I've run Hitman (free version) and it quarantined over 60 items. Recently I made the mistake of downloading games from IGG-Games.
Hacktool:win32/keygen may be the culprit; I am not sure
Any and all help will be appreciated
Edit: So I restarted my computer and all of my desktop icons are array - I even placed them back in order, but while I was running cmdprompt
they moved on their own. Chrome is taking 5 minutes or longer to start up and my folder files won't always respond.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by See c (administrator) on SEECI (27-12-2015 09:20:08)
Running from C:\Users\See c\Desktop
Loaded Profiles: See c (Available Profiles: See c)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6515.64021.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6515.64021.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.44\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [f.lux] => C:\Users\See c\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [Spotify Web Helper] => C:\Users\See c\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-21] (Spotify Ltd)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Run: [Spotify] => C:\Users\See c\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-21] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51ca7af0-cfff-4036-9798-362994dee931}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2057217230-2044250391-2885226823-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://xckd.com/","hxxp://npr.com/"
CHR Profile: C:\Users\See c\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-26]
CHR Extension: (Google Docs) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-08]
CHR Extension: (Google Search) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-09-26]
CHR Extension: (Google Sheets) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-09-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-27]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-26]
CHR Extension: (Gmail) - C:\Users\See c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-26]
CHR HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SEEC~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-09-27]
CHR HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe [71168 2014-12-04] (ASUS Cloud Corporation) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [304408 2015-03-05] (ASUS)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-27] (BitRaider, LLC)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-10-29] (ASUSTek Computer Inc.) [File not signed]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-10-21] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-12-23] (Enigma Software Group USA, LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-09-27] (BitRaider)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-09] (Microsoft Corp.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-23] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-15] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-18] (MediaTek Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-06-17] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-02] (Wondershare)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-27 09:20 - 2015-12-27 09:20 - 00018211 _____ C:\Users\See c\Desktop\FRST.txt
2015-12-27 09:12 - 2015-12-27 09:12 - 00016148 _____ C:\WINDOWS\system32\SEECI_See c_HistoryPrediction.bin
2015-12-24 10:44 - 2015-12-27 09:20 - 00000000 ____D C:\FRST
2015-12-24 10:43 - 2015-12-24 10:43 - 02370560 _____ (Farbar) C:\Users\See c\Desktop\FRST64.exe
2015-12-23 16:43 - 2015-12-23 16:43 - 00003402 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-12-23 16:43 - 2015-12-23 16:43 - 00001134 _____ C:\Users\See c\Desktop\SpyHunter.lnk
2015-12-23 16:43 - 2015-12-23 16:43 - 00000000 ____D C:\Users\See c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-23 16:43 - 2015-12-23 16:43 - 00000000 ____D C:\Users\See c\AppData\Roaming\Enigma Software Group
2015-12-23 16:43 - 2015-12-23 16:43 - 00000000 _____ C:\autoexec.bat
2015-12-23 16:42 - 2015-12-23 16:43 - 00000000 ____D C:\sh4ldr
2015-12-23 16:41 - 2015-12-23 16:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-23 16:40 - 2015-12-23 16:40 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-23 16:33 - 2015-12-23 16:33 - 00000000 ____D C:\$SysReset
2015-12-19 20:14 - 2015-12-20 12:01 - 00000000 ____D C:\Users\See c\Documents\The Witcher 3
2015-12-19 15:22 - 2015-12-19 15:22 - 00000222 _____ C:\Users\See c\Desktop\The Witcher 3 Wild Hunt.url
2015-12-18 23:14 - 2015-12-18 23:14 - 00377864 _____ (MediaTek Inc.) C:\WINDOWS\system32\Drivers\mt7612US.sys
2015-12-18 23:14 - 2015-12-18 23:14 - 00070008 _____ C:\WINDOWS\system32\Drivers\FW_ACC_00U.bin
2015-12-18 13:40 - 2015-12-18 13:40 - 00000000 ____D C:\Program Files\Samsung
2015-12-18 13:33 - 2015-12-18 13:40 - 00000000 ____D C:\ProgramData\Samsung
2015-12-18 13:29 - 2015-12-23 15:58 - 00000000 ____D C:\Users\See c\AppData\Roaming\Samsung
2015-12-18 13:29 - 2015-12-23 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-12-18 13:29 - 2015-12-18 13:33 - 00000000 ____D C:\Users\See c\Documents\samsung
2015-12-18 13:29 - 2015-12-18 13:29 - 00000000 ____D C:\Users\See c\Documents\SelfMV
2015-12-18 13:29 - 2015-12-18 13:29 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-12-18 13:29 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-12-17 22:15 - 2015-12-17 22:15 - 00320184 _____ C:\WINDOWS\Minidump\121715-32890-01.dmp
2015-12-17 14:44 - 2015-12-17 15:32 - 00000000 ____D C:\Users\See c\Documents\My Games
2015-12-17 14:44 - 2015-12-17 15:32 - 00000000 ____D C:\Users\See c\AppData\Local\My Games
2015-12-17 14:44 - 2015-12-17 14:44 - 00000000 ____D C:\ProgramData\Steam
2015-12-17 11:40 - 2015-12-17 11:42 - 00000000 ____D C:\Users\See c\AppData\Roaming\Apple Computer
2015-12-17 11:40 - 2015-12-17 11:40 - 00000000 ____D C:\Users\See c\AppData\Local\Apple Computer
2015-12-17 11:39 - 2015-12-17 11:39 - 00000000 ____D C:\Users\See c\AppData\Local\Apple
2015-12-17 11:39 - 2015-12-17 11:39 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-17 11:38 - 2015-12-17 15:24 - 00000000 ____D C:\ProgramData\Apple
2015-12-13 11:46 - 2015-12-19 15:46 - 00000000 ____D C:\Users\See c\Desktop\IGG games
2015-12-08 12:11 - 2015-12-01 01:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 12:11 - 2015-12-01 00:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-08 12:11 - 2015-11-30 23:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-08 12:11 - 2015-11-30 23:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-08 12:11 - 2015-11-30 23:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 12:11 - 2015-11-30 23:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 12:11 - 2015-11-30 22:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-08 12:11 - 2015-11-24 23:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-08 12:11 - 2015-11-24 23:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-08 12:11 - 2015-11-24 23:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 12:11 - 2015-11-24 23:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 12:11 - 2015-11-24 23:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 12:11 - 2015-11-24 23:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-08 12:11 - 2015-11-24 23:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 12:11 - 2015-11-24 23:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-08 12:11 - 2015-11-24 23:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 12:11 - 2015-11-24 23:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 12:11 - 2015-11-24 23:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 12:11 - 2015-11-24 22:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-08 12:11 - 2015-11-24 22:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 12:11 - 2015-11-24 22:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 12:11 - 2015-11-24 22:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 12:11 - 2015-11-24 22:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-08 12:11 - 2015-11-24 22:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-08 12:11 - 2015-11-24 22:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-08 12:11 - 2015-11-24 22:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-08 12:11 - 2015-11-24 22:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 12:11 - 2015-11-24 22:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-08 12:11 - 2015-11-24 22:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-08 12:11 - 2015-11-24 22:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 12:11 - 2015-11-24 22:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-08 12:11 - 2015-11-24 22:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 12:11 - 2015-11-24 22:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-08 12:11 - 2015-11-24 22:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 12:11 - 2015-11-24 22:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 12:11 - 2015-11-24 22:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-08 12:11 - 2015-11-24 22:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-08 12:11 - 2015-11-24 22:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 12:11 - 2015-11-24 22:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-08 12:11 - 2015-11-24 22:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-08 12:11 - 2015-11-24 22:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 12:11 - 2015-11-24 22:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-08 12:11 - 2015-11-24 22:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 12:11 - 2015-11-24 22:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 12:11 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 12:11 - 2015-11-24 22:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-08 12:11 - 2015-11-24 22:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-08 12:11 - 2015-11-24 22:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 12:11 - 2015-11-24 22:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-08 12:11 - 2015-11-24 22:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-08 12:11 - 2015-11-24 22:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-08 12:11 - 2015-11-24 22:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 12:11 - 2015-11-24 22:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 12:11 - 2015-11-24 22:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 12:11 - 2015-11-24 22:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-08 12:11 - 2015-11-24 22:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-08 12:11 - 2015-11-24 22:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 12:11 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 12:11 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 12:11 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-27 09:13 - 2015-09-26 20:27 - 00001654 _____ C:\Users\See c\Desktop\Chrome.lnk
