | ---- | C] () -- C:\Users\Fabien\Desktop\cook_kitchen_restaurant_chef_gourmet_food_clean_cook_white.jpg
[2015/04/30 20:34:51 | 000,124,196 | ---- | C] () -- C:\Users\Fabien\Desktop\cafe_broglie_strasbourg.jpg
[2015/04/30 20:24:52 | 000,069,166 | ---- | C] () -- C:\Users\Fabien\Desktop\18.jpg
[2015/04/30 19:22:39 | 000,155,511 | ---- | C] () -- C:\Users\Fabien\Desktop\fiat-fiorino-2014-01.jpg
[2015/04/30 19:13:50 | 001,101,085 | ---- | C] () -- C:\Users\Fabien\Desktop\Food-image-7.jpg
[2015/04/30 19:10:48 | 000,338,337 | ---- | C] () -- C:\Users\Fabien\Desktop\buffet-self-service-panela-de-minas-tiradentes-mg.jpg
[2015/04/30 17:58:11 | 000,063,813 | ---- | C] () -- C:\Users\Fabien\Desktop\22660647-cloche-icon-Stock-Vector-tray-platter-cloche.jpg
[2015/04/30 17:25:07 | 103,936,580 | ---- | C] () -- C:\Users\Fabien\Desktop\brochure-folders-free-by-designshock.zip
[2015/04/30 17:11:06 | 298,309,324 | ---- | C] () -- C:\Users\Fabien\Desktop\Stacked-Presentation-Folders-Mockup-PSD-Template.zip
[2015/04/29 18:44:41 | 000,001,659 | ---- | C] () -- C:\Users\Fabien\Desktop\YMML V2.0 User Guide.lnk
[2015/04/23 15:23:20 | 042,100,059 | ---- | C] () -- C:\Users\Fabien\Desktop\Cairo2011_High1.0.zip
[2015/04/22 17:13:51 | 006,630,827 | ---- | C] () -- C:\Users\Fabien\Desktop\hoy.cwd
[2015/04/22 17:07:17 | 000,001,181 | ---- | C] () -- C:\Users\Fabien\Desktop\FTX Central 2  (FSX - FTX Global).lnk
[2015/04/21 18:43:31 | 000,002,512 | ---- | C] () -- C:\Users\Fabien\Desktop\FTX Vector Configurator (FSX).lnk
[2015/04/21 18:42:20 | 000,001,952 | ---- | C] () -- C:\Users\Fabien\Desktop\FS Global Real Weather.lnk
[2015/04/21 18:28:07 | 001,519,434 | ---- | C] () -- C:\Users\Fabien\Desktop\Dans EZCA Cameras.zip
[2015/04/21 14:28:09 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2015/04/21 09:19:38 | 000,533,238 | ---- | C] () -- C:\ProgramData\1429618186.bdinstall.bin
[2015/04/21 09:17:48 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2015/04/21 09:17:05 | 049,563,064 | -H-- | C] () -- C:\bdr-im01.gz
[2015/04/21 09:17:05 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2015/04/21 09:17:05 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2015/04/21 09:17:05 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2015/04/19 12:26:15 | 000,864,356 | ---- | C] () -- C:\Users\Fabien\Desktop\20131214_170114_8_bestshot.jpg
[2015/04/19 12:21:03 | 001,905,895 | ---- | C] () -- C:\Users\Fabien\Desktop\20150306_210149.jpg
[2015/04/16 14:08:10 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/04/14 16:47:50 | 001,065,291 | ---- | C] () -- C:\Users\Fabien\Desktop\20150414_163951.jpg
[2015/04/14 16:46:28 | 001,010,244 | ---- | C] () -- C:\Users\Fabien\Desktop\20150414_163954.jpg
[2015/03/27 11:23:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/03/16 20:15:28 | 000,000,069 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2015/01/27 19:36:29 | 000,007,601 | ---- | C] () -- C:\Users\Fabien\AppData\Local\Resmon.ResmonCfg
[2015/01/24 20:37:26 | 000,000,218 | ---- | C] () -- C:\Users\Fabien\AppData\Local\recently-used.xbel
[2014/11/20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/09/12 03:40:26 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2014/07/18 09:08:45 | 000,004,608 | ---- | C] () -- C:\Users\Fabien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/30 19:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2014/04/30 19:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2014/04/30 19:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2014/04/30 19:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/04/30 19:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2014/04/15 13:41:42 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2014/04/08 18:04:32 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2014/03/26 12:14:26 | 000,000,030 | ---- | C] () -- C:\Program Files (x86)\settings.cfg
[2014/03/26 12:08:10 | 000,379,294 | ---- | C] () -- C:\Program Files (x86)\UnGEXUSACAN.exe
[2014/03/25 12:50:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/03/25 12:42:45 | 001,653,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/06 18:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 18:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 17:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 17:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/27 14:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 02:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 02:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/09 20:12:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2014/10/16 14:36:23 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\AMD
[2015/04/21 09:23:15 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Bitdefender
[2014/05/05 08:28:54 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Chief Architect Inc
[2015/04/22 16:10:02 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\DAEMON Tools Lite
[2015/05/02 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Dropbox
[2015/03/11 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\EZCA
[2015/03/08 19:04:36 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\FS2Crew2010
[2014/03/27 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\fscabincrew
[2015/02/09 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\HSAR
[2014/06/10 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\LASoftWorks
[2014/03/25 12:56:10 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Leadertech
[2014/03/27 15:24:53 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\library_dir
[2015/03/19 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Lockheed Martin
[2015/02/08 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\LogMate
[2015/05/02 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Mactowebise
[2015/02/04 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Notepad++
[2015/04/22 17:14:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Orbx systems
[2014/03/29 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\PMDG
[2014/03/25 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Python-Eggs
[2015/01/27 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Quest3D
[2015/03/10 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\RAASPRO
[2015/01/27 19:35:22 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Roaming
[2014/11/26 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Samsung
[2014/06/10 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\SendBlaster3
[2015/04/21 13:52:22 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Spotify
[2015/01/17 19:30:02 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Steam
[2015/03/27 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Subtitle Edit
[2014/10/23 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\TeamViewer
[2015/03/02 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Thunderbird
[2014/10/25 10:47:45 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\TS3Client
[2015/03/19 17:26:33 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Virtuali
[2015/03/27 10:57:49 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\WinBatch
[2015/05/03 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\ZHP
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74603393

< End of report >

 

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hi there, I would like to use a different programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select shortcut txt and additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP