JustPaste.it - Share Text & Images the Easy Way

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08.11.2018
Ran by guillaume (administrator) on TEST (08-11-2018 20:26:09)
Running from D:\DownloadSSD
Loaded Profiles: guillaume (Available Profiles: guillaume)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe
(Druide informatique inc.) D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Pushbullet Inc) C:\Users\guillaume\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Apowersoft) D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(Mozilla Corporation) D:\program ssd\thunderbird\thunderbird.exe
(Spotify Ltd) C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Mega Limited) C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe
(Elaborate Bytes AG) D:\program ssd\iso\VirtualCloneDrive\VCDDaemon.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Sandbox.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Code Systems Corporation) C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Launcher.exe
(Discord Inc.) C:\Users\guillaume\AppData\Local\Discord\app-0.0.301\Discord.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ExKode Co. Ltd.) C:\Program Files (x86)\ExKode\Dxtory2.0\Dxtory64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Valve Corporation) D:\program ssd\steam\Steam.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\program ssd\steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\DownloadSSD\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [400800 2018-04-20] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AgentAntidote32] => D:\DownloadSSD\antidote\Application\Bin32\AgentAntidote.exe [1653352 2017-09-12] (Druide informatique inc.)
HKLM\...\Run: [AgentAntidote64] => D:\DownloadSSD\antidote\Application\Bin64\AgentAntidote.exe [1797736 2017-09-12] (Druide informatique inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3785536 2018-11-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\program ssd\iso\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2916160 2015-09-21] (Corsair Components, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Pushbullet] => D:\program ssd\psuhbullet\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [yyZxbkrUTU] => C:\Users\guillaume\AppData\Local\tdVNwznfWA\activate.exe [413136 2018-08-31] (Microsoft Corporation)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [ApowersoftScreenRecorder] => D:\program ssd\dsadsa\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [3617944 2017-02-07] (Apowersoft)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [VoiceAttack] => C:\SteamLibrary\steamapps\common\VoiceAttack\VoiceAttack.exe [5744120 2018-10-30] (VoiceAttack.com)
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\...\Run: [Spotify] => C:\Users\guillaume\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-10-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-06-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\guillaume\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Turbo Sandbox Manager.lnk [2018-10-11]
ShortcutTarget: Turbo Sandbox Manager.lnk -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Sandbox.exe (Code Systems Corporation)
Startup: C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLauncher.lnk [2018-10-11]
ShortcutTarget: TurboLauncher.lnk -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\Turbo-Launcher.exe (Code Systems Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [56424 2012-11-22] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [57448 2012-11-22] ()
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{36D2171C-A57F-46B4-B995-D6E62D4F80F7}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F456A0CD-13F2-4BD0-8E4A-B58889CF8AA9}: [DhcpNameServer] 10.12.12.3 192.168.4.3 192.168.4.5

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3805808772-3452688692-1920293510-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
SearchScopes: HKU\S-1-5-21-3805808772-3452688692-1920293510-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-05-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6zl966uz.default
FF ProfilePath: C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default [2018-11-08]
FF Extension: (VPNetworksLLC Proxy) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\@VPNetworksLLC.xpi [2018-09-17]
FF Extension: (Antidote) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\antidote9_firefox@druide.com.xpi [2017-11-30]
FF Extension: (CryptoTab) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\cryptotab-ff@cryptotab.net.xpi [2018-10-10]
FF Extension: (TubeBuddy for YouTube) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2018-11-02]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\es-es@dictionaries.addons.mozilla.org [2018-07-11] [Legacy]
FF Extension: (Dictionnaire français) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2018-07-11] [Legacy]
FF Extension: (SaveFrom.net helper) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\helper@savefrom.net.xpi [2018-10-16]
FF Extension: (HTTPS Everywhere) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\https-everywhere@eff.org.xpi [2018-11-01]
FF Extension: (Honey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2018-10-13]
FF Extension: (Pushbullet) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2018-07-06]
FF Extension: (English (GB) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (Español (España) Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (Français Language Pack) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\langpack-fr@firefox.mozilla.org.xpi [2018-10-25]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\marcoagpinto@mail.telepac.pt.xpi [2018-10-25] [Legacy]
FF Extension: (Smart Referer) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2018-09-21]
FF Extension: (User-Agent Switcher) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2018-08-16]
FF Extension: (minerBlock) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\xd4rker@gmail.com.xpi [2018-10-23]
FF Extension: (Adblock Plus) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-01]
FF Extension: (Greasemonkey) - C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\6zl966uz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3805808772-3452688692-1920293510-1001: @turbo.net/Turbo.net Plugin 3.33 -> C:\Users\guillaume\AppData\Local\Turbo\18.10.1788.0\npMozillaTurboPlugin.dll [2018-10-03] (Code Systems Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-18]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-08]
CHR Extension: (Slides) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-18]
CHR Extension: (Docs) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-18]
CHR Extension: (Google Drive) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-29]
CHR Extension: (YouTube) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-18]
CHR Extension: (Sheets) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-18]
CHR Extension: (Google Docs Offline) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-18]
CHR Extension: (Antidote) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbojggafdepnclikhiapkpinbfdhbdoi [2018-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-18]
CHR Extension: (Gmail) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
CHR Profile: C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lbojggafdepnclikhiapkpinbfdhbdoi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-08-27] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-11-06] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-07] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-09-27] (Futuremark)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [362912 2018-04-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 Wallpaper Engine Service; C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [356840 2018-08-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [34416 2016-03-24] (AnvSoft Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-21] (Qualcomm Atheros Communications, Inc.)
S3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [112808 2015-09-21] (Corsair Components, Inc.)
S3 hmatap; C:\Windows\system32\DRIVERS\hmatap.sys [45560 2018-06-22] (The OpenVPN Project)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46408 2017-12-15] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [46544 2018-09-13] (SteelSeries ApS)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows (R) Win 7 DDK provider)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [212744 2018-07-09] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2018-10-18] (BigNox Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-08 17:09 - 2018-11-08 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeTwo
2018-11-08 17:09 - 2018-11-08 17:09 - 000000000 ____D C:\Program Files (x86)\CodeTwo
2018-11-07 23:46 - 2018-11-07 23:46 - 000003896 _____ C:\Windows\System32\Tasks\AAct
2018-11-07 18:13 - 2018-11-07 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-06 21:02 - 2018-11-06 21:02 - 000000000 ____D C:\Users\guillaume\AppData\Local\kleopatra
2018-11-06 16:24 - 2018-11-08 17:39 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\gnupg
2018-11-06 16:24 - 2018-11-08 14:40 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\kleopatra
2018-11-06 16:24 - 2018-11-06 16:24 - 000002034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-11-06 16:24 - 2018-11-06 16:24 - 000002022 _____ C:\Users\Public\Desktop\Kleopatra.lnk
2018-11-06 16:24 - 2018-11-06 16:24 - 000001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-11-06 16:24 - 2018-11-06 16:24 - 000001124 _____ C:\Users\Public\Desktop\GPA.lnk
2018-11-06 16:24 - 2018-11-06 16:24 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-11-06 16:24 - 2018-11-06 16:24 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-11-06 09:34 - 2018-11-06 09:36 - 000000000 ____D C:\AdwCleaner
2018-11-06 09:29 - 2018-11-06 09:29 - 000000000 ____D C:\Users\guillaume\AppData\Local\mbam
2018-11-06 09:28 - 2018-11-06 09:28 - 000000000 ____D C:\Users\guillaume\AppData\Local\mbamtray
2018-11-06 08:06 - 2018-11-06 08:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-11-06 08:06 - 2018-11-06 08:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-11-06 08:06 - 2018-11-06 08:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-11-06 08:06 - 2018-11-06 08:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-11-05 18:19 - 2018-11-08 20:26 - 000000000 ____D C:\FRST
2018-11-05 17:24 - 2018-11-05 17:24 - 000000887 _____ C:\Users\guillaume\AppData\Local\recently-used.xbel
2018-11-05 14:32 - 2018-11-05 14:32 - 000000000 ____D C:\Quarantine
2018-11-05 14:31 - 2018-11-05 14:31 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-11-05 14:26 - 2018-11-05 14:26 - 000000000 ____D C:\TDSSKiller_Quarantine
2018-11-05 13:52 - 2018-11-05 13:52 - 000000032 _____ C:\Users\guillaume\Downloads\maValidation (1).txt
2018-11-05 13:51 - 2018-11-05 13:51 - 007693048 _____ (Tim Kosse) C:\Users\guillaume\Downloads\FileZilla_3.38.1_win64-setup.exe
2018-11-05 11:31 - 2018-11-05 11:31 - 000000032 _____ C:\Users\guillaume\Downloads\maValidation.txt
2018-11-05 08:41 - 2018-11-05 08:41 - 000001006 _____ C:\Users\Public\Desktop\Notepad++.lnk
2018-11-02 11:39 - 2018-11-02 11:39 - 000000000 ____D C:\Users\guillaume\AppData\Local\HP
2018-11-02 07:10 - 2018-11-02 07:10 - 000000000 ____D C:\ProgramData\HP
2018-11-01 11:46 - 2018-09-12 13:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-01 11:46 - 2018-09-11 10:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-01 11:46 - 2018-08-25 22:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-01 11:46 - 2018-08-25 22:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-01 11:46 - 2018-08-25 22:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-01 11:46 - 2018-08-25 22:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-01 11:46 - 2018-08-25 20:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-01 11:46 - 2018-08-25 20:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-01 11:46 - 2018-08-21 08:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-01 11:46 - 2018-08-21 08:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-01 