Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

laptop running slow

Started by -_R1_- , Nov 23 2015 06:04 PM

  • Please log in to reply

#1
-_R1_-
Posted 23 November 2015 - 06:04 PM

-_R1_-

    Member

  • Member
  • PipPip
  • 93 posts

hey im trying to get things under control on my laptop and hopfully have things back to how they were running when i first got it. it runs slow and overheats while playing games i know the overheating is from dust inside but i have this malware that i clean all the time and it just keeps coming back and help would be greatly appricated 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by John (administrator) on JOHN (23-11-2015 18:23:30)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [uTorrent] => C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-11-04] (BitTorrent Inc.)
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-08-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-08-21] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-07-31]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OnePlus One Toolkit.lnk [2015-04-06]
ShortcutTarget: OnePlus One Toolkit.lnk -> C:\Program Files (x86)\OPO Toolkit\OnePlus One Toolkit.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0e698946-40fb-4d91-9fde-4a2061602033}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3549844d-dd73-471e-a458-7c9f2955ae20}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{999e06b7-ac22-4d46-b909-8fcb941b6d54}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://ca.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-ob-rhb-30__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "hxxp://ca.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-ob-rhb-30__alt__ddc_dsssyc_bd_com"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-23]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2014-06-16] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-20] (DT Soft Ltd)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3363112 2015-08-22] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [22800 2012-02-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-21] (Synaptics Incorporated)
S3 ssudeadb; C:\Windows\System32\Drivers\ssudeadb.sys [40704 2014-01-22] (Google Inc)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-23 18:23 - 2015-11-23 18:24 - 00021938 _____ C:\Users\John\Desktop\FRST.txt
2015-11-23 18:12 - 2015-11-23 18:23 - 02348544 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-11-23 18:10 - 2015-11-23 18:10 - 00016148 _____ C:\WINDOWS\system32\JOHN_John_HistoryPrediction.bin
2015-11-23 03:56 - 2015-11-23 03:56 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-23 03:56 - 2015-11-23 03:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-23 03:55 - 2015-11-23 03:56 - 00000000 ____D C:\Program Files\iTunes
2015-11-23 03:55 - 2015-11-23 03:55 - 00000000 ____D C:\Program Files\iPod
2015-11-23 03:55 - 2015-11-23 03:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-23 03:40 - 2015-11-23 03:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-23 03:40 - 2015-11-23 03:40 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-23 03:40 - 2015-11-23 03:40 - 00000000 ____D C:\Program Files\Bonjour
2015-11-23 03:40 - 2015-11-23 03:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-23 03:40 - 2015-11-23 03:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-23 03:37 - 2015-11-23 03:37 - 167839512 _____ (Apple Inc.) C:\Users\John\Downloads\iTunes6464Setup.exe
2015-11-23 01:44 - 2015-11-23 01:44 - 00004640 _____ C:\WINDOWS\DPINST.LOG
2015-11-23 01:39 - 2015-11-23 01:39 - 00000000 ___HD C:\OneDriveTemp
2015-11-23 01:19 - 2015-11-23 01:19 - 00001416 _____ C:\Users\John\Desktop\Bacon Root Toolkit.lnk
2015-11-23 01:19 - 2015-11-23 01:19 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WugFresh Development
2015-11-23 01:19 - 2015-11-23 01:19 - 00000000 ____D C:\Program Files (x86)\WugFresh Development
2015-11-23 01:19 - 2014-09-15 12:08 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-11-23 01:19 - 2014-09-15 12:08 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-11-23 01:18 - 2015-11-23 01:19 - 30451802 _____ C:\Users\John\Downloads\BRT_v1.0.2.sfx.exe
2015-11-23 01:06 - 2015-11-23 01:07 - 00000000 ____D C:\Users\John\Desktop\DCIM
2015-11-23 01:03 - 2015-11-23 01:03 - 00000000 ____D C:\Users\John\AppData\Roaming\JetBrains
2015-11-23 01:00 - 2015-11-23 01:00 - 00000000 ____D C:\Users\John\.AndroidStudio1.5
2015-11-23 00:57 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-11-23 00:41 - 2015-11-23 00:41 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-11-23 00:41 - 2015-11-23 00:41 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-11-23 00:41 - 2015-11-23 00:41 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-11-23 00:41 - 2015-11-23 00:41 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-23 00:40 - 2015-11-23 00:41 - 00000000 ____D C:\Program Files\Java
2015-11-23 00:40 - 2015-11-23 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-23 00:39 - 2015-11-23 00:40 - 146861984 _____ (Oracle Corporation) C:\Users\John\Downloads\jdk-7u79-windows-x64.exe