2015-12-27 09:03 - 2015-09-26 19:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-27 09:00 - 2015-10-04 20:07 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4478CDC-49DC-43E8-8A12-30CF966E81EF}
2015-12-27 08:57 - 2015-09-26 15:42 - 00000165 _____ C:\Users\See c\AppData\Roaming\sp_data.sys
2015-12-26 02:36 - 2015-09-26 18:26 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 22:43 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-25 07:48 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-24 10:45 - 2015-07-10 03:47 - 00000000 ____D C:\Windows
2015-12-24 10:41 - 2015-07-30 16:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-23 16:25 - 2015-10-07 16:13 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-12-23 16:25 - 2015-09-26 18:26 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 16:24 - 2015-09-26 17:43 - 00000000 ____D C:\Users\See c
2015-12-23 16:24 - 2015-09-26 17:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-23 16:24 - 2015-09-26 15:40 - 00000000 __SHD C:\Users\See c\IntelGraphicsProfiles
2015-12-23 16:24 - 2015-07-30 15:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-23 16:23 - 2015-07-30 15:49 - 00201912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-23 16:23 - 2015-07-10 03:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-23 15:58 - 2015-07-31 15:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-23 15:56 - 2015-07-30 16:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-23 11:39 - 2015-09-26 17:58 - 00000000 ____D C:\Users\See c\AppData\Local\Comms
2015-12-18 23:35 - 2015-10-25 21:10 - 00000000 ____D C:\Users\See c\Documents\Witcher 2
2015-12-18 13:37 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-17 22:23 - 2015-09-26 17:55 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-17 22:17 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-17 22:15 - 2015-10-10 11:18 - 994225611 _____ C:\WINDOWS\MEMORY.DMP
2015-12-17 22:15 - 2015-10-10 11:18 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-17 15:27 - 2015-10-03 20:08 - 00000000 ____D C:\Users\See c\Documents\My Digital Editions
2015-12-16 03:17 - 2015-10-16 19:33 - 00000000 ____D C:\Users\See c\AppData\Local\ElevatedDiagnostics
2015-12-15 19:50 - 2015-09-26 20:31 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-15 19:48 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-09 22:11 - 2015-09-26 21:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 22:07 - 2015-09-26 21:02 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 21:39 - 2015-09-29 21:08 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 12:48 - 2015-07-30 16:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-07 15:14 - 2015-10-21 22:59 - 00000000 ____D C:\Users\See c\AppData\Local\Spotify
2015-12-07 15:08 - 2015-10-21 22:59 - 00000000 ____D C:\Users\See c\AppData\Roaming\Spotify
2015-12-02 12:50 - 2015-09-27 11:52 - 00000000 ___RD C:\Users\See c\Google Drive
2015-12-02 12:31 - 2015-09-26 18:26 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 12:31 - 2015-09-26 18:26 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 18:32 - 2015-07-30 16:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 18:32 - 2015-07-30 16:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-09-26 15:42 - 2015-12-27 08:57 - 0000165 _____ () C:\Users\See c\AppData\Roaming\sp_data.sys
2015-09-27 19:39 - 2015-09-27 19:41 - 0007597 _____ () C:\Users\See c\AppData\Local\resmon.resmoncfg
2015-09-26 17:41 - 2015-09-26 17:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-10 04:45 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2015-04-10 04:45 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2015-04-10 04:45 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\See c\AppData\Local\Temp\McCSPInstall.dll
C:\Users\See c\AppData\Local\Temp\mccspuninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-19 11:44
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by See c (2015-12-27 09:20:44)
Running from C:\Users\See c\Desktop
Windows 10 Home (X64) (2015-09-26 23:58:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2057217230-2044250391-2885226823-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2057217230-2044250391-2885226823-503 - Limited - Disabled)
Guest (S-1-5-21-2057217230-2044250391-2885226823-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2057217230-2044250391-2885226823-1003 - Limited - Enabled)
See c (S-1-5-21-2057217230-2044250391-2885226823-1001 - Administrator - Enabled) => C:\Users\See c
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.08 beta (x64) (HKLM\...\7-Zip) (Version: 15.08 - Igor Pavlov)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.2 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.1 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.29 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.20 - ASUSTek Computer Inc.)
