Logfile of random's system information tool 1.10 (written by random/random) Run by yassine at 2015-01-19 21:36:19 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 211 GB (74%) free of 285 GB Total RAM: 3999 MB (26% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:36:26, on 19/01/2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17496) Boot mode: Normal Running processes: C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\XTab\cmdshell.exe C:\Program Files (x86)\XTab\HPNotify.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASHelper.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASPRT.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOAS.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.expext.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BrowserAdapter.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASPRT.exe C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOAS.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\yassine.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=311&itype=a&ver=15005&tm=591&src=hmp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421189366&from=cor&uid=ST9320423AS_W330BD34&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421189373&from=cor&uid=ST9320423AS_W330BD34 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: RooyalSHOpperrApP - {0d1d1b75-b188-4bca-a7cf-2a5e816ba08f} - C:\ProgramData\RooyalSHOpperrApP\2cOuT7uEudnnUv.dll O2 - BHO: saviinagtoeyiou - {1e52125a-63a7-4e1c-bdea-36d8f19b4ed7} - C:\ProgramData\saviinagtoeyiou\IrSbSeh1U8Zn1E.dll O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Users\yassine\AppData\Local\Linkey\IEExtension\iedll.dll O2 - BHO: deaelPEak - {872711a5-8df5-4c99-8b61-ffdda2487127} - C:\ProgramData\deaelPEak\DVEcBkPCADzD1X.dll O2 - BHO: Dynamo Combo 1.0.0.6 - {986c37a1-7b65-476f-80dc-54f80bd4b0d6} - C:\Program Files (x86)\Dynamo Combo\DynamoCombobho.dll O2 - BHO: KingCouapion - {b6f842f2-855d-4473-a5ce-f010c1e4701d} - C:\ProgramData\KingCouapion\greAHO9fMFCPN5.dll O2 - BHO: ShopPerMausTeR - {ce09cac8-7cf1-4227-921a-33e9e9d21a48} - C:\ProgramData\ShopPerMausTeR\xuj3ogCikVxmRB.dll O2 - BHO: deal4reaal - {fa64754a-032e-46f5-b1b1-327522c72046} - C:\ProgramData\deal4reaal\m44PwKkMSjhZEi.dll O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.11\OptProLauncher.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Gameo] C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe "C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat" mode:minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: C:\Users\yassine\AppData\Local\Linkey\IEEXTE~1\ietlb.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Dynamo Combo - Unknown owner - C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe O23 - Service: Util Dynamo Combo - Unknown owner - C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11529 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs winlogon.exe C:\Windows\system32\svchost.exe -k NetworkService C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service taskeng.exe {872BCB3A-2A56-4679-A29A-AEDF66BD8F5F} "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c taskeng.exe {CC23D2B5-D87E-4FA3-A210-3D8DFD31F48B} "C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProMon.dll",ENT "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProMon.dll",ENT "C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden "C:\Windows\System32\StikyNot.exe" "C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe" "C:\Users\yassine\AppData\Roaming\Gameo\gameo.dat" mode:minimized "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" "C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe" --type=gpu-process --channel="2408.0.1450472493\1932827040" --no-sandbox --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,16 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2086 /prefetch:822062411 "C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe" --type=renderer --no-sandbox --lang=nl --nodejs --working-directory="C:\Users\yassine\AppData\Local\Temp\nw2408_17884" --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="2408.1.151966176\156044579" /prefetch:673131151 "C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe" --type=plugin --plugin-path="C:\Users\yassine\AppData\Local\Temp\nw2408_17884\plugins\NPSWF32_14_0_0_179.dll" --no-sandbox --lang=nl --channel="2408.2.1023611813\1708246396" /prefetch:-390060480 taskeng.exe {224C3175-D569-464D-96F8-7466A5A9268C} "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe" "C:\Program Files (x86)\XTab\ProtectService.exe" "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" "C:\Program Files (x86)\XTab\cmdshell.exe" "C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe" -monitor 456 "C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe" HPNotify.exe -run C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3148.0.1530306759\1328738246" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2086 