Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01 Ran by Jeremy (administrator) on AIYLIIN on 02-07-2015 15:28:37 Running from C:\Users\Jeremy\Desktop Loaded Profiles: Jeremy (Available Profiles: Jeremy) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe () C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Razer Inc.) D:\Logiciels\Razer GB\Razer Game Booster\RzKLService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Ozone Xenon Driver\Monitor.EXE (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-09-18] (Realtek Semiconductor) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Ozone Xenon Driver] => C:\Program Files (x86)\Ozone Xenon Driver\Monitor.exe [765952 2012-04-04] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc) HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\Run: [GoogleChromeAutoLaunch_6D3B45FEBE36B822DCB3796A57AA2386] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.) HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {15aa90cf-3c5e-11e2-a1af-50e54956af42} - H:\Autorun.exe HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {1ed0fe7d-a3a2-11e4-956a-50e54956af42} - K:\AutoRun.exe HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {1ed0fe93-a3a2-11e4-956a-50e54956af42} - K:\AutoRun.exe HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {2f89a1c7-70eb-11e1-a457-806e6f6e6963} - E:\Run.exe HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {a481ffb7-c7d2-11e4-a263-50e54956af42} - K:\AutoRun.exe HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {c265ddb9-a84f-11e4-8e68-50e54956af42} - K:\AutoRun.exe HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\MountPoints2: {e544497b-3b90-11e2-b6ed-50e54956af42} - G:\Autorun.exe HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-03-18] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.) CHR HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3169129232-1059393053-1924891798-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F SearchScopes: HKU\S-1-5-21-3169129232-1059393053-1924891798-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{7B709280-77D6-400A-915A-B5116E565FF9}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{AA2E2810-2C70-471C-872A-CC1BCCEC15CF}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{B5FA9CF0-B563-4869-A501-E4FAC8F82DB0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{BC4AA1D4-77F9-4CB1-A1BA-9DF884C8D3CA}: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{BC4AA1D4-77F9-4CB1-A1BA-9DF884C8D3CA}: [DhcpNameServer] 192.168.55.55 Tcpip\..\Interfaces\{BDECCC8E-9781-41C8-BF63-27800B07BE44}: [DhcpNameServer] 192.168.8.1 192.168.8.1 FireFox: ======== FF ProfilePath: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\yr4daj5a.default FF SelectedSearchEngine: Google FF NetworkProxy: "http", "127.0.0.1" FF Homepage: /*/*hxxp://yourtv.link*/*/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-01] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: 4game.com/plugin -> D:\Jeux\4Game\npplugin4game.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\yr4daj5a.default\Extensions\iobitascsurfingprotection@iobit.com [2015-07-01] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-09] FF HKU\S-1-5-21-3169129232-1059393053-1924891798-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\yr4daj5a.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5} [not found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-02] CHR Extension: (Google Drive) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-02] CHR Extension: (YouTube) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-02] CHR Extension: (Adblock Plus) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-02] CHR Extension: (Google Search) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-02] CHR Extension: (Google Sheets) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-02] CHR Extension: (Avast Online Security) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-02] CHR Extension: (Google Wallet) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-02] CHR Extension: (Gmail) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-02] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed] S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software) R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.) [File not signed] R2 RzKLService; D:\Logiciels\Razer GB\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-12] (Disc Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-06-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2009-04-06] (INCA Internet Co., Ltd.) [File not signed] S3 PsSdk40; C:\Windows\system32\Drivers\pssdk40.sys [51776 2012-08-18] (microOLAP Technologies LTD) S3 PsSdkLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-08-18] (microOLAP Technologies LTD) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software) S3 catchme; \??\C:\Users\Jeremy\AppData\Local\Temp\catchme.sys [X] S3 dump_wmimmc; \??\C:\Program Files (x86)\Gameforge\Lineage II\system\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-02 15:28 - 2015-07-02 15:28 - 00018377 _____ C:\Users\Jeremy\Desktop\FRST.txt 2015-07-02 15:27 - 2015-07-02 15:28 - 00000000 ____D C:\FRST 2015-07-02 15:27 - 2015-07-02 15:27 - 02112512 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe 2015-07-02 14:07 - 2015-07-02 14:07 - 00000234 _____ C:\Users\Jeremy\Downloads\debug.log 2015-07-02 14:05 - 2015-07-02 14:05 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-02 14:05 - 2015-07-02 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-02 14:03 - 2015-07-02 15:23 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-02 14:03 - 2015-07-02 15:08 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-02 14:03 - 2015-07-02 14:03 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-02 14:03 - 2015-07-02 14:03 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-02 13:55 - 2015-07-02 13:55 - 00001239 _____ C:\Users\Jeremy\Desktop\Revo Uninstaller.lnk 2015-07-02 13:55 - 2015-07-02 13:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-07-02 13:53 - 2015-07-02 13:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jeremy\Downloads\revosetup.exe 2015-07-02 12:18 - 2015-07-02 12:18 - 00000028 _RSHO C:\Users\Jeremy\AppData\Roaming\be046e943fe726861c04b0318e13b2f274b1ec06.sys 2015-07-02 12:12 - 2015-07-02 12:12 - 00931408 _____ (Google Inc.) C:\Users\Jeremy\Downloads\ChromeSetup.exe 2015-07-02 10:23 - 2015-07-02 10:24 - 00001482 _____ C:\DelFix.txt 2015-07-02 10:02 - 2015-07-02 10:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-07-02 09:28 - 2015-07-02 09:28 - 01832960 _____ C:\Users\Jeremy\ZHPDiag3.exe 2015-07-01 23:27 - 2015-07-01 23:27 - 00000000 ____D C:\ProgramData\ProductData 2015-07-01 22:48 - 2015-07-01 22:48 - 00064839 _____ C:\Rapport 20h14.txt 2015-07-01 22:47 - 2015-07-01 22:47 - 00002147 _____ C:\Rapport 22h32.txt 2015-07-01 22:30 - 2015-07-01 22:30 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ProductData 2015-07-01 22:24 - 2015-07-02 12:09 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2015-07-01 21:10 - 2015-07-01 21:10 - 00016540 _____ C:\Users\Jeremy\Downloads\maleficent 2014 1080p.torrent 2015-07-01 20:27 - 2015-07-02 10:00 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\ZHP 2015-07-01 20:12 - 2015-07-01 22:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-01 20:12 - 2015-07-01 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-01 20:12 - 2015-07-01 20:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-01 20:12 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-01 20:12 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-01 20:12 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-01 20:07 - 2015-07-01 20:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jeremy\Downloads\mbam-setup-2.1.8.1057.exe 2015-07-01 18:24 - 2015-07-02 15:23 - 00000560 _____ C:\Windows\setupact.log 2015-07-01 18:24 - 2015-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log 2015-07-01 18:23 - 2015-07-02 15:14 - 00076040 _____ C:\Windows\PFRO.log 2015-07-01 18:09 - 2015-07-01 18:14 - 00002086 __RSH C:\Users\Jeremy\ntuser.pol 2015-07-01 18:03 - 2015-07-01 18:09 - 00002080 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk 2015-07-01 18:03 - 2015-07-01 18:03 - 00001069 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk 2015-07-01 18:03 - 2015-07-01 18:03 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2015-07-01 18:03 - 2015-07-01 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4 2015-07-01 18:03 - 2015-07-01 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-07-01 18:03 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2015-07-01 17:40 - 2015-07-01 17:40 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-07-01 17:40 - 2015-07-01 17:40 - 00000000 ____D C:\Windows\system32\vbox 2015-07-01 17:34 - 2015-07-01 17:34 - 00001893 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-07-01 17:34 - 2015-07-01 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-07-01 17:33 - 2015-07-01 17:33 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-07-01 17:33 - 2015-07-01 17:33 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-07-01 17:25 - 2015-07-01 17:25 - 00306240 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-01 16:35 - 2015-07-01 16:35 - 00066288 _____ C:\Users\Jeremy\AppData\Local\GDIPFONTCACHEV1.DAT 2015-07-01 16:04 - 2015-07-01 20:26 - 00000000 __SHD C:\ProgramData\Google 2015-07-01 16:04 - 2015-07-01 16:04 - 00000000 __SHD C:\ProgramData\Windows 7 2015-06-20 13:11 - 2015-06-20 13:11 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Rainy_Cape_S.L 2015-06-20 13:10 - 2015-06-20 13:10 - 00002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitles.lnk 2015-06-20 13:10 - 2015-06-20 13:10 - 00002415 _____ C:\Users\Public\Desktop\Subtitles.lnk 2015-06-20 13:10 - 2015-06-20 13:10 - 00000000 ____D C:\Program Files (x86)\Subtitles 2015-06-20 13:09 - 2015-06-20 13:10 - 02363320 _____ (Rainy Cape S.L.) C:\Users\Jeremy\Downloads\Subtitles-win-3.0.exe 2015-06-12 16:40 - 2015-06-12 17:23 - 05242678 _____ C:\Users\Jeremy\Downloads\Margoooote.odt 2015-06-11 19:29 - 2015-06-12 10:56 - 00000000 ____D C:\Users\Jeremy\Downloads\COMPIL SWAGG'APELLA MARGOT 2015-06-11 19:28 - 2015-06-11 19:28 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Canneverbe Limited 2015-06-11 19:28 - 2015-06-11 19:28 - 00000000 ____D C:\ProgramData\Canneverbe Limited ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-02 15:23 - 2015-01-21 09:18 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Raptr 2015-07-02 15:23 - 2014-04-09 23:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-02 15:23 - 2012-03-18 14:09 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2015-07-02 15:23 - 2012-03-18 13:41 - 00000144 _____ C:\service.log 2015-07-02 15:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-02 15:17 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-02 15:17 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-02 14:38 - 2014-02-28 14:28 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-02 14:07 - 2012-03-18 16:38 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Google 2015-07-02 14:04 - 2012-03-18 16:34 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-02 09:58 - 2012-04-02 19:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\uTorrent 2015-07-02 09:54 - 2012-03-18 23:48 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\vlc 2015-07-02 09:28 - 2012-03-18 13:20 - 00000000 ____D C:\Users\Jeremy 2015-07-01 20:12 - 2013-02-12 12:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-01 18:22 - 2015-05-30 17:21 - 00440066 _____ C:\Windows\WindowsUpdate.log 2015-07-01 18:18 - 2012-03-18 16:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Games 2015-07-01 18:18 - 2012-03-18 13:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-01 18:14 - 2014-04-09 15:19 - 00000438 __RSH C:\ProgramData\ntuser.pol 2015-07-01 18:07 - 2013-04-29 18:27 - 02319872 ___SH C:\Users\Jeremy\Downloads\Thumbs.db 2015-07-01 18:03 - 2014-04-04 15:03 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\IObit 2015-07-01 18:03 - 2014-04-04 15:02 - 00000000 ____D C:\ProgramData\IObit 2015-07-01 18:03 - 2014-04-04 15:02 - 00000000 ____D C:\Program Files (x86)\IObit 2015-07-01 18:00 - 2014-08-31 21:24 - 00000000 ____D C:\Fraps 2015-07-01 17:51 - 2012-05-07 16:31 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Adobe 2015-07-01 17:44 - 2014-02-28 14:28 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-01 17:44 - 2012-04-02 18:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-01 17:44 - 2012-03-18 17:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-01 17:36 - 2014-04-09 23:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-07-01 17:33 - 2014-08-07 13:38 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-07-01 17:33 - 2014-04-09 23:39 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-07-01 17:33 - 2014-04-09 23:39 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-07-01 17:33 - 2014-04-09 23:39 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-07-01 17:33 - 2014-04-09 23:39 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-01 17:33 - 2014-04-09 23:39 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-01 17:32 - 2014-04-09 23:39 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-01 16:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2015-06-30 23:48 - 2013-01-09 21:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Skype 2015-06-25 11:46 - 2012-03-18 21:02 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Mumble 2015-06-24 23:48 - 2014-12-28 20:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-22 19:05 - 2012-12-19 20:56 - 00000807 ____H C:\Users\Jeremy\Downloads\.picasa.ini 2015-06-20 13:10 - 2014-01-15 21:56 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-11 17:00 - 2011-01-26 14:42 - 00747644 _____ C:\Windows\system32\perfh00C.dat 2015-06-11 17:00 - 2011-01-26 14:42 - 00150168 _____ C:\Windows\system32\perfc00C.dat 2015-06-11 17:00 - 2009-07-14 07:13 - 01669584 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2015-07-02 12:18 - 2015-07-02 12:18 - 0000028 _RSHO () C:\Users\Jeremy\AppData\Roaming\be046e943fe726861c04b0318e13b2f274b1ec06.sys 2013-10-17 17:40 - 2013-10-17 17:40 - 0000044 _____ () C:\Users\Jeremy\AppData\Roaming\Camdata.ini 2013-10-17 17:40 - 2013-10-17 17:40 - 0000408 _____ () C:\Users\Jeremy\AppData\Roaming\CamLayout.ini 2013-10-17 17:40 - 2013-10-17 17:40 - 0000408 _____ () C:\Users\Jeremy\AppData\Roaming\CamShapes.ini 2013-10-17 17:40 - 2013-10-17 17:40 - 0004523 _____ () C:\Users\Jeremy\AppData\Roaming\CamStudio.cfg 2013-10-08 03:03 - 2014-01-12 00:48 - 0000121 _____ () C:\Users\Jeremy\AppData\Roaming\mbam.context.scan 2014-05-04 13:54 - 2014-05-04 13:54 - 0003584 _____ () C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-15 22:17 - 2014-01-15 22:17 - 0000000 ___SH () C:\Users\Jeremy\AppData\Local\LumaEmu 2014-04-09 20:36 - 2014-04-09 20:36 - 0007601 _____ () C:\Users\Jeremy\AppData\Local\Resmon.ResmonCfg 2012-05-26 21:44 - 2012-05-26 21:44 - 0009216 _____ () C:\ProgramData\~C4D219.tmp Files to move or delete: ==================== C:\Users\Jeremy\ZHPDiag3.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-23 02:19 ==================== End of log ============================