f.lux (HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Flux) (Version: - )
Foxit PhantomPDF (HKLM-x32\...\{045A0488-55C1-45B1-9992-4B4134904D61}) (Version: 7.0.59.127 - Foxit Software Inc.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 1.4.19 - Free Software Foundation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA Graphics Driver 345.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 32.0.1948.44 (HKLM-x32\...\Opera 32.0.1948.44) (Version: 32.0.1948.44 - Opera Software)
OverDrive for Windows (HKLM-x32\...\{36994F59-D10D-46DD-A040-C5D095C2A3E9}) (Version: 3.4.1 - OverDrive, Inc.)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21260 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WAKFU (HKLM-x32\...\Steam App 215080) (Version: - Ankama Studio)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version: - Eugen Systems)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - ASUS (ATP) Mouse (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
15-12-2015 13:49:22 Scheduled Checkpoint
17-12-2015 11:39:11 Installed iTunes
18-12-2015 13:28:59 Installed Samsung Kies3
19-12-2015 15:46:39 Removed Samsung Kies3
23-12-2015 15:58:06 Removed Smart Switch
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05900A47-D84A-488B-A998-45121546B40A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-11-03] ()
Task: {3A20B999-3DA9-439D-84A8-6067682E200E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3EBFE3DD-66A7-401A-BAAF-F0709F540F9D} - System32\Tasks\{6D26D858-DA90-4EB6-AA0A-B9A6030DDD18} => pcalua.exe -a "C:\Users\See c\Downloads\KBFilter_Win81_64_VER1005\PNPINST64.exe" -d "C:\Users\See c\Downloads\KBFilter_Win81_64_VER1005"
Task: {487D82A5-896C-4E71-B1E9-298D02E83148} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {5EDF6C1D-50D0-413B-B8DA-161716992E53} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6874765A-CE66-42C0-A334-4ACB235778C5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {816572D7-8C79-4AC8-9306-105907656E1A} - System32\Tasks\Opera scheduled Autoupdate 1443317334 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-17] (Opera Software)
Task: {8373BD7B-5AFA-4667-A2BF-3E8C987CE932} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {8D1CDCD0-C5E3-450F-85A3-F6C6E6E06CA4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-26] (Realtek Semiconductor)
Task: {A2B10526-9360-4956-9923-9C4179E8D0B2} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-11-05] (ASUS)
Task: {A88AF517-5C64-4170-A148-C46B039704A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B4D69965-246B-4F8C-BE17-FD86A98A389F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26] (Google Inc.)
Task: {B5AB9C9A-E6D5-4E99-8F42-57ED5DE777CC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-12-17] (ASUSTek Computer Inc.)
Task: {BB57E8B2-B9F2-4A2A-A4CD-02983C23646E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26] (Google Inc.)
Task: {BD40FDC9-E180-48BD-96BF-EED1CB76BA2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D25F36D5-9700-4A37-A5D4-BAB4C3A47030} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-23] (Enigma Software Group USA, LLC.)
Task: {E4DB7DFD-FDF8-47D3-9C26-1C39709CA0C8} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {F0F490E1-3163-4799-9AFF-48C3DAFCDCD2} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {F21F1823-400C-4525-B121-978C65A520F8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-03-03] (ASUSTek Computer Inc.)
Task: {F8E1769C-F0F1-4978-9152-C00E7BBE7A6C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-09 21:33 - 2015-07-09 21:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-09 23:08 - 2015-09-09 23:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-26 17:40 - 2015-07-13 11:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-09 23:08 - 2015-09-09 23:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 23:06 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 23:06 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-01 23:06 - 2015-09-16 23:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 21:13 - 2015-07-09 21:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 12:11 - 2015-11-24 22:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 12:11 - 2015-11-24 22:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 12:11 - 2015-11-24 22:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 23:06 - 2015-09-16 23:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 21:13 - 2015-09-09 23:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-31 15:38 - 2013-05-15 15:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2015-09-09 23:08 - 2015-09-09 23:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2014-11-05 13:44 - 2014-11-05 13:44 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-11-05 13:44 - 2014-11-05 13:44 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-09-26 19:28 - 2015-09-17 03:00 - 59656824 _____ () C:\Program Files (x86)\Opera\32.0.1948.44\opera.dll
2015-09-26 19:28 - 2015-09-17 03:00 - 01881208 _____ () C:\Program Files (x86)\Opera\32.0.1948.44\libglesv2.dll
2015-09-26 19:28 - 2015-09-17 03:00 - 00081528 _____ () C:\Program Files (x86)\Opera\32.0.1948.44\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\See c\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2057217230-2044250391-2885226823-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1F1D2871-3088-4B74-A81B-C8E4C8BE157F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{276926AD-412E-4EE5-82F0-544D308690DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66BA0C33-0E21-4853-A118-58770D72A45B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{40EC0B1D-44A8-425D-998A-4C8AC9C31BE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E947509E-F923-4FDB-995B-22E61CEDF9C2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96FA5CFC-E618-4E5C-81C3-AE9D68460AA6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4DBE92B3-197F-475B-95D4-F00EDF9B33B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6F9D0C59-9B57-4596-81EE-C4B0B778C8F7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1AA5F504-A948-420F-AA3B-6D3986F0E4EA}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{7D51CD5F-2788-4D84-A183-46E240740873}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [{F890A05C-D709-4346-A688-2096ACE70B1B}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{72D75A90-9A9E-43D0-B0A3-26942BF719FF}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{B321AA8C-DDF2-4BCC-9917-160904C04C6C}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{72CEC3CE-3517-4C6E-9446-9907A3F7071E}] => (Allow) D:\Star Wars-The Old Republic\launcher.exe