11:46 - 2018-08-19 11:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-01 11:46 - 2018-08-19 10:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-01 11:46 - 2018-08-19 10:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-01 11:43 - 2018-09-18 00:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-01 11:43 - 2018-09-18 00:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-01 11:43 - 2018-09-18 00:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-01 11:43 - 2018-09-18 00:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-01 11:43 - 2018-09-17 23:49 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-01 11:43 - 2018-09-17 23:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-01 11:43 - 2018-09-17 23:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-01 11:43 - 2018-09-17 23:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-01 11:43 - 2018-09-17 23:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-01 11:43 - 2018-09-17 23:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-01 11:43 - 2018-09-17 23:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-01 11:43 - 2018-09-17 23:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-01 11:43 - 2018-09-17 23:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-01 11:43 - 2018-09-17 22:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-01 11:43 - 2018-09-17 22:55 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-01 11:43 - 2018-09-17 22:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-01 11:43 - 2018-09-17 22:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-01 11:43 - 2018-09-17 22:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-01 11:43 - 2018-09-17 22:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-01 11:43 - 2018-09-17 22:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-01 11:43 - 2018-09-17 19:26 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-11-01 11:43 - 2018-09-11 11:38 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-01 11:43 - 2018-09-08 15:53 - 002532552 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-11-01 11:43 - 2018-09-08 13:40 - 007372224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-01 11:43 - 2018-09-08 13:40 - 002014136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-11-01 11:43 - 2018-09-08 13:33 - 001368776 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-11-01 11:43 - 2018-09-08 13:22 - 001737696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-01 11:43 - 2018-09-08 13:22 - 001676152 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-01 11:43 - 2018-09-08 13:22 - 001536216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-11-01 11:43 - 2018-09-08 13:22 - 001500528 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-01 11:43 - 2018-09-08 13:22 - 001371448 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-11-01 11:43 - 2018-09-08 12:58 - 001902936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-11-01 11:43 - 2018-09-08 10:43 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-11-01 11:43 - 2018-09-07 21:12 - 001549040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-01 11:43 - 2018-09-07 21:12 - 000388336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-01 11:43 - 2018-09-07 12:39 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-11-01 11:43 - 2018-09-07 11:51 - 002849280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-11-01 11:43 - 2018-09-01 11:43 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-01 11:43 - 2018-08-29 08:51 - 002451800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-11-01 11:43 - 2018-08-25 23:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-11-01 11:43 - 2018-08-25 23:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-11-01 11:43 - 2018-08-25 22:13 - 015441920 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-11-01 11:43 - 2018-08-25 22:08 - 013321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-31 15:57 - 2018-10-31 15:57 - 000000214 _____ C:\Users\guillaume\Desktop\RiME.url
2018-10-31 15:57 - 2018-10-31 15:57 - 000000214 _____ C:\Users\guillaume\Desktop\Hotline Miami 2 Wrong Number.url
