hey im trying to get things under control on my laptop and hopfully have things back to how they were running when i first got it. it runs slow and overheats while playing games i know the overheating is from dust inside but i have this malware that i clean all the time and it just keeps coming back and help would be greatly appricated
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by John (administrator) on JOHN (23-11-2015 18:23:30)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [uTorrent] => C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-11-04] (BitTorrent Inc.)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-08-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-08-21] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-07-31]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OnePlus One Toolkit.lnk [2015-04-06]
ShortcutTarget: OnePlus One Toolkit.lnk -> C:\Program Files (x86)\OPO Toolkit\OnePlus One Toolkit.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0e698946-40fb-4d91-9fde-4a2061602033}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3549844d-dd73-471e-a458-7c9f2955ae20}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{999e06b7-ac22-4d46-b909-8fcb941b6d54}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://ca.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-ob-rhb-30__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "hxxp://ca.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-ob-rhb-30__alt__ddc_dsssyc_bd_com"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-23]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2014-06-16] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-20] (DT Soft Ltd)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3363112 2015-08-22] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-21] (Synaptics Incorporated)
S3 ssudeadb; C:\Windows\System32\Drivers\ssudeadb.sys [40704 2014-01-22] (Google Inc)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-23 18:23 - 2015-11-23 18:24 - 00021938 _____ C:\Users\John\Desktop\FRST.txt
2015-11-23 18:12 - 2015-11-23 18:23 - 02348544 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-11-23 18:10 - 2015-11-23 18:10 - 00016148 _____ C:\WINDOWS\system32\JOHN_John_HistoryPrediction.bin
2015-11-23 03:56 - 2015-11-23 03:56 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-23 03:56 - 2015-11-23 03:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-23 03:55 - 2015-11-23 03:56 - 00000000 ____D C:\Program Files\iTunes
2015-11-23 03:55 - 2015-11-23 03:55 - 00000000 ____D C:\Program Files\iPod
2015-11-23 03:55 - 2015-11-23 03:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-23 03:40 - 2015-11-23 03:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-23 03:40 - 2015-11-23 03:40 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-23 03:40 - 2015-11-23 03:40 - 00000000 ____D C:\Program Files\Bonjour
2015-11-23 03:40 - 2015-11-23 03:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-23 03:40 - 2015-11-23 03:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-23 03:37 - 2015-11-23 03:37 - 167839512 _____ (Apple Inc.) C:\Users\John\Downloads\iTunes6464Setup.exe
2015-11-23 01:44 - 2015-11-23 01:44 - 00004640 _____ C:\WINDOWS\DPINST.LOG
2015-11-23 01:39 - 2015-11-23 01:39 - 00000000 ___HD C:\OneDriveTemp
2015-11-23 01:19 - 2015-11-23 01:19 - 00001416 _____ C:\Users\John\Desktop\Bacon Root Toolkit.lnk
2015-11-23 01:19 - 2015-11-23 01:19 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WugFresh Development
2015-11-23 01:19 - 2015-11-23 01:19 - 00000000 ____D C:\Program Files (x86)\WugFresh Development
2015-11-23 01:19 - 2014-09-15 12:08 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-11-23 01:19 - 2014-09-15 12:08 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-11-23 01:18 - 2015-11-23 01:19 - 30451802 _____ C:\Users\John\Downloads\BRT_v1.0.2.sfx.exe
2015-11-23 01:06 - 2015-11-23 01:07 - 00000000 ____D C:\Users\John\Desktop\DCIM
2015-11-23 01:03 - 2015-11-23 01:03 - 00000000 ____D C:\Users\John\AppData\Roaming\JetBrains
2015-11-23 01:00 - 2015-11-23 01:00 - 00000000 ____D C:\Users\John\.AndroidStudio1.5
2015-11-23 00:57 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-11-23 00:41 - 2015-11-23 00:41 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-11-23 00:41 - 2015-11-23 00:41 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-11-23 00:41 - 2015-11-23 00:41 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-11-23 00:41 - 2015-11-23 00:41 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-23 00:40 - 2015-11-23 00:41 - 00000000 ____D C:\Program Files\Java
2015-11-23 00:40 - 2015-11-23 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-23 00:39 - 2015-11-23 00:40 - 146861984 _____ (Oracle Corporation) C:\Users\John\Downloads\jdk-7u79-windows-x64.exe
2015-11-23 00:31 - 2015-11-23 00:35 - 20616231 _____ C:\Users\John\Downloads\jdk-7u79-windows-x64-demos.zip
2015-11-23 00:24 - 2015-11-23 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 00:24 - 2015-11-23 00:23 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 00:17 - 2015-11-23 00:22 - 00584288 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup8u66 (1).exe
2015-11-22 23:57 - 2015-11-22 23:56 - 00278624 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-11-22 23:55 - 2015-11-22 23:55 - 00584288 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup8u66.exe
2015-11-22 21:46 - 2015-11-22 23:34 - 1209184992 _____ (Google Inc.) C:\Users\John\Downloads\android-studio-bundle-141.2422023-windows.exe