FirewallRules: [TCP Query User{CEAADDDC-796E-4C58-9D6D-904E9EB3F5EC}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{833CDDB7-83FA-4354-A53C-40D0A965A345}C:\users\see c\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\see c\appdata\local\popcorn time\nw.exe
FirewallRules: [{096ECA3B-0E4F-42C9-B448-287D985D29A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wakfu\transition\transition.exe
FirewallRules: [{FCD1EA63-592D-4D06-BD01-685CAE9C9B20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wakfu\transition\transition.exe
FirewallRules: [{C8FA2A91-7F9A-4B39-99F6-6E739A3A8697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{4BDBC3D5-A5BA-4B69-B5E4-789D5E6C47B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [TCP Query User{9B84BC43-B572-48AC-8334-FAB44571E94D}C:\users\see c\downloads\halo\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\halo\eldorado.exe
FirewallRules: [UDP Query User{EA12C9D8-A85D-4C13-AE94-ACE384394FC9}C:\users\see c\downloads\halo\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\halo\eldorado.exe
FirewallRules: [TCP Query User{133EEC37-7B7B-4BC4-8ED0-4145AA326FBD}C:\users\see c\downloads\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\eldorado.exe
FirewallRules: [UDP Query User{B5064890-9942-46F9-A45A-6C3AF58D1530}C:\users\see c\downloads\halo\eldorado.exe] => (Allow) C:\users\see c\downloads\halo\eldorado.exe
FirewallRules: [TCP Query User{D884978A-C55E-41A6-8FD2-5BEF4CD9D5CC}C:\users\see c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\see c\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A510F15C-5C1E-402A-B1CF-F5F0846704D2}C:\users\see c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\see c\appdata\roaming\spotify\spotify.exe
FirewallRules: [{50CC06F7-A344-44F9-9E44-07C8F03724E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{2A31BE43-4AAD-48AF-98B6-87958089B42A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{3580FFCA-430F-440E-9914-B9287B53A663}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{26CC39F8-27E2-4FEF-9E03-BCF4EB40FD33}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1855DE39-5EB8-4A93-AC0F-97D858C11CB8}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4A69A9B-A8EB-4C00-823B-DA786E537505}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{643BF19C-6180-4B04-994A-ED8D1CD02DDC}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4768B5CE-BA03-491F-BF29-57067D047909}] => (Allow) C:\Users\See c\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFADCF31-CAB5-4F40-B908-3C876A35863D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{18E7FD7F-5161-482C-9858-9FB9A434B8D5}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{BE2A8B46-FD47-4C88-A936-A5097FFD0114}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{37BFA4FC-1A2D-41E7-9E2F-59AC639BE386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{923B5AE4-7747-4F9E-A782-2FF258B201FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{4199AC26-6B02-4507-9B5D-7837AAD926E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{EB965D5B-85B6-41F7-BD5C-06382865928D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wargame Red Dragon\WarGame3.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2015 09:03:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/27/2015 08:57:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/26/2015 09:14:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/26/2015 05:59:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/26/2015 12:23:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEECI)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/25/2015 10:09:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8964) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (12/25/2015 10:09:11 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8964) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Error: (12/25/2015 10:09:00 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8964) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
Error: (12/25/2015 10:09:00 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8964) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).
Error: (12/25/2015 10:08:50 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8964) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
System errors:
=============
Error: (12/27/2015 09:19:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:18:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:18:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:17:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:13:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:12:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:08:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:03:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error:
%%1053
Error: (12/27/2015 09:02:07 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053UsoSvcUnavailable{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (12/27/2015 09:02:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Orchestrator Service service failed to start due to the following error:
%%1053
CodeIntegrity:
===================================
Date: 2015-12-25 22:22:50.384
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-18 23:29:18.490
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-15 10:28:44.995
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-12 22:44:48.560
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-10 22:35:16.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-11-04 16:35:46.200
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-19 17:47:42.859
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 17:24:53.536
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-12 17:59:24.582
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-10 00:27:12.115
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16273.04 MB
Available physical RAM: 12240.01 MB
Total Virtual: 18705.04 MB
Available Virtual: 14263.65 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:192.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:503.73 GB) (Free:503.57 GB) NTFS
==================== MBR & Partition Table ==================
==================== End of Addition.txt ============================
Edited by Seeci, 27 December 2015 - 01:34 PM.