Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by HeroCorruptor66 (administrator) on LORDKUROWPC (07-01-2016 00:25:46) Running from C:\Users\HeroCorruptor66\Downloads\Programs Loaded Profiles: HeroCorruptor66 (Available Profiles: HeroCorruptor66) Platform: Windows 8.1 Single Language (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe () C:\Program Files (x86)\SMART BRO\AssistantServices.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe () C:\Program Files (x86)\puush\puush.exe (EuroTech AE Co., Ltd.) C:\Program Files (x86)\Ecsow Dialer\CallBackReminder.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\SMART BRO\UIExec.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-13] (Alcor Micro Corp.) HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-05] (AVAST Software) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\SMART BRO\UIExec.exe [156448 2012-05-11] () HKLM-x32\...\Run: [MessengerPlusForSkypeService] => C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-06] (Yuna Software) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5709000 2014-11-04] (Daum Kakao Corp. ) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3639568 2014-07-10] (Disc Soft Ltd) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-09] (Piriform Ltd) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] () HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [CallBackReminder] => C:\Program Files (x86)\Ecsow Dialer\callbackreminder.exe [1719784 2015-07-26] (EuroTech AE Co., Ltd.) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5244216 2009-11-10] (Yahoo! Inc.) HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {5bbc1888-135c-11e4-825e-28e3475de606} - "E:\setup.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {5bbc190b-135c-11e4-825e-28e3475de606} - "F:\FalloutNewVegasDLC_setup.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {5bbc190f-135c-11e4-825e-28e3475de606} - "H:\autorun.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {5e6a53e1-4de1-11e4-8265-28e3475de606} - "E:\AutoRun.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {a4eebe1f-965d-11e5-82cf-28e3475de606} - "F:\Lenovo_Suite.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {b499898a-a656-11e4-827d-28e3475de606} - "E:\Autorun.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {b97454fc-2861-11e4-8263-28e3475de606} - "E:\Autorun.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {e9648d85-1723-11e4-8260-28e3475de606} - "I:\autorun.exe" HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\MountPoints2: {fdbae1ec-dca8-11e4-8289-28e3475de606} - "E:\Autorun.exe" ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-05] (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Startup: C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\javaplus.vbs [2015-11-21] () Startup: C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2016-01-06] ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{65F1F85C-BDCB-4455-BF3D-290FC7EC5A34}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BC09D3F2-8360-48CC-8B7B-D0A6D4580979}: [DhcpNameServer] 10.8.0.1 Tcpip\..\Interfaces\{C73718AB-49F9-4043-985B-387AF70CD40D}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{CE246B7D-9DBA-4E40-BE40-BAE4D650AC53}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3368743618-531305195-2325762822-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB HKU\S-1-5-21-3368743618-531305195-2325762822-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com HKU\S-1-5-21-3368743618-531305195-2325762822-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshibamea.com BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-08-28] (Internet Download Manager, Tonec Inc.) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-17] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-25] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-17] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-08-28] (Internet Download Manager, Tonec Inc.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-17] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-25] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-17] (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default FF Homepage: about:blank FF Session Restore: -> is enabled. FF NetworkProxy: "http", "122.219.134.221" FF NetworkProxy: "http_port", 8081 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-17] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3368743618-531305195-2325762822-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HeroCorruptor66\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-29] (Unity Technologies ApS) FF user.js: detected! => C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\user.js [2015-03-21] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-10-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\bingp.xml [2014-07-24] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\danbooru.xml [2015-01-23] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\desustorage.xml [2015-11-12] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\deviantart-where-art-meets-application.xml [2014-08-01] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga-1.xml [2015-01-31] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\duckduckgo-.xml [2015-10-25] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\gelbooru.xml [2015-01-25] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\internet-archive-wayback-machine.xml [2015-02-25] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\niconico-douga-ginza.xml [2014-08-01] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\nt--browse.xml [2014-08-01] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\pixiv.xml [2014-08-01] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\tumblr.xml [2014-08-01] FF SearchPlugin: C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\searchplugins\youtube.xml [2014-08-01] FF Extension: Edit Source - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\edit-source@mozilla.com.xpi [2015-04-25] FF Extension: Imgur Uploader - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\giorgio@gilestro.tk.xpi [2015-05-29] FF Extension: NicoFox - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\nicofox@littlebtc.xpi [2015-05-29] FF Extension: Siphon - Sync Add-ons - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\siphon@siphon.ian-halpern.com.xpi [2015-05-29] FF Extension: Microsoft .NET Framework Assistant - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-29] FF Extension: Image Search Options - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2015-05-29] FF Extension: GameFOX - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} [2015-05-29] FF Extension: ReloadEvery - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-05-29] FF Extension: TryAgain - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}.xpi [2015-05-29] FF Extension: Tamper Data - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-05-29] FF Extension: Rikaichan - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-05-29] FF Extension: RAMBack - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\ramback@pavlov.net.xpi [2015-07-03] FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-08-14] FF Extension: FireShot - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-11-09] FF Extension: Greasemonkey - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-22] FF Extension: Save Image in Folder - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-15] FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\rikaichan-jpen@polarcloud.com [2016-01-03] FF Extension: Rikaichan Japanese Names Dictionary File - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\extensions\rikaichan-jpnames@polarcloud.com [2016-01-04] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\about-addons-memory@tn123.org.xpi [2015-07-03] [not signed] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-05-29] [not signed] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-12-19] [not signed] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\firefox@ghostery.com.xpi [2015-12-30] [not signed] FF Extension: MEGA - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\firefox@mega.co.nz.xpi [2015-12-22] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\jid1-4ogjq7MUzAiCOw@jetpack.xpi [2015-10-26] [not signed] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\jid1-6MGm94JnyY2VkA@jetpack.xpi [2016-01-05] [not signed] FF Extension: YouTube Center Developer Build - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-12-13] [not signed] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2015-12-17] [not signed] FF Extension: No Name - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\linkificator@markapola.xpi [2015-09-24] [not signed] FF Extension: uBlock Origin - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\uBlock0@raymondhill.net.xpi [2015-12-28] FF Extension: Adblock Plus Filter Uploader - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\uploader@adblockfilters.mozdev.org.xpi [2015-12-05] FF Extension: iMEGA - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\{065ee92a-ad57-42a2-b6d5-466b6fd8e24d}.xpi [2015-05-27] FF Extension: Flagfox - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-12-21] FF Extension: FT DeepDark - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-12-20] FF Extension: Search by Image for Google - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-05-30] FF Extension: Adblock Plus - C:\Users\HeroCorruptor66\AppData\Roaming\Mozilla\Firefox\Profiles\mcxypkkc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-05] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-05] FF HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-3368743618-531305195-2325762822-1002\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HeroCorruptor66\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\HeroCorruptor66\AppData\Roaming\IDM\idmmzcc5 [2015-08-22] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07] CHR Extension: (Google Drive) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (QRreader beta) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic [2014-07-30] CHR Extension: (YouTube) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25] CHR Extension: (4chan X) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2014-07-30] CHR Extension: (APK Downloader) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-12-04] CHR Extension: (uBlock Origin) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-06] CHR Extension: (Google Search) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (NicoNico Audio Extractor) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh [2015-01-26] CHR Extension: (Google Docs Offline) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04] CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-01-06] CHR Extension: (Avast Online Security) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-26] CHR Extension: (rikaikun) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-07-30] CHR Extension: (Skype) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-06] CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-12-08] CHR Extension: (IDM Integration Module) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-08-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (APK Downloader) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhlfmheblhjhkmacldlhdnbgbaiigba [2014-11-24] CHR Extension: (Black Black Chrome Theme Hot Pink Highlight) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdhfcagdlpjbpfldpabhkdibdcbaiih [2014-07-30] CHR Extension: (Gmail) - C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR Extension: (YouTube Center Developer Build) - C:\Users\HeroCorruptor66\Downloads\YouTubeCenter [2015-07-22] [UpdateUrl: hxxps://raw.github.com/YePpHa/YouTubeCenter/master/dist/chrome-update.xml] <==== ATTENTION CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-25] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-05] (AVAST Software) R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] () R2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-06] (Yuna Software) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-07-17] (TOSHIBA CORPORATION) R2 UI Assistant Service; C:\Program Files (x86)\SMART BRO\AssistantServices.exe [274760 2012-10-24] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] () S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-05] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-05] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-05] (AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation) R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2014-07-25] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-08-01] (Realtek Semiconductor Corporation ) R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-26] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] () R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-07 00:25 - 2016-01-07 00:25 - 00000000 ____D C:\FRST 2016-01-06 18:09 - 2016-01-06 18:09 - 00006209 _____ C:\Users\HeroCorruptor66\Downloads\HYPNOSIS OBEY - script.txt 2016-01-06 18:08 - 2016-01-06 18:08 - 00000003 _____ C:\Users\HeroCorruptor66\Downloads\-- script.txt 2016-01-06 15:07 - 2015-12-30 15:45 - 00000000 ____D C:\Users\HeroCorruptor66\Downloads\Chibis 2016-01-06 06:43 - 2016-01-06 06:43 - 00003308 _____ C:\Windows\System32\Tasks\WindowsUpda2ta 2016-01-06 06:33 - 2016-01-06 06:41 - 00000883 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-01-06 06:17 - 2016-01-06 06:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-06 06:16 - 2016-01-06 06:41 - 00001079 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-06 06:16 - 2016-01-06 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-06 06:16 - 2016-01-06 06:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-06 06:16 - 2016-01-06 06:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-01-06 06:16 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-06 06:16 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-06 06:16 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-05 09:51 - 2015-11-21 07:05 - 00001763 _____ C:\Users\HeroCorruptor66\javaplus.vbs 2016-01-05 09:42 - 2016-01-05 09:42 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-01-05 09:42 - 2016-01-05 09:42 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-30 23:20 - 2016-01-05 11:32 - 13434336 _____ C:\Users\HeroCorruptor66\Downloads\Chibis.rar 2015-12-25 19:23 - 2015-12-25 19:23 - 00034036 _____ C:\Users\HeroCorruptor66\Downloads\One Punch Man BD1 Bonus OVA.torrent 2015-12-24 09:12 - 2015-12-24 18:57 - 00003171 _____ C:\Users\HeroCorruptor66\Documents\story.txt 2015-12-24 08:49 - 2015-12-24 08:49 - 00026574 _____ C:\Users\HeroCorruptor66\Downloads\55741ca854f220fa6184c37eff86dd81bc883be0.torrent 2015-12-21 16:37 - 2015-12-21 16:37 - 00001621 _____ C:\Users\HeroCorruptor66\Documents\cookies.txt 2015-12-21 11:32 - 2015-12-21 11:32 - 00024333 _____ C:\Users\HeroCorruptor66\Downloads\[HorribleSubs] One-Punch Man - 12 [720p].mkv.torrent 2015-12-17 22:38 - 2015-12-17 22:38 - 00000026 _____ C:\Users\HeroCorruptor66\Documents\bpi.txt 2015-12-17 21:58 - 2015-12-17 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-17 21:58 - 2015-12-17 21:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-17 21:58 - 2015-12-17 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-17 03:39 - 2015-12-17 03:39 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-12-17 03:14 - 2015-12-17 03:15 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\Tencent 2015-12-15 00:01 - 2015-12-15 00:01 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\gambatte 2015-12-14 15:40 - 2015-12-14 15:40 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Local\CEF 2015-12-14 05:16 - 2015-12-14 05:16 - 00024353 _____ C:\Users\HeroCorruptor66\Downloads\[HorribleSubs] One-Punch Man - 11 [720p].mkv.torrent 2015-12-10 17:34 - 2015-12-10 17:34 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\Shuame 2015-12-10 17:33 - 2015-12-17 03:13 - 05973592 _____ C:\Users\HeroCorruptor66\Downloads\RootGenius_en_2.2.6.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-07 00:25 - 2013-08-22 21:36 - 00000000 ____D C:\Windows 2016-01-07 00:22 - 2014-07-24 17:23 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\Skype 2016-01-07 00:00 - 2014-07-24 17:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-06 23:36 - 2014-07-25 02:09 - 00000000 ____D C:\Users\HeroCorruptor66\Downloads\Compressed 2016-01-06 23:35 - 2014-07-24 18:24 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-06 18:35 - 2014-07-24 18:24 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-06 18:14 - 2014-07-24 17:14 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\ClassicShell 2016-01-06 14:10 - 2014-07-24 16:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3368743618-531305195-2325762822-1002 2016-01-06 12:11 - 2014-07-24 16:43 - 00000000 ___RD C:\Users\HeroCorruptor66\SkyDrive 2016-01-06 11:28 - 2014-07-25 02:09 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\DMCache 2016-01-06 07:31 - 2015-04-11 19:48 - 00000000 ____D C:\Program Files (x86)\betternet 2016-01-06 07:22 - 2014-07-31 20:31 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\MPC-HC 2016-01-06 06:41 - 2015-11-15 05:52 - 00001068 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk 2016-01-06 06:41 - 2015-11-07 00:40 - 00000962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk 2016-01-06 06:41 - 2015-11-03 20:00 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-06 06:41 - 2015-09-19 05:08 - 00000985 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2016-01-06 06:41 - 2015-06-26 02:24 - 00001785 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk 2016-01-06 06:41 - 2015-06-10 11:06 - 00001200 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betternet.lnk 2016-01-06 06:41 - 2015-05-07 13:24 - 00001675 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BROFORCE_Beta.lnk 2016-01-06 06:41 - 2015-04-08 23:24 - 00000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk 2016-01-06 06:41 - 2015-02-04 00:33 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2016-01-06 06:41 - 2015-01-26 07:14 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2016-01-06 06:41 - 2015-01-24 08:10 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2016-01-06 06:41 - 2015-01-20 05:09 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk 2016-01-06 06:41 - 2015-01-20 05:08 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk 2016-01-06 06:41 - 2015-01-20 05:06 - 00001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk 2016-01-06 06:41 - 2015-01-20 05:05 - 00001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk 2016-01-06 06:41 - 2015-01-20 05:03 - 00001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk 2016-01-06 06:41 - 2015-01-20 05:03 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk 2016-01-06 06:41 - 2015-01-20 05:02 - 00000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk 2016-01-06 06:41 - 2014-10-25 20:55 - 00001098 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Nokia X Manager.lnk 2016-01-06 06:41 - 2014-09-03 21:10 - 00000651 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\東方構東方紅輝心.lnk 2016-01-06 06:41 - 2014-08-01 08:51 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-01-06 06:41 - 2014-07-30 19:23 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk 2016-01-06 06:41 - 2014-07-24 16:55 - 00002080 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-06 06:41 - 2014-07-24 16:55 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-06 06:41 - 2014-07-24 16:38 - 00001429 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-06 