2015-11-23 00:31 - 2015-11-23 00:35 - 20616231 _____ C:\Users\John\Downloads\jdk-7u79-windows-x64-demos.zip
2015-11-23 00:24 - 2015-11-23 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 00:24 - 2015-11-23 00:23 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 00:17 - 2015-11-23 00:22 - 00584288 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup8u66 (1).exe
2015-11-22 23:57 - 2015-11-22 23:56 - 00278624 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-11-22 23:55 - 2015-11-22 23:55 - 00584288 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup8u66.exe
2015-11-22 21:46 - 2015-11-22 23:34 - 1209184992 _____ (Google Inc.) C:\Users\John\Downloads\android-studio-bundle-141.2422023-windows.exe
2015-11-10 23:41 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 23:41 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 23:41 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 23:41 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 23:41 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 23:41 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 23:41 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 23:41 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 23:41 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 23:41 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 23:41 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 23:41 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 23:41 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 23:41 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 23:41 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 23:41 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 23:41 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 23:41 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 23:41 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 23:41 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 23:40 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 23:40 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 23:40 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 23:40 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 23:40 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 23:40 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 23:40 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 23:40 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 23:40 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 23:40 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 23:40 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 23:40 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 23:40 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 23:40 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 23:40 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 23:40 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 23:40 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 23:40 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 23:40 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 23:40 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 23:40 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 23:40 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 23:40 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 23:40 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 23:40 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 23:40 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 23:40 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 23:40 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 23:40 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 23:40 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 23:40 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 23:40 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 23:40 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 23:13 - 2015-11-10 23:13 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-11-10 22:43 - 2015-11-10 23:21 - 432292598 _____ C:\Users\John\Downloads\Beast for Windows 05.11.15.2148.exe
2015-11-06 23:46 - 2015-11-12 20:43 - 00000000 ____D C:\Users\John\AppData\Roaming\Kodi
2015-11-06 23:44 - 2015-11-10 23:13 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-11-06 23:10 - 2015-11-06 23:18 - 71111070 _____ C:\Users\John\Downloads\kodi-14.2-Helix (2).exe
2015-11-06 22:46 - 2015-11-06 22:48 - 75927552 _____ C:\Users\John\Downloads\kodi-14.2-Helix.pdb
2015-11-06 22:46 - 2015-11-06 22:46 - 71111070 _____ C:\Users\John\Downloads\kodi-14.2-Helix (1).exe
2015-11-06 22:07 - 2015-11-07 13:45 - 00002836 _____ C:\WINDOWS\PFRO.log
2015-11-06 21:53 - 2015-11-06 21:57 - 437701139 _____ C:\Users\John\Downloads\userdata.exe
2015-10-24 14:26 - 2015-11-22 23:56 - 00000000 ____D C:\Users\John\.oracle_jre_usage
2015-10-24 14:26 - 2015-10-24 14:26 - 00000000 ____D C:\Users\John\AppData\Roaming\Sun
2015-10-24 14:25 - 2015-10-24 14:25 - 00000000 ____D C:\Users\John\AppData\LocalLow\Oracle
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-23 18:23 - 2015-04-27 19:57 - 00000000 ____D C:\FRST