2018-10-31 15:38 - 2018-10-31 15:38 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\David OReilly
2018-10-31 15:33 - 2018-10-31 15:33 - 000000000 _____ C:\Users\guillaume\Documents\New Text Document.txt
2018-10-31 15:25 - 2018-10-31 15:25 - 000000214 _____ C:\Users\guillaume\Desktop\Everything.url
2018-10-31 13:00 - 2018-10-31 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HCS VoicePack Ships Parrot
2018-10-30 18:51 - 2018-10-30 18:51 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\VoiceAttack
2018-10-30 18:24 - 2018-10-30 18:24 - 000000000 ____D C:\Users\guillaume\AppData\Local\VoiceAttack.com
2018-10-30 07:23 - 2018-10-30 07:23 - 000000214 _____ C:\Users\guillaume\Desktop\VoiceAttack.url
2018-10-28 19:04 - 2018-10-28 19:04 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\.madgarden
2018-10-27 20:15 - 2018-10-27 20:15 - 000000214 _____ C:\Users\guillaume\Desktop\Death Road to Canada.url
2018-10-26 18:20 - 2018-10-26 18:20 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\EpsilonGames
2018-10-25 18:38 - 2018-10-25 18:38 - 000000000 _____ C:\Users\guillaume\Desktop\New Text Document (7).txt
2018-10-25 18:14 - 2018-11-07 23:43 - 000000000 ____D C:\Windows\AAct_Tools
2018-10-25 13:19 - 2018-10-25 13:19 - 002354846 _____ C:\Users\guillaume\Downloads\123.txt
2018-10-25 13:11 - 2018-10-25 13:11 - 001927226 _____ C:\Users\guillaume\Downloads\111.txt
2018-10-25 13:10 - 2018-10-25 13:10 - 000000000 _____ C:\Users\guillaume\Downloads\New Text Document (2).txt
2018-10-25 13:09 - 2018-10-25 13:09 - 003419186 _____ C:\Users\guillaume\Downloads\1231.nfo
2018-10-24 20:47 - 2018-10-24 20:47 - 003365854 _____ C:\Users\guillaume\Downloads\123.nfo
2018-10-19 15:22 - 2018-10-19 15:22 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\IObit
2018-10-19 14:28 - 2018-11-04 14:59 - 000000000 ____D C:\Program Files (x86)\IObit
2018-10-19 14:28 - 2018-11-03 21:47 - 000000000 ____D C:\ProgramData\ProductData
2018-10-19 14:28 - 2018-10-19 14:30 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\IObit
2018-10-19 14:28 - 2018-10-19 14:28 - 000000000 ____D C:\ProgramData\IObit
2018-10-18 17:57 - 2018-10-18 17:57 - 000000743 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2018-10-18 14:33 - 2018-10-18 14:33 - 000001022 _____ C:\Users\guillaume\Desktop\NoxPlayer2-Android4.4.2.lnk
2018-10-18 11:56 - 2018-10-18 11:56 - 000000000 ____D C:\Users\guillaume\AppData\Local\MultiPlayerManager
2018-10-18 11:54 - 2018-11-08 17:12 - 000000000 ____D C:\Users\guillaume\.BigNox
2018-10-18 11:53 - 2018-10-18 11:53 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2018-10-18 11:52 - 2018-10-18 11:52 - 000000000 ____D C:\Users\guillaume\Documents\nox
2018-10-18 11:52 - 2018-10-18 11:52 - 000000000 ____D C:\Program Files (x86)\Bignox
2018-10-18 11:00 - 2018-10-18 11:00 - 000000000 ____D C:\Program Files (x86)\nox
2018-10-17 12:54 - 2018-10-17 12:57 - 338810472 _____ (Duodian Technology Co. Ltd.) C:\Users\guillaume\Downloads\nox_setup_v6.2.3.9_full_intl.exe
2018-10-15 18:15 - 2018-10-15 18:15 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\Smartly Dressed Games
2018-10-15 18:15 - 2018-10-15 18:15 - 000000000 ____D C:\Users\guillaume\AppData\Local\BattlEye
2018-10-12 19:06 - 2018-10-12 19:50 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\.purple
2018-10-12 19:06 - 2018-10-12 19:06 - 000000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2018-10-12 19:06 - 2018-10-12 19:06 - 000000000 ____D C:\Program Files (x86)\Pidgin
2018-10-11 12:20 - 2018-10-11 12:20 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbo.net
2018-10-09 17:13 - 2018-10-23 23:00 - 000000000 ____D C:\ProgramData\AMD AutoUpdate
2018-10-09 17:13 - 2018-10-09 17:13 - 000003332 _____ C:\Windows\System32\Tasks\AMDAutoUpdate
2018-10-09 17:13 - 2018-10-09 17:13 - 000002173 _____ C:\Users\Public\Desktop\AMD Ryzen Master.lnk
2018-10-09 17:13 - 2018-10-09 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
2018-10-09 17:13 - 2018-10-09 17:13 - 000000000 ____D C:\Program Files\AMD
2018-10-09 17:12 - 2018-10-09 17:12 - 000000000 ____D C:\Users\guillaume\AppData\Local\Downloaded Installations
2018-10-09 17:11 - 2018-10-09 17:11 - 000000000 ____D C:\Program Files (x86)\EVGA
