Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Rayan (administrator) on RAYAN on 17-06-2015 17:09:42 Running from C:\Users\Rayan\Desktop Loaded Profiles: Rayan (Available Profiles: Rayan) Platform: Windows 8.1 (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-07] (TOSHIBA) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-21] (Autodesk Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-05-28] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-113965090-4082397984-2472747820-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-113965090-4082397984-2472747820-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation) BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-05-28] (Wondershare) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Rayan\AppData\Roaming\Mozilla\Firefox\Profiles\xqe1grpt.default-1434386358830 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-12] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\.xml [2014-12-19] FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-06-10] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-21] (Autodesk Inc.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows (R) Win 7 DDK provider) [File not signed] R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-11-07] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-22] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-05] (IObit) R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-06-25] (CybelSoft) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed] R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-15] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 mi-raysat_3dsmax2015_64; "C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-26] (Phoenix Technologies) [File not signed] R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-14] (Disc Soft Ltd) S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-25] (CybelSoft) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed] R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-06-07] (SoftEther Corporation) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [48896 2015-06-07] (SoftEther Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 17:09 - 2015-06-17 17:10 - 00015016 _____ C:\Users\Rayan\Desktop\FRST.txt 2015-06-17 17:08 - 2015-06-17 17:08 - 02109952 _____ (Farbar) C:\Users\Rayan\Desktop\FRST64.exe 2015-06-16 23:32 - 2015-06-16 23:33 - 03128832 _____ (Dark Nacho) C:\Users\Rayan\Desktop\Resident_Evil_REV2_Raid_SE_Dark_Nacho_Upadte.exe 2015-06-16 23:30 - 2015-06-16 23:30 - 02017792 _____ (Dark Nacho) C:\Users\Rayan\Desktop\Resident Evil Revelations 2 Raid SE - Dark Nacho 1.0.0.0.exe 2015-06-16 15:12 - 2015-06-16 15:13 - 06883618 _____ (Nicolas Coolman ) C:\Users\Rayan\Downloads\ZHPDiag2(1).exe 2015-06-15 16:41 - 2015-06-15 16:41 - 00001130 _____ C:\Users\Rayan\Downloads\fixlist.txt 2015-06-15 15:40 - 2015-06-17 17:09 - 00000000 ____D C:\FRST 2015-06-13 18:53 - 2015-06-13 18:53 - 00000885 _____ C:\Users\Rayan\Desktop\ZHPCleaner.lnk 2015-06-13 18:50 - 2015-06-13 18:50 - 01843200 _____ C:\Users\Rayan\Downloads\ZHPCleaner.exe 2015-06-13 16:38 - 2015-06-16 15:25 - 00000512 _____ C:\PhysicalDisk0_MBR.bin 2015-06-13 16:23 - 2015-06-16 15:14 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\ZHP 2015-06-13 16:23 - 2015-06-16 15:13 - 00001974 _____ C:\Users\Rayan\Desktop\ZHPFix.lnk 2015-06-13 16:23 - 2015-06-16 15:13 - 00001843 _____ C:\Users\Rayan\Desktop\ZHPDiag.lnk 2015-06-13 16:23 - 2015-06-16 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-06-13 16:23 - 2015-06-16 15:13 - 00000000 ____D C:\Program Files (x86)\ZHPDiag 2015-06-13 16:22 - 2015-06-13 16:22 - 06880102 _____ (Nicolas Coolman ) C:\Users\Rayan\Downloads\ZHPDiag2.exe 2015-06-13 11:44 - 2015-06-13 11:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-13 11:44 - 2015-06-13 11:44 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-13 11:44 - 2015-06-13 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-13 11:44 - 2015-06-13 11:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-13 11:44 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-13 11:44 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-13 11:44 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-13 11:43 - 2015-06-13 11:43 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Rayan\Downloads\mbam-setup-2.1.6.1022(1).exe 2015-06-13 11:38 - 2015-06-13 11:38 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Rayan\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-13 11:14 - 2015-06-13 11:14 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\ProductData 2015-06-13 11:04 - 2015-06-13 11:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RAYAN-Windows-8.1-(64-bit).dat 2015-06-13 11:04 - 2015-06-13 11:04 - 00000000 ____D C:\RegBackup 2015-06-13 11:03 - 2015-06-13 11:03 - 02943844 _____ (Thisisu) C:\Users\Rayan\Downloads\JRT(1).exe 2015-06-13 10:47 - 2015-06-13 10:48 - 02231296 _____ C:\Users\Rayan\Downloads\adwcleaner-4-206-multi-win(1).exe 2015-06-13 10:31 - 2015-06-13 10:31 - 02943844 _____ (Thisisu) C:\Users\Rayan\Downloads\JRT.exe 2015-06-13 10:29 - 2015-06-13 10:54 - 00000000 ____D C:\AdwCleaner 2015-06-13 10:28 - 2015-06-13 10:28 - 02231296 _____ C:\Users\Rayan\Downloads\adwcleaner-4-206-multi-win.exe 2015-06-13 08:55 - 2015-06-13 08:56 - 02679040 _____ C:\Users\Rayan\Downloads\MEP - Right Here - parts.rar 2015-06-13 07:39 - 2015-06-14 09:41 - 06217978 _____ C:\Users\Rayan\Desktop\ItachiSasukeMEP-Part-12.mp4 2015-06-11 05:57 - 2015-06-11 06:45 - 00000000 ____D C:\Users\Rayan\Documents\Pokemon Online 2015-06-11 05:57 - 2015-06-11 06:03 - 00000000 ____D C:\Users\Rayan\AppData\Local\Dreambelievers 2015-06-11 05:53 - 2015-06-11 16:57 - 00000000 ____D C:\Users\Rayan\Pokemon Online 2015-06-11 05:51 - 2015-06-11 05:52 - 54380123 _____ (Dreambelievers ) C:\Users\Rayan\Downloads\Pokemon-Online-Setup.exe 2015-06-11 04:47 - 2015-06-11 04:47 - 00721607 _____ C:\Users\Rayan\Downloads\Part 7 music.zip 2015-06-11 00:43 - 2015-06-11 00:43 - 00000130 _____ C:\Users\Rayan\Desktop\Key.txt 2015-06-10 23:28 - 2015-06-10 23:35 - 00000000 ____D C:\Users\Rayan\Documents\Wondershare Video Converter Ultimate 2015-06-10 23:28 - 2015-06-10 23:28 - 00001252 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk 2015-06-10 23:28 - 2015-06-10 23:28 - 00000000 ____D C:\Users\Rayan\Documents\Wondershare MediaServer 2015-06-10 23:28 - 2015-06-10 23:28 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\Wondershare Video Converter Ultimate 2015-06-10 23:28 - 2015-06-10 23:28 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2015-06-10 23:28 - 2015-06-10 23:28 - 00000000 ____D C:\Users\Rayan\AppData\Local\Wondershare 2015-06-10 23:28 - 2015-06-10 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2015-06-10 23:27 - 2015-06-16 23:23 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2015-06-10 23:27 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2015-06-10 23:27 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\WSCM32.dll 2015-06-10 23:26 - 2015-06-10 23:28 - 00000000 ____D C:\ProgramData\Wondershare 2015-06-10 23:26 - 2015-06-10 23:26 - 00000000 ____D C:\Program Files (x86)\Wondershare 2015-06-10 23:25 - 2015-06-10 23:26 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2015-06-10 23:25 - 2015-06-10 23:25 - 00805960 _____ C:\Users\Rayan\Downloads\video-converter-ultimate_setup_full905.exe 2015-06-10 23:24 - 2015-06-10 23:24 - 04619238 _____ (DVDVideoMedia, Inc. ) C:\Users\Rayan\Downloads\freemkvvideoconverter.exe 2015-06-10 23:20 - 2015-06-10 23:20 - 00003584 _____ C:\Users\Rayan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 ____D C:\Users\Rayan\Documents\Video Converter 2015-06-10 23:16 - 2015-06-10 23:16 - 00000000 ____D C:\Users\Rayan\AppData\Local\Video Converter 2015-06-10 23:15 - 2015-06-10 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPEG4E 2015-06-10 23:12 - 2015-06-10 23:12 - 00000000 ____D C:\ProgramData\VideoConverter 2015-06-10 23:11 - 2015-06-10 23:12 - 24527365 _____ (Extensoft) C:\Users\Rayan\Downloads\FreeVideoConverter.exe 2015-06-10 19:51 - 2015-06-10 19:51 - 10768856 _____ (Xvid Team) C:\Users\Rayan\Downloads\Xvid-1.3.2-20110601.exe 2015-06-08 07:41 - 2015-06-10 19:33 - 00000000 ____D C:\FFOutput 2015-06-08 07:41 - 2015-06-08 07:41 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-06-08 07:39 - 2015-06-13 11:23 - 00000000 ____D C:\Program Files (x86)\FreeTime 2015-06-08 07:37 - 2015-06-08 07:38 - 55605736 _____ (Free Time) C:\Users\Rayan\Downloads\FFSetup3.6.0.0.exe 2015-06-08 05:27 - 2015-06-08 05:27 - 00000000 _____ C:\Users\Rayan\AppData\Local\Temp.dat 2015-06-08 05:10 - 2015-06-08 05:10 - 00002920 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-06-08 05:10 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-06-08 05:10 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-06-08 05:09 - 2015-06-08 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-06-08 04:59 - 2015-06-08 05:01 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Rayan\Downloads\FreemakeVideoConverterSetup(2).exe 2015-06-08 04:57 - 2015-06-08 04:58 - 00000000 ____D C:\FFmpeg 2015-06-08 00:12 - 2015-06-08 00:12 - 00201597 _____ C:\Users\Rayan\Downloads\2.0.2.5(1).zip 2015-06-08 00:09 - 2015-06-08 00:09 - 00201597 _____ C:\Users\Rayan\Downloads\2.0.2.5.zip 2015-06-07 23:16 - 2015-06-07 23:41 - 00000000 ____D C:\Users\Rayan\Desktop\NARUTO -ナルト- 2015-06-07 22:51 - 2015-06-07 22:51 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\Rayan\Downloads\CG_5.0.15.14.exe 2015-06-07 19:17 - 2015-06-07 19:17 - 00040704 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys 2015-06-07 19:02 - 2015-06-07 19:02 - 00144104 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe 2015-06-07 19:01 - 2015-06-07 22:42 - 00000000 ____D C:\Program Files\SoftEther VPN Client 2015-06-07 19:01 - 2015-06-07 19:01 - 00048896 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys 2015-06-07 01:50 - 2015-06-07 01:51 - 02573008 _____ C:\Users\Rayan\Downloads\[Raws-4U] K - K-Project (TBS 1280x720 x264).exe 2015-06-06 18:15 - 2015-06-12 17:08 - 00000000 ____D C:\Users\Rayan\Desktop\K Project 2015-06-05 02:18 - 2015-06-05 02:19 - 42096984 _____ (Apple Inc.) C:\Users\Rayan\Downloads\QuickTimeInstaller.exe 2015-06-04 18:46 - 2015-06-04 18:46 - 08589505 _____ C:\Users\Rayan\Desktop\No angels MEP - part 4.wmv 2015-06-02 17:57 - 2015-06-13 10:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-06-01 07:13 - 2015-06-01 07:37 - 00000000 ____D C:\Users\Rayan\Desktop\Gunnm Manga 2015-05-30 21:07 - 2015-05-30 21:07 - 07512234 _____ C:\Users\Rayan\Downloads\We Ever See Part 2.mp4 2015-05-30 18:45 - 2015-05-30 18:46 - 00000000 ____D C:\Users\Rayan\Desktop\NewBlue FX 2015-05-30 18:37 - 2015-05-30 18:37 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zenoté 