2015-11-23 18:19 - 2015-10-10 20:21 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-23 18:10 - 2015-05-02 16:58 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-23 17:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-23 17:14 - 2015-05-01 20:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 16:41 - 2013-12-15 11:31 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C7084A3-B535-4CFE-91D2-2FD6E660A2ED}
2015-11-23 03:42 - 2015-10-14 22:33 - 00012636 _____ C:\WINDOWS\setupact.log
2015-11-23 03:40 - 2014-01-16 17:30 - 00000000 ____D C:\ProgramData\Apple
2015-11-23 01:39 - 2015-05-02 16:58 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-23 01:39 - 2013-12-15 10:59 - 00000000 __RDO C:\Users\John\SkyDrive
2015-11-23 01:38 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-23 01:37 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-23 01:03 - 2015-04-06 12:41 - 00000000 ____D C:\Users\John\.android
2015-11-23 01:00 - 2015-07-31 12:09 - 00000000 ____D C:\Users\John
2015-11-23 00:57 - 2013-12-14 23:27 - 00000000 ____D C:\Program Files\Intel
2015-11-23 00:50 - 2015-04-05 22:14 - 00000000 ____D C:\Users\John\AppData\Local\Android
2015-11-23 00:48 - 2015-04-05 22:13 - 00000000 ____D C:\Program Files\Android
2015-11-23 00:47 - 2015-07-31 12:30 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-23 00:36 - 2013-06-24 13:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 00:24 - 2014-09-03 12:35 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 00:22 - 2014-02-23 19:45 - 00103936 ___SH C:\Users\John\Desktop\Thumbs.db
2015-11-22 23:45 - 2015-04-05 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-11-22 22:33 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-20 14:40 - 2015-09-26 16:14 - 00157696 _____ C:\WINDOWS\ERUNT.exe
2015-11-12 04:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 23:46 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-05 21:36 - 2012-10-27 16:39 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2015-11-03 19:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-03 13:20 - 2015-10-02 21:12 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-10-02 21:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-30 19:29 - 2015-07-31 16:00 - 00002377 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-30 03:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-30 02:53 - 2014-01-18 21:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 19:05 - 2013-09-09 22:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-27 18:59 - 2012-12-14 18:46 - 143481208 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-07-18 21:53 - 2015-07-23 20:53 - 0000024 _____ () C:\Users\John\AppData\Roaming\appdataFr25.bin
2015-04-10 21:28 - 2015-05-02 16:50 - 0000020 _____ () C:\Users\John\AppData\Roaming\appdataFr3.bin
2014-04-01 00:13 - 2014-04-02 12:13 - 0000087 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2015-07-20 15:55 - 2015-07-20 15:55 - 0000064 _____ () C:\Users\John\AppData\Local\7283b87a54b9adad3d2a77c693a7f87b
2014-03-26 17:28 - 2014-03-26 17:28 - 0007600 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-01-05 16:20 - 2015-01-05 16:20 - 0172775 _____ () C:\ProgramData\1420492563.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-22 22:34
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by John (2015-11-23 18:24:30)
Running from C:\Users\John\Desktop
Windows 10 Pro (X64) (2015-07-31 20:54:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1915954930-4168681749-542677032-500 - Administrator - Disabled)
Crystal (S-1-5-21-1915954930-4168681749-542677032-1007 - Limited - Enabled)
DefaultAccount (S-1-5-21-1915954930-4168681749-542677032-503 - Limited - Disabled)
Guest (S-1-5-21-1915954930-4168681749-542677032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1915954930-4168681749-542677032-1009 - Limited - Enabled)
John (S-1-5-21-1915954930-4168681749-542677032-1001 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Ear Force Audio Hub (HKLM-x32\...\{91B653C4-77AC-47CE-851B-CE6BE7B6A764}) (Version: 6.2.1.0 - Turtle Beach)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kodi (HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\Kodi) (Version:  - XBMC-Foundation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29008 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1010 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1915954930-4168681749-542677032-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-1915954930-4168681749-542677032-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1915954930-4168681749-542677032-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
10-11-2015 23:14:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-11-2015 23:15:31 Installed DirectX