2018-10-09 17:10 - 2018-10-09 17:11 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-10-09 17:10 - 2018-10-09 17:10 - 000000946 _____ C:\Users\guillaume\Desktop\EVGA Precision X1.lnk
2018-10-09 17:10 - 2018-10-09 17:10 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA
2018-10-09 17:04 - 2018-10-09 17:10 - 000000000 ____D C:\Program Files\EVGA
2018-10-09 17:04 - 2018-10-09 17:04 - 000001077 _____ C:\Users\guillaume\Desktop\EVGA OC Scanner X.lnk
2018-10-09 17:04 - 2018-10-09 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2018-10-09 16:47 - 2018-10-09 16:47 - 000000000 ____D C:\Users\guillaume\AppData\Local\UL
2018-10-09 16:47 - 2018-10-09 16:47 - 000000000 ____D C:\ProgramData\UL
2018-10-09 16:43 - 2018-10-09 16:43 - 000000214 _____ C:\Users\guillaume\Desktop\3DMark.url
2018-10-09 16:07 - 2018-10-09 16:47 - 000000000 ____D C:\Users\guillaume\.oracle_jre_usage
2018-10-09 16:07 - 2018-10-09 16:07 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\com.sdedibox.remote.RemoteApplication
2018-10-09 16:04 - 2018-10-09 16:04 - 000001804 _____ C:\Users\Public\Desktop\SdediBox.lnk
2018-10-09 16:04 - 2018-10-09 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SARL SHPS
2018-10-09 16:04 - 2018-10-09 16:04 - 000000000 ____D C:\Program Files\SdediBox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-08 20:21 - 2018-06-29 21:14 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3805808772-3452688692-1920293510-1001
2018-11-08 20:18 - 2018-06-29 21:10 - 000000000 __RDO C:\Users\guillaume\OneDrive
2018-11-08 20:16 - 2018-07-04 06:48 - 000000000 __SHD C:\Users\guillaume\IntelGraphicsProfiles
2018-11-08 20:16 - 2018-06-30 09:56 - 000000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-11-08 20:16 - 2018-06-30 09:41 - 000000000 ____D C:\Users\guillaume\AppData\Local\Pushbullet
2018-11-08 20:16 - 2018-06-30 09:23 - 000000000 ____D C:\Users\guillaume\AppData\LocalLow\Mozilla
2018-11-08 17:59 - 2018-06-30 09:48 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Spotify
2018-11-08 17:57 - 2018-07-04 10:14 - 000000000 ____D C:\Users\guillaume\AppData\Local\Nox
2018-11-08 17:12 - 2018-07-04 10:17 - 000000000 ____D C:\Users\guillaume\.android
2018-11-08 17:12 - 2018-07-04 10:16 - 000000000 ____D C:\Users\guillaume\vmlogs
2018-11-08 17:12 - 2018-06-30 09:56 - 000000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-11-08 14:45 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-11-08 12:13 - 2018-07-13 15:53 - 000352768 ___SH C:\Users\guillaume\Downloads\Thumbs.db
2018-11-07 23:49 - 2014-04-07 21:15 - 000094198 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-07 23:49 - 2013-08-28 20:28 - 000092306 _____ C:\Windows\system32\perfh00C.dat
2018-11-07 23:49 - 2013-08-28 20:28 - 000021506 _____ C:\Windows\system32\perfc00C.dat
2018-11-07 23:49 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2018-11-07 23:43 - 2018-09-03 12:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-07 23:43 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-07 19:15 - 2018-06-30 09:11 - 000000000 ____D C:\Users\guillaume\AppData\Local\CrashDumps
2018-11-07 18:14 - 2018-06-30 09:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-07 18:12 - 2018-07-14 09:39 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\FileZilla
2018-11-07 03:14 - 2018-07-06 10:17 - 000000000 ____D C:\Users\guillaume\AppData\Local\ElevatedDiagnostics
2018-11-06 10:19 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-11-06 10:15 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-06 08:01 - 2018-06-30 09:49 - 000000000 ____D C:\Users\guillaume\AppData\Local\Spotify
2018-11-06 08:00 - 2018-07-29 18:13 - 000000000 ____D C:\Users\guillaume\AppData\Local\Greenshot
2018-11-05 18:17 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
2018-11-05 18:12 - 2018-07-09 09:06 - 000000000 ____D C:\Windows\Minidump
2018-11-05 17:26 - 2018-08-21 14:48 - 000000000 ____D C:\Users\guillaume\.gimp-2.8
2018-11-05 13:57 - 2018-08-27 13:59 - 000000600 _____ C:\Users\guillaume\AppData\Local\PUTTY.RND
2018-11-05 13:52 - 2018-07-14 09:39 - 000000000 ____D C:\Users\guillaume\AppData\Local\FileZilla