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.2.479701536\401437598" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.4.267740473\468901267" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.5.828612139\315782861" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.6.1658425414\1517510070" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.7.1090711820\874486409" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.8.1279352348\1938029890" /prefetch:673131151 "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" "C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe" "C:\Program Files\Realtek\RtVOsd\RtVOsd.exe" C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "HP Wireless AssistantWLAN: AanC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico2021226008C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" "C:\Windows\system32\wuauclt.exe" "C:\Program Files\Windows NT\Accessories\wordpad.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3148.20.1227609619\1872331847" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe" "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.PurBrowse64.exe" /l false /s false /c "Dynamo Combo" /t "C:\Program Files (x86)\Dynamo Combo\bin\TEMP" /i "http://apidynamocomboin-a.akamaihd.net/gsrs?is=isgiwhBE&bp=PB3&g=00000000-0000-0000-0000-000000000000" /d {641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64 /p c2b54e2c-fdbe-44c4-b67e-4d8271101fcc:chrome /p 19941eb1-c8e1-47fe-b163-e49ae6ff3fba:iexplore /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 10 "C:\Program Files (x86)\Dynamo Combo\bin\bau" true \??\C:\Windows\system32\conhost.exe "-200159896521303228722036017838830569167-1220985260-14018888642098025668-52326868 /w 910 /h 100 /cg 448fa13d-fec2-48a3-8c78-cd75969e3b2d /gc 1 /ff 1 /ie 1 /is isgiwhBE "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASPRT.exe" /w 910 /h 100 /hw 66380 /g 448fa13d-fec2-48a3-8c78-cd75969e3b2d /is isgiwhBE "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOAS.exe" /w 910 /h 100 /hw 66380 /g 448fa13d-fec2-48a3-8c78-cd75969e3b2d /is isgiwhBE /bt 0 /ps \\.\pipe\boa{728ECAE9-C55F-4BF4-914C-1E1305939228} /bv 39 /ieg 19941eb1-c8e1-47fe-b163-e49ae6ff3fba /is isgiwhBE "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" /ch c2b54e2c-fdbe-44c4-b67e-4d8271101fcc /ie 19941eb1-c8e1-47fe-b163-e49ae6ff3fba /z "n=DynamoCombo&is=isgiwhBE&dpt=20" /ch c2b54e2c-fdbe-44c4-b67e-4d8271101fcc /ie 19941eb1-c8e1-47fe-b163-e49ae6ff3fba /z "n=DynamoCombo&is=isgiwhBE&dpt=20" "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:267521 /prefetch:2 "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOASPRT.exe" /w 910 /h 100 /hw 1769714 /g 448fa13d-fec2-48a3-8c78-cd75969e3b2d /is isgiwhBE "C:\Program Files (x86)\Dynamo Combo\bin\DynamoCombo.BOAS.exe" /w 910 /h 100 /hw 1769714 /g 448fa13d-fec2-48a3-8c78-cd75969e3b2d /is isgiwhBE /bt 2 /ps \\.\pipe\boa{82BD8536-6938-407C-BDB6-70546EDF5BDF} /bv 11 "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:2233605 /prefetch:2 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -Embedding "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.40.1991336853\1274882177" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Freud/DomRel-Enable/enable/EmbeddedSearch/Group2 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_88/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3148.44.2135625524\681883083" /prefetch:673131151 "C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe" "C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe" "C:\Program Files\Reimage\Reimage Repair\Reimage.exe" http://www.reimageplus.com/GUI/GUI1804/layout.php?consumer=1&gui_branch=0&trackutil=249477322&MinorSessionID=231db249b0fe4b5bbf1eb554e3&lang_code=nl /Product:reimage /Locale=1043 C:\Windows\system32\sppsvc.exe "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 "C:\Users\yassine\Downloads\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f}] RooyalSHOpperrApP - C:\ProgramData\RooyalSHOpperrApP\2cOuT7uEudnnUv.x64.dll [2014-12-22 701440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7}] saviinagtoeyiou - C:\ProgramData\saviinagtoeyiou\IrSbSeh1U8Zn1E.x64.dll [2015-01-05 701952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] Linkey - C:\Users\yassine\AppData\Local\Linkey\IEExtension\iedll64.dll [2014-10-22 159760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872711a5-8df5-4c99-8b61-ffdda2487127}] deaelPEak - C:\ProgramData\deaelPEak\DVEcBkPCADzD1X.x64.dll [2015-01-05 701952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6f842f2-855d-4473-a5ce-f010c1e4701d}] KingCouapion - C:\ProgramData\KingCouapion\greAHO9fMFCPN5.x64.dll [2014-12-22 697856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce09cac8-7cf1-4227-921a-33e9e9d21a48}] ShopPerMausTeR - C:\ProgramData\ShopPerMausTeR\xuj3ogCikVxmRB.x64.dll [2015-01-13 701952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa64754a-032e-46f5-b1b1-327522c72046}] deal4reaal - C:\ProgramData\deal4reaal\m44PwKkMSjhZEi.x64.dll [2014-12-26 654336] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1d1b75-b188-4bca-a7cf-2a5e816ba08f}] RooyalSHOpperrApP - C:\ProgramData\RooyalSHOpperrApP\2cOuT7uEudnnUv.dll [2014-12-22 559104] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e52125a-63a7-4e1c-bdea-36d8f19b4ed7}] saviinagtoeyiou - C:\ProgramData\saviinagtoeyiou\IrSbSeh1U8Zn1E.dll [2015-01-05 566272] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] IETabPage Class - C:\Program Files (x86)\XTab\SupTab.dll [2014-12-29 513680] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] Linkey - C:\Users\yassine\AppData\Local\Linkey\IEExtension\iedll.dll [2014-10-22 138256] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872711a5-8df5-4c99-8b61-ffdda2487127}] deaelPEak - C:\ProgramData\deaelPEak\DVEcBkPCADzD1X.dll [2015-01-05 566272] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986c37a1-7b65-476f-80dc-54f80bd4b0d6}] Dynamo Combo 1.0.0.6 - C:\Program Files (x86)\Dynamo Combo\DynamoCombobho.dll [2015-01-13 250616] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6f842f2-855d-4473-a5ce-f010c1e4701d}] KingCouapion - C:\ProgramData\KingCouapion\greAHO9fMFCPN5.dll [2014-12-22 562688] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce09cac8-7cf1-4227-921a-33e9e9d21a48}] ShopPerMausTeR - C:\ProgramData\ShopPerMausTeR\xuj3ogCikVxmRB.dll [2015-01-13 566272] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa64754a-032e-46f5-b1b1-327522c72046}] deal4reaal - C:\ProgramData\deal4reaal\m44PwKkMSjhZEi.dll [2014-12-26 512512] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-13 2281256] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-29 166424] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-29 391192] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-29 410648] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-09-22 6489704] "HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128] "Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro 3.11\OptProLauncher.exe [2014-12-03 148048] "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520] "Gameo"=C:\Users\yassine\AppData\Roaming\Gameo\gameo.exe [2014-12-31 42482176] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-09-28 584760] C:\Users\yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MyPC Backup.lnk - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\Users\yassine\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-02-21 269824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-01-19 21:36:19 ----D---- C:\rsit 2015-01-19 21:36:19 ----D---- C:\Program Files\trend micro 2015-01-19 21:25:08 ----D---- C:\ProgramData\Reimage Protector 2015-01-19 21:25:00 ----D---- C:\Program Files\Reimage 2015-01-19 21:24:47 ----D---- C:\rei 2015-01-19 21:24:04 ----A---- C:\Windows\Reimage.ini 2015-01-19 16:08:46 ----A---- C:\Windows\system32\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys 2015-01-17 03:27:43 ----A---- C:\Windows\system32\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64.sys 2015-01-15 17:37:06 ----D---- C:\Program Files\Microsoft Silverlight 2015-01-15 17:37:06 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2015-01-14 00:07:46 ----D---- C:\ProgramData\smdmf 2015-01-14 00:07:25 ----D---- C:\Program Files (x86)\Settings Manager 2015-01-14 00:06:42 ----HD---- C:\Users\yassine\AppData\Roaming\GoldenGate 2015-01-14 00:06:25 ----D---- C:\Users\yassine\AppData\Roaming\Gameo 2015-01-14 00:06:01 ----D---- C:\Users\yassine\AppData\Roaming\StormFall 2015-01-13 23:56:21 ----A---- C:\Windows\system32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys 2015-01-13 23:53:53 ----D---- C:\Users\yassine\AppData\Roaming\PC Speed Maximizer 2015-01-13 23:50:03 ----D---- C:\ProgramData\IHProtectUpDate 2015-01-13 23:49:49 ----D---- C:\Program Files (x86)\XTab 2015-01-13 23:49:34 ----D---- C:\ProgramData\WindowsMangerProtect 2015-01-13 23:49:26 ----D---- C:\Users\yassine\AppData\Roaming\omiga-plus 2015-01-13 23:49:26 ----D---- C:\Users\yassine\AppData\Roaming\MailUpdate 2015-01-13 23:49:26 ----D---- C:\ProgramData\MailUpdate 2015-01-13 23:49:10 ----D---- C:\Program Files (x86)\Dynamo Combo 2015-01-13 23:48:54 ----D---- C:\Program Files (x86)\MyPC Backup 2015-01-13 23:48:51 ----D---- C:\Program Files (x86)\PC Speed Maximizer 2015-01-13 23:48:50 ----D---- C:\Users\yassine\AppData\Roaming\FlvPlayer 2015-01-13 20:53:50 ----D---- C:\ProgramData\ShopPerMausTeR 2015-01-13 20:22:36 ----A---- C:\Windows\system32\TSWbPrxy.exe 2015-01-13 20:22:35 ----A---- C:\Windows\SYSWOW64\nlaapi.dll 2015-01-13 20:22:35 ----A---- C:\Windows\SYSWOW64\ncsi.dll 2015-01-13 20:22:35 ----A---- C:\Windows\system32\profsvc.dll 2015-01-13 20:22:35 ----A---- C:\Windows\system32\nlasvc.dll 2015-01-13 20:22:35 ----A---- C:\Windows\system32\nlaapi.dll 2015-01-13 20:22:35 ----A---- C:\Windows\system32\ncsi.dll 2015-01-13 20:22:34 ----A---- C:\Windows\system32\drivers\mrxdav.sys 2015-01-13 20:22:28 ----A---- C:\Windows\system32\ntoskrnl.exe 2015-01-13 20:22:27 