2015-05-30 18:37 - 2015-05-30 18:37 - 00000000 ____D C:\Program Files (x86)\Zenote 2015-05-29 18:48 - 2010-10-10 20:46 - 00013934 _____ C:\Users\Rayan\Desktop\Juicy Orange.grd 2015-05-29 18:47 - 2015-05-29 18:48 - 00001773 _____ C:\Users\Rayan\Downloads\juicy_orange_by_snathaid_mhor-d327im2.rar.zip 2015-05-29 18:20 - 2015-05-29 18:20 - 00087752 _____ C:\Users\Rayan\Downloads\queen_of_the_moon.zip 2015-05-26 03:49 - 2015-05-26 03:49 - 00013824 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2015-05-26 03:48 - 2015-05-26 03:48 - 01208432 _____ (Copyright © 2015 eSupport.com, Inc • All Rights Reserved ) C:\Users\Rayan\Downloads\driveragent-setup-987.exe 2015-05-26 03:41 - 2015-05-26 03:41 - 00638976 _____ C:\Users\Rayan\Downloads\Detection.msi 2015-05-18 07:53 - 2015-05-19 02:39 - 00000000 ____D C:\Users\Rayan\Desktop\JakeSherryBattle2 2015-05-18 03:25 - 2015-05-18 03:25 - 01871156 _____ C:\Users\Rayan\Desktop\SherryStunBaton.xps 2015-05-18 03:25 - 2014-11-12 16:22 - 00043832 _____ C:\Users\Rayan\Desktop\wp1112_stunbaton00_MM.dds 2015-05-18 03:25 - 2014-11-12 16:22 - 00043832 _____ C:\Users\Rayan\Desktop\wp1112_stunbaton00_BM.dds 2015-05-18 03:25 - 2014-11-12 15:56 - 00087536 _____ C:\Users\Rayan\Desktop\wp1112_stunbaton00_NM.dds 2015-05-18 03:25 - 2012-09-27 07:55 - 00065554 _____ C:\Users\Rayan\Desktop\pl0600_01eye_NM.tga 2015-05-18 03:25 - 2012-09-22 21:37 - 04194322 _____ C:\Users\Rayan\Desktop\pl0590_03Hair_BM.tga ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2094-04-09 08:08 - 2014-06-27 21:57 - 00003924 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D2AAC6C9-A85A-4EA8-837D-8E34B4783863} 2094-04-09 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-06-17 17:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-06-17 16:57 - 2014-12-22 04:46 - 02074089 _____ C:\Windows\WindowsUpdate.log 2015-06-17 16:43 - 2014-06-27 21:50 - 00000000 ___DO C:\Users\Rayan\SkyDrive 2015-06-17 16:42 - 2015-01-06 20:39 - 00000000 ____D C:\Users\Rayan\AppData\Local\Adobe 2015-06-17 16:41 - 2015-01-04 08:52 - 00025592 _____ C:\Windows\setupact.log 2015-06-17 16:41 - 2014-07-05 15:18 - 00000000 ____D C:\Users\Rayan\AppData\Local\CrashDumps 2015-06-17 16:41 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-17 08:30 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-06-17 08:26 - 2014-10-22 12:48 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-17 01:50 - 2015-04-22 19:27 - 00000000 ____D C:\Users\Rayan\Desktop\SonyVegas 2015-06-16 23:40 - 2013-12-05 21:41 - 02104754 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-16 23:40 - 2013-08-29 00:29 - 00919488 _____ C:\Windows\system32\perfh00C.dat 2015-06-16 23:40 - 2013-08-29 00:29 - 00201762 _____ C:\Windows\system32\perfc00C.dat 2015-06-16 20:52 - 2015-04-25 21:11 - 04899840 ___SH C:\Users\Rayan\Desktop\Thumbs.db 2015-06-16 15:26 - 2014-06-27 21:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-113965090-4082397984-2472747820-1001 2015-06-16 05:54 - 2015-03-30 05:54 - 00000000 ____D C:\Users\Rayan\Desktop\YoutubeBanner 2015-06-16 05:49 - 2014-07-14 05:52 - 00084480 ___SH C:\Users\Rayan\Downloads\Thumbs.db 2015-06-15 18:39 - 2015-01-02 23:43 - 00000000 ____D C:\Users\Rayan\Desktop\Anciennes données de Firefox 2015-06-15 16:49 - 2014-07-02 11:07 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-06-15 16:47 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-06-15 16:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2015-06-14 09:04 - 2014-12-22 18:38 - 00126304 _____ C:\Windows\PFRO.log 2015-06-14 01:10 - 2014-10-01 08:56 