Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015 Ran by joss (administrator) on JOSS-PC (21-10-2015 18:17:53) Running from C:\Users\joss\Desktop Loaded Profiles: joss & postgres (Available Profiles: joss & postgres) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (KEMiCZA) C:\Users\joss\Desktop\profiles\Saturation Toggler.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (AB Team) C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.1\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.41\deploy\LoLPatcher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.162\deploy\LolClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-526272471-1439060630-3630711136-1000\...\Run: [AMDToggler] => C:\Users\joss\Desktop\profiles\Saturation Toggler.exe [548352 2014-06-19] (KEMiCZA) HKU\S-1-5-21-526272471-1439060630-3630711136-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-526272471-1439060630-3630711136-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-526272471-1439060630-3630711136-1000\...\MountPoints2: D - D:\ShelExec.exe open.htm HKU\S-1-5-21-526272471-1439060630-3630711136-1000\...\MountPoints2: {6aa9765d-1be6-11e4-a92a-902b34db9bd5} - E:\setup.exe HKU\S-1-5-21-526272471-1439060630-3630711136-1000\...\MountPoints2: {d62dcfec-5e50-11e3-bb95-806e6f6e6963} - D:\ShelExec.exe open.htm HKU\S-1-5-21-526272471-1439060630-3630711136-1002\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-526272471-1439060630-3630711136-1002\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-526272471-1439060630-3630711136-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-526272471-1439060630-3630711136-1002\...\MountPoints2: D - D:\ShelExec.exe open.htm HKU\S-1-5-21-526272471-1439060630-3630711136-1002\...\MountPoints2: {6aa9765d-1be6-11e4-a92a-902b34db9bd5} - E:\setup.exe HKU\S-1-5-21-526272471-1439060630-3630711136-1002\...\MountPoints2: {d62dcfec-5e50-11e3-bb95-806e6f6e6963} - D:\ShelExec.exe open.htm IFEO\dthtml.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\pgadmin3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\stackbuilder.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{E20C3A21-842B-4836-AF7A-6458916B279D}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-526272471-1439060630-3630711136-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = SearchScopes: HKU\S-1-5-21-526272471-1439060630-3630711136-1002 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} FireFox: ======== FF ProfilePath: C:\Users\joss\AppData\Roaming\Mozilla\Firefox\Profiles\hqoi6a5n.default-1441525006931 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-02] () FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-06] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-06] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-02] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-526272471-1439060630-3630711136-1000: qlping.com/qlping -> C:\Users\joss\AppData\Local\qlPing\0.0.1.0\npqlping.dll [No File] Chrome: ======= CHR StartupUrls: Profile 1 -> "hxxp://google.fr/" CHR Profile: C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12] CHR Extension: (Google Docs) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12] CHR Extension: (Google Drive) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12] CHR Extension: (YouTube) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12] CHR Extension: (Google Search) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12] CHR Extension: (Gmail Offline) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-02-12] CHR Extension: (Google Calendar) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-02-12] CHR Extension: (Google Sheets) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12] CHR Extension: (Google Docs Offline) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-02] CHR Extension: (AdBlock) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12] CHR Extension: (mysms - SMS from Computer) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb [2015-02-12] CHR Extension: (Handcraft) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgpklhhhiiafnocfiikcpffkogjkdmki [2015-02-12] CHR Extension: (Grepolis) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2015-02-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12] CHR Extension: (Gmail) - C:\Users\joss\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-05] () [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-23] (EasyAntiCheat Ltd) S4 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] () S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed] S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation) S4 KaraokeService; C:\Windows\system32\KaraokeSer.exe [88696 2012-12-11] (VIA Technologies, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S4 PornTime Updater; C:\Users\joss\AppData\Roaming\PT\updater.exe [165888 2015-06-15] (PornTime) [File not