2015-11-10 23:41 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 23:41 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 23:41 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 23:41 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 23:41 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 23:41 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 23:41 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 23:41 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 23:41 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 23:41 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 23:41 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 23:41 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 23:41 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 23:41 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 23:41 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 23:41 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 23:41 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 23:41 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 23:41 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 23:41 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 23:40 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 23:40 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 23:40 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 23:40 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 23:40 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 23:40 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 23:40 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 23:40 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 23:40 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 23:40 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 23:40 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 23:40 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 23:40 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 23:40 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 23:40 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 23:40 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 23:40 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 23:40 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 23:40 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 23:40 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 23:40 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 23:40 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 23:40 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 23:40 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 23:40 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 23:40 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 23:40 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 23:40 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 23:40 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 23:40 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 23:40 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 23:40 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 23:40 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 23:13 - 2015-11-10 23:13 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-11-10 22:43 - 2015-11-10 23:21 - 432292598 _____ C:\Users\John\Downloads\Beast for Windows 05.11.15.2148.exe
2015-11-06 23:46 - 2015-11-12 20:43 - 00000000 ____D C:\Users\John\AppData\Roaming\Kodi
2015-11-06 23:44 - 2015-11-10 23:13 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-11-06 23:10 - 2015-11-06 23:18 - 71111070 _____ C:\Users\John\Downloads\kodi-14.2-Helix (2).exe
2015-11-06 22:46 - 2015-11-06 22:48 - 75927552 _____ C:\Users\John\Downloads\kodi-14.2-Helix.pdb
2015-11-06 22:46 - 2015-11-06 22:46 - 71111070 _____ C:\Users\John\Downloads\kodi-14.2-Helix (1).exe
2015-11-06 22:07 - 2015-11-07 13:45 - 00002836 _____ C:\WINDOWS\PFRO.log
2015-11-06 21:53 - 2015-11-06 21:57 - 437701139 _____ C:\Users\John\Downloads\userdata.exe
2015-10-24 14:26 - 2015-11-22 23:56 - 00000000 ____D C:\Users\John\.oracle_jre_usage
2015-10-24 14:26 - 2015-10-24 14:26 - 00000000 ____D C:\Users\John\AppData\Roaming\Sun
2015-10-24 14:25 - 2015-10-24 14:25 - 00000000 ____D C:\Users\John\AppData\LocalLow\Oracle
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-23 18:23 - 2015-04-27 19:57 - 00000000 ____D C:\FRST
2015-11-23 18:19 - 2015-10-10 20:21 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-23 18:10 - 2015-05-02 16:58 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-23 17:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-23 17:14 - 2015-05-01 20:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 16:41 - 2013-12-15 11:31 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C7084A3-B535-4CFE-91D2-2FD6E660A2ED}
2015-11-23 03:42 - 2015-10-14 22:33 - 00012636 _____ C:\WINDOWS\setupact.log
2015-11-23 03:40 - 2014-01-16 17:30 - 00000000 ____D C:\ProgramData\Apple
2015-11-23 01:39 - 2015-05-02 16:58 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-23 01:39 - 2013-12-15 10:59 - 00000000 __RDO C:\Users\John\SkyDrive
2015-11-23 01:38 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-23 01:37 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-23 01:03 - 2015-04-06 12:41 - 00000000 ____D C:\Users\John\.android
2015-11-23 01:00 - 2015-07-31 12:09 - 00000000 ____D C:\Users\John
2015-11-23 00:57 - 2013-12-14 23:27 - 00000000 ____D C:\Program Files\Intel
2015-11-23 00:50 - 2015-04-05 22:14 - 00000000 ____D C:\Users\John\AppData\Local\Android
2015-11-23 00:48 - 2015-04-05 22:13 - 00000000 ____D C:\Program Files\Android
2015-11-23 00:47 - 2015-07-31 12:30 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-23 00:36 - 2013-06-24 13:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 00:24 - 2014-09-03 12:35 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 00:22 - 2014-02-23 19:45 - 00103936 ___SH C:\Users\John\Desktop\Thumbs.db
2015-11-22 23:45 - 2015-04-05 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-11-22 22:33 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-20 14:40 - 2015-09-26 16:14 - 00157696 _____ C:\WINDOWS\ERUNT.exe
2015-11-12 04:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 23:46 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-05 21:36 - 2012-10-27 16:39 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2015-11-03 19:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-03 13:20 - 2015-10-02 21:12 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-10-02 21:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-30 19:29 - 2015-07-31 16:00 - 00002377 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-30 03:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-30 02:53 - 2014-01-18 21:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 19:05 - 2013-09-09 22:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-27 18:59 - 2012-12-14 18:46 - 143481208 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2015-07-18 21:53 - 2015-07-23 20:53 - 0000024 _____ () C:\Users\John\AppData\Roaming\appdataFr25.bin
2015-04-10 21:28 - 2015-05-02 16:50 - 0000020 _____ () C:\Users\John\AppData\Roaming\appdataFr3.bin
2014-04-01 00:13 - 2014-04-02 12:13 - 0000087 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2015-07-20 15:55 - 2015-07-20 15:55 - 0000064 _____ () C:\Users\John\AppData\Local\7283b87a54b9adad3d2a77c693a7f87b
2014-03-26 17:28 - 2014-03-26 17:28 - 0007600 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-01-05 16:20 - 2015-01-05 16:20 - 0172775 _____ () C:\ProgramData\1420492563.bdinstall.bin
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-22 22:34
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by John (2015-11-23 18:24:30)
Running from C:\Users\John\Desktop
Windows 10 Pro (X64) (2015-07-31 20:54:52)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1915954930-4168681749-542677032-500 - Administrator - Disabled)
Crystal (S-1-5-21-1915954930-4168681749-542677032-1007 - Limited - Enabled)
DefaultAccount (S-1-5-21-1915954930-4168681749-542677032-503 - Limited - Disabled)
Guest (S-1-5-21-1915954930-4168681749-542677032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1915954930-4168681749-542677032-1009 - Limited - Enabled)
John (S-1-5-21-1915954930-4168681749-542677032-1001 - Administrator - Enabled) => C:\Users\John
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Ear Force Audio Hub (HKLM-x32\...\{91B653C4-77AC-47CE-851B-CE6BE7B6A764}) (Version: 6.2.1.0 - Turtle Beach)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kodi (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Kodi) (Version: - XBMC-Foundation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29008 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1010 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1915954930-4168681749-542677032-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-1915954930-4168681749-542677032-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1915954930-4168681749-542677032-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
10-11-2015 23:14:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-11-2015 23:15:31 Installed DirectX
22-11-2015 22:35:13 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-04-30 20:55 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07DBEF7C-31C0-4DA2-80D6-31C84282C36D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {09E2778A-5896-4B92-AD57-0884D3D4E149} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {18C48614-372D-4966-988A-BE75C45FC43A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {1CB0B7B6-D75A-4BAE-868A-82B50D16D4BF} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {1E50C101-8611-4025-9C0D-2A00AFD21139} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2185D5FC-2334-4D2A-BE03-338A0E2A1F46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3398B97C-0384-4B37-B0DB-51BAC17ED18C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {5C25B921-398B-4330-857F-8115097F1270} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {75AFF276-1CEE-4860-98B1-2C70F788450E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E4A7404-D709-43FD-8D34-75A718E3D8A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8C24F0EA-469B-4C5D-A09F-C8BE396EE54F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9499AFA4-51C0-4FB1-8A43-B9748A5CC828} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A3B44B77-14CD-4772-922D-0DB3E8BCCBD6} - System32\Tasks\{F5298548-5D97-481A-A08E-6A18B09FDBE5} => pcalua.exe -a "C:\Users\John\Downloads\The Beast Encore 22.09.15.1017.exe"
Task: {B263420B-2DC9-4704-BF10-E0DDDF0FBEB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {B84A8BA3-243F-4AFD-8D25-68D75E58155D} - System32\Tasks\{54E098E1-6B78-483A-944D-EF4DC9535F2F} => pcalua.exe -a "C:\Program Files (x86)\CuttThhePrice\d4HVTt8paFis3A.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C3570E77-5480-4CD9-9E04-7F2394BDD7C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C9E1D279-8068-488D-AD01-64FDDBC69ECF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CCF08B14-8325-4FA8-8602-1986D5943E30} - System32\Tasks\{3CA55D26-E2AC-4F4C-8C33-5D0E20F48DAA} => pcalua.exe -a "C:\Program Files (x86)\AdKiller for Chrome\AdKiller for Chrome.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {CF51856D-5DDF-468F-A42F-12A36D3DD156} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {D62BB815-D0D5-42A6-B289-68CA1A6664A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {D9F67BEE-83F4-4850-B9AD-79DA931064E0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DD634477-4C73-4445-B61E-00BFBBAE6F49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E752289B-D19F-444E-8E81-420C2A6ACBE8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F52B19C9-4E1F-4886-9021-03A884A78090} - \GeniusBox -> No File <==== ATTENTION
Task: {FEDED495-242A-48F9-8D04-E37607AFC80B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-27] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1915954930-4168681749-542677032-1001Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1915954930-4168681749-542677032-1001Core1cff177e2592cdc.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TechnoEffects.job => c:\programdata\{00f53d4c-691c-6dd0-00f5-53d4c691f531}\odin3.10.6.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\4794958330.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x62affda8 -pinnedTimeHigh 0x01cdb52b -securityFlags 0x00000000 -url 0x0000003c hxxp://www.edge.ca/DJsandShows/TheDeanBlundellShow/Main.aspx <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-08-24 20:43 - 2015-07-14 21:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-05 16:16 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-01-05 16:16 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2012-10-27 17:01 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-24 20:43 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-03-21 16:36 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 13:20 - 2015-03-10 13:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-05-18 15:54 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-10-02 15:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 15:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 02:52 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-02 15:14 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 15:15 - 2015-09-17 00:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 15:14 - 2015-09-17 00:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 15:14 - 2015-09-17 00:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 15:14 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-03-30 17:50 - 2015-03-12 12:04 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2012-05-07 10:55 - 2012-05-07 10:55 - 00178104 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2014-09-28 12:33 - 2014-11-14 19:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-10-30 02:52 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-11-11 14:12 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 14:12 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 14:12 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\John\Desktop\adwcleaner_4.203.exe:BDU
AlternateDataStreams: C:\Users\John\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\AdobeAIRInstaller.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\android-studio-bundle-141.2422023-windows.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\Beast for Windows 05.11.15.2148.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\BRT_v1.0.2.sfx.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\GeForce_Experience_v2.5.15.46.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\GoProStudioPC-2.5.6.509 (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\GoProStudioPC-2.5.6.509.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\iTunes6464Setup.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\JavaSetup8u66 (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-14.2-Helix (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-14.2-Helix (2).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-14.2-Helix.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-15.1-Isengard.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\MediaCreationToolx64.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC00604900C_Intel_Management_Engine_Interface_9.5.24.1790.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC00636200A_Bluetooth_Stack_for_Windows_by_Toshiba_9.10.32(T).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC40171400D_Intel_Wireless_LAN_Driver_15.0.1.1.0.s64_wCAT (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC40171400D_Intel_Wireless_LAN_Driver_15.0.1.1.0.s64_wCAT.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC40172700E_Synaptics_Touch_Pad_Driver_15.3.41.7.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC70216600A_NVIDIA_Display_Driver_9.18.13.4752.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\The Beast 06.10.15.2334.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\The Beast Encore 22.09.15.1017.exe:BDU
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4315b3c8-db80-4013-9bc1-38b29d70110b}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "ITSecMng"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "PivotSoftware"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\StartupFolder: => "RapidMediaConverterApp.lnk"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\StartupFolder: => "OnePlus One Toolkit.lnk"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "SearchProtect"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{F173AF13-C5F0-4025-A7D5-87F4035DC99E}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7D680DE3-1D37-45F9-8C50-280BFBBD6BEC}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{DDE5F24A-5AE9-4E6A-8356-9664300714BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B5C97D1B-5FF1-4DCF-B966-92E8498D0017}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [UDP Query User{9A196D04-60D4-4F42-AAC8-CB619150F55A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{71B67678-0416-4011-8CA0-ABEB38BE1757}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{8AB1F62A-2868-4EE2-80B5-D24871420465}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{552F4949-4E5E-41AC-85A4-76FE56E88B97}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{94D5D7FF-69BF-47A2-B371-52D5E9CED66E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EBC68CD6-B3B5-4415-A513-11B8D8ECE145}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EDC13833-6EFE-4008-AAC4-4F7E6C3A2E3B}] => (Allow) LPort=5558
FirewallRules: [{7B4415E2-29D8-45B1-B640-38085AC41590}] => (Allow) LPort=5556