2018-11-05 13:51 - 2018-07-14 09:39 - 000001073 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-11-05 13:51 - 2018-07-14 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-11-05 08:41 - 2018-09-18 18:38 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2018-11-05 08:41 - 2018-09-18 18:38 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-11-04 15:02 - 2018-07-09 16:45 - 000000000 ____D C:\Users\guillaume\AppData\Local\Warframe
2018-11-03 18:56 - 2018-06-30 11:21 - 000000000 ____D C:\Users\guillaume\AppData\Local\transmission
2018-11-03 15:08 - 2018-10-06 15:12 - 000000000 ____D C:\Users\guillaume\AppData\Local\Battle.net
2018-11-03 13:25 - 2018-06-30 10:29 - 000000000 ____D C:\Users\guillaume\Documents\my games
2018-11-02 11:30 - 2018-06-30 09:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-02 07:49 - 2018-06-30 09:23 - 000000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-02 07:49 - 2018-06-30 09:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-01 11:57 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
2018-11-01 11:57 - 2013-08-22 09:44 - 005217000 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-31 19:31 - 2018-06-30 10:24 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\discord
2018-10-31 18:00 - 2018-09-10 20:13 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\.minecraft
2018-10-31 18:00 - 2018-09-10 20:13 - 000000000 ____D C:\Program Files (x86)\Minecraft
2018-10-31 14:14 - 2018-06-30 14:21 - 000000000 ____D C:\Users\guillaume\Documents\WordQ
2018-10-30 17:48 - 2018-07-18 10:18 - 000000000 ____D C:\Users\guillaume\AppData\Local\Soundnode
2018-10-28 21:44 - 2018-07-09 08:06 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-10-28 11:24 - 2018-07-09 08:03 - 000000000 ____D C:\Users\guillaume\AppData\Local\Bluestacks
2018-10-24 20:24 - 2018-07-04 19:13 - 000000000 ____D C:\Windows\system32\MRT
2018-10-24 20:17 - 2018-07-04 19:13 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-24 18:08 - 2018-07-03 15:44 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-24 18:08 - 2018-07-03 15:44 - 000002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-24 18:01 - 2018-07-03 12:28 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\steelseries-engine-3-client
2018-10-18 11:54 - 2018-06-29 21:08 - 000000000 ____D C:\Users\guillaume
2018-10-18 11:52 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\Registration
2018-10-18 11:08 - 2018-07-04 10:17 - 000000000 ____D C:\Users\guillaume\Nox_share
2018-10-17 14:53 - 2018-08-27 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 14:53 - 2018-08-27 13:38 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 14:52 - 2018-08-27 13:38 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-14 11:35 - 2018-07-18 07:19 - 000000000 ____D C:\Users\guillaume\AppData\Roaming\Anvsoft
2018-10-11 12:25 - 2014-04-07 22:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-11 12:20 - 2018-07-19 13:04 - 000000000 ____D C:\Users\guillaume\AppData\Local\Turbo
2018-10-10 20:48 - 2018-07-20 17:24 - 000000000 ____D C:\Users\guillaume\Documents\3DMark
2018-10-09 17:11 - 2014-06-17 07:28 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-09 17:04 - 2018-06-29 21:09 - 000000000 ____D C:\Users\guillaume\AppData\Local\VirtualStore
2018-10-09 16:47 - 2018-07-20 17:24 - 000000000 ____D C:\Users\guillaume\AppData\Local\Futuremark
2018-10-09 16:47 - 2018-07-20 17:12 - 000000000 ____D C:\Program Files (x86)\Futuremark

==================== Files in the root of some directories =======

2018-08-27 13:59 - 2018-11-05 13:57 - 000000600 _____ () C:\Users\guillaume\AppData\Local\PUTTY.RND
2018-11-05 17:24 - 2018-11-05 17:24 - 000000887 _____ () C:\Users\guillaume\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-06-30 13:10 - 2015-07-31 09:06 - 000242864 ____R (Microsoft Corporation) C:\Users\guillaume\AppData\Local\Temp\ose00000.exe
2018-10-30 09:32 - 2018-10-30 09:32 - 000884736 ____N () C:\Users\guillaume\AppData\Local\Temp\sqlite-3.18.0-77f1224f-c26e-48b5-a050-b4af14ed4fbc-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-08 08:18

==================== End of FRST.txt ============================