22-11-2015 22:35:13 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-04-30 20:55 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07DBEF7C-31C0-4DA2-80D6-31C84282C36D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {09E2778A-5896-4B92-AD57-0884D3D4E149} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {18C48614-372D-4966-988A-BE75C45FC43A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {1CB0B7B6-D75A-4BAE-868A-82B50D16D4BF} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {1E50C101-8611-4025-9C0D-2A00AFD21139} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2185D5FC-2334-4D2A-BE03-338A0E2A1F46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3398B97C-0384-4B37-B0DB-51BAC17ED18C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {5C25B921-398B-4330-857F-8115097F1270} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {75AFF276-1CEE-4860-98B1-2C70F788450E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7E4A7404-D709-43FD-8D34-75A718E3D8A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8C24F0EA-469B-4C5D-A09F-C8BE396EE54F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9499AFA4-51C0-4FB1-8A43-B9748A5CC828} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A3B44B77-14CD-4772-922D-0DB3E8BCCBD6} - System32\Tasks\{F5298548-5D97-481A-A08E-6A18B09FDBE5} => pcalua.exe -a "C:\Users\John\Downloads\The Beast Encore 22.09.15.1017.exe"
Task: {B263420B-2DC9-4704-BF10-E0DDDF0FBEB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {B84A8BA3-243F-4AFD-8D25-68D75E58155D} - System32\Tasks\{54E098E1-6B78-483A-944D-EF4DC9535F2F} => pcalua.exe -a "C:\Program Files (x86)\CuttThhePrice\d4HVTt8paFis3A.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C3570E77-5480-4CD9-9E04-7F2394BDD7C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C9E1D279-8068-488D-AD01-64FDDBC69ECF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CCF08B14-8325-4FA8-8602-1986D5943E30} - System32\Tasks\{3CA55D26-E2AC-4F4C-8C33-5D0E20F48DAA} => pcalua.exe -a "C:\Program Files (x86)\AdKiller for  Chrome\AdKiller for  Chrome.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {CF51856D-5DDF-468F-A42F-12A36D3DD156} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {D62BB815-D0D5-42A6-B289-68CA1A6664A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {D9F67BEE-83F4-4850-B9AD-79DA931064E0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DD634477-4C73-4445-B61E-00BFBBAE6F49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E752289B-D19F-444E-8E81-420C2A6ACBE8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F52B19C9-4E1F-4886-9021-03A884A78090} - \GeniusBox -> No File <==== ATTENTION
Task: {FEDED495-242A-48F9-8D04-E37607AFC80B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-27] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1915954930-4168681749-542677032-1001Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1915954930-4168681749-542677032-1001Core1cff177e2592cdc.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TechnoEffects.job => c:\programdata\{00f53d4c-691c-6dd0-00f5-53d4c691f531}\odin3.10.6.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\4794958330.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x62affda8 -pinnedTimeHigh 0x01cdb52b -securityFlags 0x00000000 -url 0x0000003c hxxp://www.edge.ca/DJsandShows/TheDeanBlundellShow/Main.aspx <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-24 20:43 - 2015-07-14 21:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-05 16:16 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-01-05 16:16 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2012-10-27 17:01 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-24 20:43 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-03-21 16:36 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 13:20 - 2015-03-10 13:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-05-18 15:54 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-10-02 15:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 15:14 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 02:52 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-02 15:14 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 15:15 - 2015-09-17 00:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 15:14 - 2015-09-17 00:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 15:14 - 2015-09-17 00:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 15:14 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-03-30 17:50 - 2015-03-12 12:04 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2012-05-07 10:55 - 2012-05-07 10:55 - 00178104 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2014-09-28 12:33 - 2014-11-14 19:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-10-30 02:52 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-11-11 14:12 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 14:12 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 14:12 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\John\Desktop\adwcleaner_4.203.exe:BDU