FirewallRules: [{D3EC4B34-FBA8-42C1-B3A4-3238DA514D69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{27E5629C-9D1A-4377-9055-3B7C2D1BD01C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AEF55CFF-0A6C-48CA-A845-97C8EE95EE88}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A4110231-0435-42B1-A359-3AA4375F3676}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{27BE8AAE-97DD-4570-8E82-8FD723F59092}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A03DE4EF-D33C-47C6-8973-A44E12A97A34}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{0C07C4FF-0FFA-450D-BD4C-65792876CE27}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{B193351F-97F3-4634-975D-9F196E14BF98}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C187261-A0F4-42E4-821D-7FBC12907D6F}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24DBBD5C-5C9E-43ED-B015-0A4C8A424BF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{ABE8A209-127D-4099-B066-3DA6798FC17B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{B0814BF7-6950-4636-9568-BB374D72C247}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FAA1D247-ECBE-453D-92C6-9F9EF06CC608}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C27ED43C-6726-486F-A9FB-8C7FE46C5A0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{79BC0E98-13A0-4112-827C-C6E0E3A0DE39}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [TCP Query User{D5B76FE0-43E5-4A61-AFE6-8465E5D7BC81}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [UDP Query User{254EC8A8-453B-42CA-AACA-4C68E3A8929B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{5AAC9BF6-09B5-4DDA-96D4-01634979365D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{65A2EA3E-BFE6-4E12-9A99-83848322BD66}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D38A5580-8DD2-41B0-BD80-A3557955C6A2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{56FA9C49-0CCD-43E9-955F-90222A632D92}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6948F6D9-6C61-4259-87AE-99DFB2505A5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{680868F4-794A-4ABA-969C-FE3503ACE61E}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D619500D-2605-4051-A494-00D4C3747894}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C68DE2D-CD58-4302-A482-B0F839BABF70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6E9D1423-8A0D-4EC8-B7A2-7660A76DDBDB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{ACD61E09-86EE-4BE1-860C-BDB217758720}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7620C87A-C700-4245-A593-5B83407CFE9A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CDC4C456-D5DC-4E15-9916-762E237EDF33}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{5B172F9C-0319-4B00-ACAE-8E94612B83EA}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{8181EEB9-614B-43D0-B1F3-2ECC7A29AB3C}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{03382A0E-74C6-492B-A7AD-53834FCCCB83}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{FDC552A7-AB8F-454D-AB1E-13E58FDF050C}C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [UDP Query User{AD2C51AD-6873-4E73-AEB1-289FBBDFB3CF}C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [TCP Query User{680586F2-1752-4E41-A3AD-6C8C7AC8A724}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CB86256D-0A0D-4425-8484-EE5E4CA5DBF2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8C6FB6BF-ABE0-47E2-AA8C-53B96006919B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E12DBB85-D4CF-42EA-ADE4-87F0FBE9291C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{50E93B7D-4EA9-40C3-BE3B-882BCB9DC2A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4CF81DA6-4849-4E93-8E17-B42CA416E4BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DF021521-A11D-47B0-89A7-5A53C71189F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62FDA39B-4F20-4334-A05C-3AB35EBFD53A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5D2DF1CC-61ED-4AEF-A9BE-F2E5172F1AFF}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{7D022DD5-9915-4E61-928D-EEA69B52178B}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{0F45DD99-835C-4472-813B-E0D7CE8028E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59DC8832-B7F9-4751-B7C4-B5635A623C60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{921A482B-0A80-45FE-8ECE-DFA61BCACF71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4CA58176-03D6-4529-BE1B-D54AFDC7E5C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FAD9240E-AB9B-480E-92AB-4C5955930616}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/23/2015 06:19:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 06:04:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 05:49:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 05:34:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 05:19:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 05:01:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 04:46:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 04:38:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/23/2015 04:11:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5954
Error: (11/23/2015 04:11:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5954
System errors:
=============
Error: (11/23/2015 01:36:46 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Error: (11/23/2015 01:36:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
Error: (11/23/2015 01:36:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.
Error: (11/23/2015 01:36:03 AM) (Source: DCOM) (EventID: 10010) (User: JOHN)
Description: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca
Error: (11/23/2015 01:36:03 AM) (Source: DCOM) (EventID: 10010) (User: JOHN)
Description: Windows.Media.Capture.Internal.AppCaptureShell
Error: (11/23/2015 01:36:02 AM) (Source: DCOM) (EventID: 10010) (User: JOHN)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2015-08-22 18:58:49.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:48.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:47.670
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:47.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:47.005
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:42.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:37.035
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:37.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:37.009
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-22 18:58:36.860
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 8086.57 MB
Available physical RAM: 3871 MB
Total Virtual: 9366.57 MB
Available Virtual: 3891.27 MB
==================== Drives ================================
Drive c: (S3A9943D002) (Fixed) (Total:683.6 GB) (Free:296.63 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 58B3EF2C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.1 GB) - (Type=17)
==================== End of Addition.txt ============================