06:41 - 2013-09-24 03:43 - 00002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-01-06 06:40 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-06 06:39 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Globalization 2016-01-06 06:39 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-01-06 06:36 - 2014-11-27 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warhammer 40000 - Space Marine 2016-01-06 06:35 - 2015-05-15 21:26 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\system86 2016-01-06 06:35 - 2014-12-27 21:37 - 00000000 ____D C:\Program Files (x86)\Settings Manager 2016-01-06 06:35 - 2014-12-27 21:36 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\IHlpr 2016-01-06 06:35 - 2014-07-25 02:09 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2016-01-05 09:51 - 2014-07-24 16:37 - 00000000 ____D C:\Users\HeroCorruptor66 2016-01-05 09:48 - 2014-07-24 16:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-05 09:48 - 2014-07-24 16:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-05 09:44 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf 2016-01-05 09:43 - 2014-07-24 18:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-01-05 09:43 - 2014-07-24 18:23 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-01-05 09:43 - 2014-07-24 18:23 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2016-01-05 09:42 - 2014-07-24 18:23 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-01-05 09:42 - 2014-07-24 18:23 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-01-05 09:42 - 2014-07-24 18:23 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-01-05 09:42 - 2014-07-24 18:23 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-01-05 09:42 - 2014-07-24 18:23 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-01-05 09:42 - 2014-07-24 18:23 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-01-04 16:00 - 2015-01-24 19:46 - 00000000 ____D C:\Users\HeroCorruptor66\Documents\Hypnosis Files 2016-01-02 01:34 - 2014-07-25 02:09 - 00000000 ____D C:\Users\HeroCorruptor66\Downloads\Video 2015-12-30 00:00 - 2015-11-11 04:00 - 09479872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-12-30 00:00 - 2014-07-24 17:38 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-29 02:20 - 2013-09-24 03:10 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-29 02:19 - 2014-08-01 07:48 - 00000000 ____D C:\Users\HeroCorruptor66\Downloads\Torrents 2015-12-26 18:32 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF 2015-12-24 20:00 - 2015-01-20 05:33 - 00000132 _____ C:\Users\HeroCorruptor66\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-12-24 01:22 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-24 01:22 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-21 06:02 - 2015-09-19 05:08 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Roaming\ViberPC 2015-12-21 04:59 - 2015-10-31 16:43 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Local\Genymobile 2015-12-21 04:52 - 2015-03-09 18:47 - 00000000 ____D C:\Users\HeroCorruptor66\.VirtualBox 2015-12-20 23:58 - 2015-02-04 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE 2015-12-17 03:42 - 2015-10-02 17:19 - 00000000 ____D C:\Users\HeroCorruptor66\.oracle_jre_usage 2015-12-17 03:42 - 2014-11-24 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-17 03:41 - 2015-10-02 17:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-12-17 03:41 - 2015-10-02 17:21 - 00000000 ____D C:\Program Files\Java 2015-12-17 03:39 - 2014-11-24 12:28 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-15 00:03 - 2014-07-25 02:10 - 00000000 ____D C:\VidyaGaems 2015-12-14 15:42 - 2015-08-27 17:58 - 00000000 ____D C:\Users\HeroCorruptor66\Documents\RPGBooks 2015-12-14 15:40 - 2014-08-01 15:39 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Local\Adobe 2015-12-14 14:02 - 2014-07-24 18:24 - 00000000 ____D C:\Users\HeroCorruptor66\AppData\Local\Google 2015-12-10 20:46 - 2014-09-03 17:37 - 00000000 ____D C:\Users\HeroCorruptor66\Documents\My Games ==================== Files in the root of some directories ======= 2015-08-08 10:30 - 2015-08-08 10:30 - 0000132 _____ () C:\Users\HeroCorruptor66\AppData\Roaming\Adobe BMP Format CS5 Prefs 2015-04-30 22:43 - 2015-04-30 22:43 - 0000132 _____ () C:\Users\HeroCorruptor66\AppData\Roaming\Adobe GIF Format CS5 Prefs 2015-01-20 05:33 - 2015-12-24 20:00 - 0000132 _____ () C:\Users\HeroCorruptor66\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-11-04 21:05 - 2015-11-04 21:05 - 0000218 _____ () C:\Users\HeroCorruptor66\AppData\Local\recently-used.xbel 2015-05-22 01:14 - 2015-05-22 01:50 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip Files to move or delete: ==================== C:\Users\HeroCorruptor66\javaplus.vbs Some files in TEMP: ==================== C:\Users\HeroCorruptor66\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-31 06:02 ==================== End of FRST.txt ============================