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\Skype 2015-06-13 16:24 - 2015-04-22 22:57 - 00001444 _____ C:\Users\Rayan\Desktop\Nouveau document texte.txt 2015-06-13 09:14 - 2014-07-06 14:30 - 00000000 ____D C:\Users\Rayan\Documents\OFX Presets 2015-06-12 17:13 - 2014-10-22 12:48 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-11 05:57 - 2015-05-15 08:57 - 00000000 ____D C:\Users\Rayan\AppData\Local\Pokemon Showdown 2015-06-11 05:53 - 2014-06-27 21:39 - 00000000 ____D C:\Users\Rayan 2015-06-10 18:50 - 2014-07-10 06:24 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\vlc 2015-06-10 03:12 - 2014-06-29 06:19 - 00000000 ____D C:\Users\Rayan\AppData\Roaming\uTorrent 2015-06-08 05:16 - 2015-02-21 07:09 - 00000000 ____D C:\ProgramData\Freemake 2015-06-08 05:16 - 2015-02-21 07:09 - 00000000 ____D C:\Program Files (x86)\Freemake 2015-06-07 23:00 - 2014-06-27 21:42 - 00000000 ____D C:\Users\Rayan\AppData\Local\VirtualStore 2015-06-04 15:07 - 2014-10-08 18:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-30 18:48 - 2014-07-19 02:37 - 00000000 ____D C:\Program Files (x86)\NewBlue 2015-05-30 16:56 - 2013-08-22 16:44 - 05988768 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-26 03:43 - 2014-07-01 09:42 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2015-05-26 01:38 - 2015-05-07 02:39 - 00000000 ____D C:\Users\Rayan\Desktop\PatternPourBump 2015-05-22 05:04 - 2015-04-22 19:21 - 00000000 ____D C:\Users\Rayan\Desktop\Photoshop 2015-05-20 05:45 - 2015-05-07 02:08 - 00000000 ____D C:\Users\Rayan\Desktop\MiniBumpMap 2015-05-19 23:11 - 2015-01-06 20:33 - 00000132 _____ C:\Users\Rayan\AppData\Roaming\Préfs Format PNG Adobe CS6 2015-05-19 20:03 - 2014-07-07 02:15 - 00000000 ____D C:\Program Files (x86)\Bruteforce Save Data ==================== Files in the root of some directories ======= 2014-07-03 11:26 - 2014-07-03 11:17 - 0754505 _____ () C:\Program Files (x86)\BLES014650.rar 2015-02-15 05:19 - 2009-10-24 00:00 - 5811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll 2015-01-05 12:22 - 2015-03-08 11:27 - 0000132 _____ () C:\Users\Rayan\AppData\Roaming\Adobe GIF Format CS5 Prefs 2014-08-17 04:34 - 2015-04-01 07:06 - 0000132 _____ () C:\Users\Rayan\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-10-09 06:32 - 2014-10-09 06:32 - 0000132 _____ () C:\Users\Rayan\AppData\Roaming\Adobe Targa Format CS5 Prefs 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Rayan\AppData\Roaming\DE 2015-01-06 20:33 - 2015-05-19 23:11 - 0000132 _____ () C:\Users\Rayan\AppData\Roaming\Préfs Format PNG Adobe CS6 2014-08-25 02:51 - 2014-08-28 03:51 - 0000089 _____ () C:\Users\Rayan\AppData\Roaming\WB.CFG 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Rayan\AppData\Roaming\ZRT 2015-01-05 11:51 - 2015-03-08 11:29 - 0001456 _____ () C:\Users\Rayan\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs 2015-05-03 01:08 - 2015-05-03 01:08 - 0001456 _____ () C:\Users\Rayan\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs 2015-06-10 23:20 - 2015-06-10 23:20 - 0003584 _____ () C:\Users\Rayan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-04 03:09 - 2014-07-04 03:09 - 0000267 _____ () C:\Users\Rayan\AppData\Local\icqrf.bat 2015-01-06 06:42 - 2015-01-06 06:42 - 0001004 _____ () C:\Users\Rayan\AppData\Local\recently-used.xbel 2015-06-08 05:27 - 2015-06-08 05:27 - 0000000 _____ () C:\Users\Rayan\AppData\Local\Temp.dat 2014-07-08 06:56 - 2014-07-08 06:57 - 0000025 _____ () C:\Users\Rayan\AppData\Local\trueburner.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-17 16:52 ==================== End of log ============================