AlternateDataStreams: C:\Users\John\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\AdobeAIRInstaller.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\android-studio-bundle-141.2422023-windows.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\Beast for Windows 05.11.15.2148.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\BRT_v1.0.2.sfx.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\GeForce_Experience_v2.5.15.46.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\GoProStudioPC-2.5.6.509 (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\GoProStudioPC-2.5.6.509.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\iTunes6464Setup.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\JavaSetup8u66 (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-14.2-Helix (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-14.2-Helix (2).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-14.2-Helix.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\kodi-15.1-Isengard.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\MediaCreationToolx64.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC00604900C_Intel_Management_Engine_Interface_9.5.24.1790.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC00636200A_Bluetooth_Stack_for_Windows_by_Toshiba_9.10.32(T).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC40171400D_Intel_Wireless_LAN_Driver_15.0.1.1.0.s64_wCAT (1).exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC40171400D_Intel_Wireless_LAN_Driver_15.0.1.1.0.s64_wCAT.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC40172700E_Synaptics_Touch_Pad_Driver_15.3.41.7.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\TC70216600A_NVIDIA_Display_Driver_9.18.13.4752.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\The Beast 06.10.15.2334.exe:BDU
AlternateDataStreams: C:\Users\John\Downloads\The Beast Encore 22.09.15.1017.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4315b3c8-db80-4013-9bc1-38b29d70110b}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "ITSecMng"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "PivotSoftware"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\StartupFolder: => "RapidMediaConverterApp.lnk"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\StartupFolder: => "OnePlus One Toolkit.lnk"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "SearchProtect"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1915954930-4168681749-542677032-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{F173AF13-C5F0-4025-A7D5-87F4035DC99E}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7D680DE3-1D37-45F9-8C50-280BFBBD6BEC}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{DDE5F24A-5AE9-4E6A-8356-9664300714BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B5C97D1B-5FF1-4DCF-B966-92E8498D0017}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [UDP Query User{9A196D04-60D4-4F42-AAC8-CB619150F55A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{71B67678-0416-4011-8CA0-ABEB38BE1757}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{8AB1F62A-2868-4EE2-80B5-D24871420465}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{552F4949-4E5E-41AC-85A4-76FE56E88B97}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{94D5D7FF-69BF-47A2-B371-52D5E9CED66E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EBC68CD6-B3B5-4415-A513-11B8D8ECE145}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EDC13833-6EFE-4008-AAC4-4F7E6C3A2E3B}] => (Allow) LPort=5558
FirewallRules: [{7B4415E2-29D8-45B1-B640-38085AC41590}] => (Allow) LPort=5556
FirewallRules: [{D3EC4B34-FBA8-42C1-B3A4-3238DA514D69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{27E5629C-9D1A-4377-9055-3B7C2D1BD01C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AEF55CFF-0A6C-48CA-A845-97C8EE95EE88}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A4110231-0435-42B1-A359-3AA4375F3676}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{27BE8AAE-97DD-4570-8E82-8FD723F59092}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{A03DE4EF-D33C-47C6-8973-A44E12A97A34}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{0C07C4FF-0FFA-450D-BD4C-65792876CE27}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{B193351F-97F3-4634-975D-9F196E14BF98}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C187261-A0F4-42E4-821D-7FBC12907D6F}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24DBBD5C-5C9E-43ED-B015-0A4C8A424BF0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{ABE8A209-127D-4099-B066-3DA6798FC17B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{B0814BF7-6950-4636-9568-BB374D72C247}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FAA1D247-ECBE-453D-92C6-9F9EF06CC608}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C27ED43C-6726-486F-A9FB-8C7FE46C5A0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{79BC0E98-13A0-4112-827C-C6E0E3A0DE39}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [TCP Query User{D5B76FE0-43E5-4A61-AFE6-8465E5D7BC81}C:\programdata\battle.net\agent\agent.beta.2737\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2737\agent.exe