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2015-01-13 20:22:26 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2015-01-13 20:22:25 ----A---- C:\Windows\SYSWOW64\srclient.dll 2015-01-13 20:22:25 ----A---- C:\Windows\system32\srcore.dll 2015-01-13 20:22:25 ----A---- C:\Windows\system32\srclient.dll 2015-01-13 20:22:25 ----A---- C:\Windows\system32\rstrui.exe 2015-01-06 02:19:43 ----D---- C:\ProgramData\kondnekoajliejgdcechmoffohmfhfdh 2015-01-05 22:00:04 ----D---- C:\ProgramData\deaelPEak 2015-01-05 21:59:41 ----D---- C:\ProgramData\saviinagtoeyiou 2014-12-26 17:22:15 ----D---- C:\Program Files (x86)\Microsoft Office 2014-12-26 17:21:12 ----D---- C:\Program Files (x86)\MSECache 2014-12-26 16:23:19 ----D---- C:\ProgramData\deal4reaal 2014-12-22 20:03:38 ----D---- C:\ProgramData\RooyalSHOpperrApP 2014-12-22 15:24:58 ----D---- C:\ProgramData\KingCouapion 2014-12-22 15:24:45 ----D---- C:\ProgramData\772c849670da8cb ======List of files/folders modified in the last 1 month====== 2015-01-19 21:36:21 ----D---- C:\Windows\Temp 2015-01-19 21:36:19 ----RD---- C:\Program Files 2015-01-19 21:26:38 ----D---- C:\Windows\System32 2015-01-19 21:26:04 ----D---- C:\Windows\system32\Tasks 2015-01-19 21:25:08 ----HD---- C:\ProgramData 2015-01-19 21:24:04 ----D---- C:\Windows 2015-01-19 20:55:02 ----D---- C:\Windows\SysWOW64 2015-01-19 20:37:43 ----A---- C:\Windows\win.ini 2015-01-19 16:46:05 ----D---- C:\Windows\system32\config 2015-01-19 16:08:46 ----D---- C:\Windows\system32\drivers 2015-01-17 03:44:10 ----D---- C:\Windows\winsxs 2015-01-16 00:24:27 ----SHD---- C:\Windows\Installer 2015-01-16 00:24:15 ----D---- C:\Program Files\Common Files\Microsoft Shared 2015-01-16 00:23:18 ----SHD---- C:\System Volume Information 2015-01-15 17:49:01 ----D---- C:\Windows\system32\NDF 2015-01-15 17:37:06 ----RD---- C:\Program Files (x86) 2015-01-15 17:27:22 ----D---- C:\Windows\inf 2015-01-15 17:27:22 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-01-15 17:25:03 ----D---- C:\Windows\system32\GroupPolicy 2015-01-13 23:56:29 ----D---- C:\Windows\Prefetch 2015-01-13 20:22:12 ----D---- C:\Windows\system32\catroot 2015-01-13 20:21:40 ----D---- C:\Windows\system32\catroot2 2015-01-07 21:56:09 ----D---- C:\Users\yassine\AppData\Roaming\uTorrent 2015-01-06 04:36:02 ----N---- C:\Windows\system32\MpSigStub.exe 2015-01-03 20:10:28 ----D---- C:\Users\yassine\AppData\Roaming\vlc 2014-12-26 19:28:20 ----D---- C:\Windows\system32\wdi 2014-12-26 17:24:05 ----SD---- C:\Users\yassine\AppData\Roaming\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 {641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64;{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64; C:\Windows\system32\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys [2015-01-19 48792] R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64;{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\system32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [2015-01-13 48792] R1 {ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64;{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64; C:\Windows\system32\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64.sys [2015-01-16 48792] R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc3.cfg [2014-12-15 45968] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088] R3 cpuz134;cpuz134; \??\C:\Users\yassine\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-21 10300800] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-22 2494056] R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-13 1390640] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056] S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-10-07 126008] R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216] R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680] R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [2014-12-29 158864] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728] R2 ReimageRealTimeProtector;Reimage Real Time Protector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14 7410024] R2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R2 SmdmFService;SmdmF Service; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [2014-12-15 3573264] R2 Update Dynamo Combo;Update Dynamo Combo; C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe [2015-01-19 529656] R2 Util Dynamo Combo;Util Dynamo Combo; C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe [2015-01-19 529656] R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2015-01-13 473088] R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-09-17 735288] S2 051cdb72;Optimizer Pro Crash Monitor; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544] S2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-11-25 53320] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24 107912] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-24 107912] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-26 1255736] -----------------EOF-----------------