signed] S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] () S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-08] (AVG) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-08] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [92448 2015-10-14] () S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [8704 2015-06-30] (Windows (R) Win 7 DDK provider) [File not signed] R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [121032 2013-07-16] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-04-09] (Razer Inc) R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.) S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-04-09] (Razer Inc) S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-30] (SteelSeries ApS) S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [43616 2015-06-30] (SteelSeries ApS) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-19] () S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-21 18:17 - 2015-10-21 18:18 - 00016235 _____ C:\Users\joss\Desktop\FRST.txt 2015-10-21 18:17 - 2015-10-21 18:17 - 00000000 ____D C:\FRST 2015-10-21 18:16 - 2015-10-21 18:16 - 02196992 _____ (Farbar) C:\Users\joss\Desktop\FRST64.exe 2015-10-20 17:39 - 2015-10-20 17:39 - 00085564 _____ C:\Users\joss\Desktop\ZHPDiag.txt 2015-10-20 17:38 - 2015-10-20 17:38 - 00005564 _____ C:\Users\joss\Desktop\ZHPFixReport.txt 2015-10-20 12:34 - 2015-10-20 12:34 - 01958400 _____ C:\Users\joss\ZHPDiag3.exe 2015-10-20 12:25 - 2015-10-20 12:25 - 00624000 _____ C:\Users\joss\Downloads\CoreParkingManager.zip 2015-10-20 12:21 - 2015-10-20 12:21 - 00000828 _____ C:\Users\joss\Desktop\ZHPCleaner.lnk 2015-10-20 12:20 - 2015-10-20 12:20 - 01867264 _____ C:\Users\joss\Desktop\ZHPCleaner.exe 2015-10-19 21:56 - 2015-10-19 22:03 - 00000000 ____D C:\ProgramData\RogueKiller 2015-10-19 21:56 - 2015-10-19 21:56 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-10-19 21:06 - 2015-10-19 21:06 - 00001849 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2015-10-19 21:06 - 2015-10-19 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-10-19 21:06 - 2015-10-19 21:06 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2015-10-19 21:01 - 2015-10-20 12:34 - 00000000 ____D C:\AdwCleaner 2015-10-19 21:00 - 2015-10-19 21:00 - 01691648 _____ C:\Users\joss\Desktop\AdwCleaner-5.014.exe 2015-10-19 20:53 - 2015-10-20 17:39 - 00000000 ____D C:\Users\joss\AppData\Roaming\ZHP 2015-10-19 20:53 - 2015-10-20 17:38 - 00000818 _____ C:\Users\joss\Desktop\ZHPDiag.lnk 2015-10-19 20:53 - 2015-10-19 20:53 - 01958912 _____ C:\Users\joss\Desktop\ZHPDiag3.exe 2015-10-19 16:12 - 2015-10-21 13:49 - 00002445 _____ C:\Windows\setupact.log 2015-10-19 16:12 - 2015-10-19 16:12 - 00014666 _____ C:\Windows\PFRO.log 2015-10-19 16:12 - 2015-10-19 16:12 - 00000000 _____ C:\Windows\setuperr.log 2015-10-15 18:57 - 2015-10-15 18:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-14 14:32 - 2015-10-14 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-10-12 19:14 - 2015-10-16 15:05 - 00000093 _____ C:\Users\joss\Desktop\todo.txt 2015-10-10 10:15 - 2015-10-21 12:42 - 00032817 _____ C:\Windows\WindowsUpdate.log 2015-10-09 11:31 - 2015-10-17 19:04 - 00000168 _____ C:\Users\joss\Desktop\CSGO SENS.txt 2015-10-04 22:38 - 2015-10-10 22:53 - 00000000 ____D C:\Users\joss\AppData\Local\UNDERTALE 2015-10-04 22:36 - 2015-09-18 20:16 - 00000000 ____D C:\Users\joss\Desktop\Undertale 2015-10-03 11:08 - 2015-10-03 11:08 - 00001202 _____ C:\Users\Public\Desktop\HD VDeck.lnk 2015-10-03 11:08 - 2015-10-03 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA 2015-09-30 19:28 - 2015-09-30 19:46 - 00000000 ____D C:\Users\joss\AppData\Local\MissingTranslation 2015-09-29 12:20 - 2015-09-29 12:20 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2015-09-29 12:20 - 2015-09-29 12:20 - 00000000 ____D C:\Users\joss\AppData\LocalLow\Google 2015-09-28 21:51 - 2015-09-28 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParkControl 2015-09-28 21:51 - 2015-09-28 21:51 - 00000000 ____D C:\Program Files\ParkControl 2015-09-24 23:29 - 2015-09-24 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2015-09-24 23:29 - 2015-09-24 23:29 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2015-09-24 23:29 - 2015-09-24 23:29 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-21 17:51 - 2013-12-05 20:00 - 00000000 ____D C:\Program Files (x86)\Steam 2015-10-21 09:55 - 2014-10-11 02:06 - 00000000 ____D C:\Users\joss\AppData\Local\Popcorn-Time 2015-10-20 12:41 - 2015-06-07 11:57 - 00000000 ____D C:\Users\joss\Downloads\DOCS 2015-10-20 12:41 - 2014-01-14 22:15 - 00000000 ____D C:\Users\joss\Downloads\PROGRAMMES 2015-10-20 12:41 - 2013-12-08 14:22 - 00000000 ____D C:\Users\joss\Downloads\ZIK 2015-10-20 12:39 - 2009-07-14 06:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-20 12:39 - 2009-07-14 06:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-20 12:37 - 2009-07-14 07:13 - 00757400 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-20 12:34 - 2013-12-06 09:59 - 00000000 ____D C:\Users\joss 2015-10-20 12:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-19 21:35 - 2014-08-08 09:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-19 21:02 - 2013-12-06 10:47 - 00000000 ____D C:\Windows\system32\log 2015-10-19 17:12 - 2015-03-16 13:20 - 00000000 ____D C:\Windows\pss 2015-10-19 17:03 - 2014-08-08 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-19 16:54 - 2014-08-08 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-19 16:54 - 2014-01-04 22:43 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-19 16:33 - 2015-01-10 18:25 - 00000000 ____D C:\Users\joss\AppData\Roaming\CodeBlocks 2015-10-19 16:33 - 2013-12-08 14:21 - 00000000 ____D C:\Users\joss\AppData\Roaming\vlc 2015-10-19 16:12 - 2015-09-03 00:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-17 16:22 - 2013-12-05 19:32 - 00000000 ____D C:\Users\joss\AppData\Roaming\Skype 2015-10-14 21:24 - 2015-02-16 22:23 - 00000000 ____D C:\Users\joss\AppData\Local\ESL Wire Game Client 2015-10-14 20:49 - 2015-02-16 22:27 - 00092448 _____ () C:\Windows\system32\Drivers\ESLWireACD.sys 2015-10-14 20:32 - 2015-02-16 22:27 - 00000000 ____D C:\Users\joss\Documents\ESL Match Media 2015-10-14 14:32 - 2014-07-30 23:48 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-10-14 14:32 - 2013-12-06 10:48 - 00000000 ____D C:\ProgramData\Skype 2015-10-12 17:28 - 2015-04-07 22:12 - 00000000 ____D C:\Users\joss\AppData\Local\CrashDumps 2015-10-11 13:45 - 2013-12-12 16:30 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-10-10 10:15 - 2015-06-02 00:33 - 00000000 ____D C:\Users\joss\Documents\The Witcher 3 2015-10-06 20:02 - 2014-02-07 13:09 - 00000000 ____D C:\Users\joss\AppData\Local\Battle.net 2015-10-06 19:30 - 2015-03-14 05:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-10-06 19:22 - 2014-02-07 13:09 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-10-05 09:50 - 2014-08-08 09:16 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-05 09:50 - 2014-08-08 09:16 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-05 09:50 - 2014-01-04 22:43 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-04 22:36 - 2015-04-04 13:25 - 00000000 ____D C:\Users\joss\AppData\Roaming\qBittorrent 2015-10-04 13:10 - 2015-07-30 21:36 - 00000000 ____D C:\Users\joss\AppData\Roaming\RadeonPro 2015-10-04 13:10 - 2015-04-07 21:13 - 00000000 ____D C:\Users\joss\AppData\Roaming\FileZilla 2015-10-04 13:10 - 2013-12-19 17:11 - 00000000 ____D C:\Windows\Minidump 2015-10-04 02:55 - 2014-04-20 22:12 - 00000000 ____D C:\Users\joss\AppData\Local\PokerStars.FR 2015-10-03 11:08 - 2015-03-20 03:35 - 00000024 _____ C:\Windows\SetupTemp.ini 2015-10-03 11:08 - 2013-12-06 10:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-10-02 14:09 - 2015-01-29 01:10 - 00000000 ____D C:\Users\joss\AppData\Roaming\Mumble 2015-10-02 03:54 - 2014-01-30 22:01 - 00000000 ____D C:\Users\joss\AppData\Local\Adobe 2015-10-02 03:54 - 2013-12-06 10:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-02 03:54 - 2013-12-06 10:46 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-02 03:53 - 2015-09-03 00:18 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-10-02 03:53 - 2015-09-03 00:18 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-09-30 19:26 - 2015-01-31 05:57 - 00000000 ____D C:\Users\joss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-09-30 14:21 - 2014-04-26 17:39 - 00000000 ____D C:\Users\joss\AppData\Roaming\LolClient 2015-09-29 12:20 - 2013-12-06 10:46 - 00000000 ____D C:\Program Files (x86)\Google 2015-09-29 11:13 - 2013-12-30 19:06 - 00000000 ____D C:\Users\joss\Downloads\FILMS 2015-09-28 20:14 - 2015-09-17 17:51 - 00000000 ____D C:\Users\joss\Desktop\replay 2015-09-24 23:43 - 2013-12-06 07:31 - 00000000 ____D C:\Users\joss\Documents\My Games ==================== Files in the root of some directories ======= 2014-05-14 09:56 - 2014-05-14 09:56 - 0069226 _____ () C:\Program Files (x86)\hminstalllog.txt 2015-08-19 09:54 - 2015-08-25 12:34 - 0000034 _____ () C:\Users\joss\AppData\Roaming\AdobeWLCMCache.dat 2015-02-16 22:31 - 2015-04-03 00:31 - 0000131 _____ () C:\Users\joss\AppData\Roaming\WB.CFG 2015-08-19 09:59 - 2015-08-19 10:00 - 212809145 _____ () C:\Users\joss\AppData\Local\ACCCx3_2_0_129.zip.aamdownload 2015-08-19 09:59 - 2015-08-19 10:00 - 0002489 _____ () C:\Users\joss\AppData\Local\ACCCx3_2_0_129.zip.aamdownload.aamd 2014-01-11 16:11 - 2014-02-09 19:50 - 0009959 _____ () C:\Users\joss\AppData\Local\CleanupUninstall.txt 2014-05-31 23:43 - 2015-08-17 09:37 - 0008192 _____ () C:\Users\joss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-18 11:31 - 2015-02-18 11:31 - 0000010 _____ () C:\Users\joss\AppData\Local\DSI.DAT 2015-01-09 04:59 - 2015-01-09 04:59 - 0000000 ___SH () C:\Users\joss\AppData\Local\LumaEmu Files to move or delete: ==================== C:\Users\joss\x.exe C:\Users\joss\ZHPDiag3.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-21 12:38 ==================== End of FRST.txt ============================