FirewallRules: [UDP Query User{254EC8A8-453B-42CA-AACA-4C68E3A8929B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{5AAC9BF6-09B5-4DDA-96D4-01634979365D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{65A2EA3E-BFE6-4E12-9A99-83848322BD66}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D38A5580-8DD2-41B0-BD80-A3557955C6A2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{56FA9C49-0CCD-43E9-955F-90222A632D92}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6948F6D9-6C61-4259-87AE-99DFB2505A5B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{680868F4-794A-4ABA-969C-FE3503ACE61E}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D619500D-2605-4051-A494-00D4C3747894}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C68DE2D-CD58-4302-A482-B0F839BABF70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6E9D1423-8A0D-4EC8-B7A2-7660A76DDBDB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{ACD61E09-86EE-4BE1-860C-BDB217758720}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7620C87A-C700-4245-A593-5B83407CFE9A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CDC4C456-D5DC-4E15-9916-762E237EDF33}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{5B172F9C-0319-4B00-ACAE-8E94612B83EA}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{8181EEB9-614B-43D0-B1F3-2ECC7A29AB3C}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{03382A0E-74C6-492B-A7AD-53834FCCCB83}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{FDC552A7-AB8F-454D-AB1E-13E58FDF050C}C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [UDP Query User{AD2C51AD-6873-4E73-AEB1-289FBBDFB3CF}C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Block) C:\users\john\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [TCP Query User{680586F2-1752-4E41-A3AD-6C8C7AC8A724}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CB86256D-0A0D-4425-8484-EE5E4CA5DBF2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8C6FB6BF-ABE0-47E2-AA8C-53B96006919B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E12DBB85-D4CF-42EA-ADE4-87F0FBE9291C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{50E93B7D-4EA9-40C3-BE3B-882BCB9DC2A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4CF81DA6-4849-4E93-8E17-B42CA416E4BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DF021521-A11D-47B0-89A7-5A53C71189F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62FDA39B-4F20-4334-A05C-3AB35EBFD53A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5D2DF1CC-61ED-4AEF-A9BE-F2E5172F1AFF}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{7D022DD5-9915-4E61-928D-EEA69B52178B}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{0F45DD99-835C-4472-813B-E0D7CE8028E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59DC8832-B7F9-4751-B7C4-B5635A623C60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{921A482B-0A80-45FE-8ECE-DFA61BCACF71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4CA58176-03D6-4529-BE1B-D54AFDC7E5C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FAD9240E-AB9B-480E-92AB-4C5955930616}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/23/2015 06:19:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 06:04:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 05:49:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 05:34:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 05:19:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 05:01:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 04:46:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 04:38:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/23/2015 04:11:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5954
 
Error: (11/23/2015 04:11:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5954
 
 
System errors:
=============
Error: (11/23/2015 01:36:46 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (11/23/2015 01:36:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
 
Error: (11/23/2015 01:36:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.
 
Error: (11/23/2015 01:36:03 AM) (Source: DCOM) (EventID: 10010) (User: JOHN)
Description: App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca
 
Error: (11/23/2015 01:36:03 AM) (Source: DCOM) (EventID: 10010) (User: JOHN)
Description: Windows.Media.Capture.Internal.AppCaptureShell
 
Error: (11/23/2015 01:36:02 AM) (Source: DCOM) (EventID: 10010) (User: JOHN)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/23/2015 01:36:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-22 18:58:49.174
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:48.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:47.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:47.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:47.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:42.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:37.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:37.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:37.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 18:58:36.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 8086.57 MB
Available physical RAM: 3871 MB
Total Virtual: 9366.57 MB
Available Virtual: 3891.27 MB
 
==================== Drives ================================
 
Drive c: (S3A9943D002) (Fixed) (Total:683.6 GB) (Free:296.63 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 58B3EF2C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.1 GB) - (Type=17)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP