Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs are being deleted on my Computer


  • This topic is locked This topic is locked
8 replies to this topic

#1 gravity9674

gravity9674

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 September 2015 - 05:52 PM

I was playing World of Warcraft when I got a notification for java to update so naturally, I updated it. I then continued to play for a little bit then took about an hour break and when I decided to come back, I clicked on the Battle.net shortcut but a pop-up told me than the file had been moved. I went into my drive that it was saved into(D:/Program Files(x86), along with all of my other computer games, only to find out that everything except World of Warcraft had been deleted/uninstalled from my computer. I have tried to restore my computer back to the way it was four days ago (09/09/2015) when windows last updated but it didn't give me any of my files back. I have also done a scan to search for anything else that could have caused the problem but the scan told me everything is clean.  Computer restarted again today and I lost World of Warcraft.
 
I have very minor knowledge of the way computers work so I would appreciate any kind of help that anyone has.
 
If more info is needed to try to solve the problem, I'll do my best to provide it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 02
Ran by George (administrator) on DADBUILTTHIS (13-09-2015 17:41:35)
Running from D:\Downloads
Loaded Profiles: George (Available Profiles: George)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Beepa P/L) D:\Fraps\fraps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Beepa P/L) D:\Fraps\fraps64.dat
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\George\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-19] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [EADM] => "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [Spotify Web Helper] => C:\Users\George\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-29] (Spotify Ltd)
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [Spotify] => C:\Users\George\AppData\Roaming\Spotify\Spotify.exe [7389752 2015-08-29] (Spotify Ltd)
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [OneDrive] => C:\Users\George\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2015-05-24]
ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-11] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{35eaa586-77dd-4ecc-9e9d-5d707d77fe99}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b97abf1f-b2ca-4933-ac73-b93dd2f638f8}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2615718857-467728458-2752498082-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-13] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-13] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Program Files (x86)\Arc\plugins\NPSWF32.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-13] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\George\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-20]
 
Chrome: 
=======
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (YouTube) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Google Search) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Avast SafePrice) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Avast Online Security) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-19] (Razer Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 ArcService; D:\Program Files (x86)\Arc\ArcService.exe [X]
S3 Futuremark SystemInfo Service; "D:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
S3 Origin Client Service; "D:\Program Files (x86)\Origin\OriginClientService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2013-08-27] (ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SSMO4Filter; C:\Windows\system32\drivers\MO4Driver.sys [21504 2015-09-13] (Sagatek Co. Ltd.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WNDA3100v3; C:\Windows\system32\DRIVERS\WNDA3100v3.sys [2217616 2014-10-08] (MediaTek Inc.)
S3 WRfiltv; C:\Windows\system32\drivers\WRfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-13 17:40 - 2015-09-13 17:41 - 00000000 ____D C:\FRST
2015-09-13 17:37 - 2015-09-13 17:37 - 00016148 _____ C:\WINDOWS\system32\DADBUILTTHIS_George_HistoryPrediction.bin
2015-09-13 17:13 - 2015-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-13 17:05 - 2015-09-13 17:05 - 00003774 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 57f3165c-8bdc-447d-b53c-41bb2a63b577
2015-09-13 17:05 - 2015-09-13 17:05 - 00003692 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e8002bfc-de59-4d92-bec3-8b7551bd53eb
2015-09-13 17:05 - 2015-09-13 17:05 - 00000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e8002bfc-de59-4d92-bec3-8b7551bd53eb.job
2015-09-13 17:05 - 2015-09-13 17:05 - 00000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 57f3165c-8bdc-447d-b53c-41bb2a63b577.job
2015-09-13 17:05 - 2015-09-13 17:05 - 00000000 ____D C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
2015-09-13 17:04 - 2015-09-13 17:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-13 17:04 - 2015-09-13 17:04 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-09-13 17:04 - 2015-09-13 17:04 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-13 17:04 - 2015-09-13 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-13 16:55 - 2015-09-13 16:57 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-13 16:55 - 2015-09-13 16:55 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-13 16:55 - 2015-09-13 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-13 16:55 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-13 16:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-13 16:55 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-13 16:51 - 2015-09-13 16:51 - 00002228 _____ C:\Users\George\Desktop\Rkill.txt
2015-09-13 16:30 - 2015-09-13 16:30 - 00000000 ___HD C:\OneDriveTemp
2015-09-13 15:44 - 2015-09-01 20:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-13 15:44 - 2015-09-01 19:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-13 15:44 - 2015-09-01 19:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-13 15:44 - 2015-08-27 01:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-13 15:44 - 2015-08-27 01:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-13 15:44 - 2015-08-27 01:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-13 15:44 - 2015-08-27 00:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-13 15:44 - 2015-08-27 00:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-13 15:44 - 2015-08-27 00:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-13 15:44 - 2015-08-27 00:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-13 15:44 - 2015-08-27 00:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-13 15:44 - 2015-08-27 00:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-13 15:44 - 2015-08-27 00:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-13 15:44 - 2015-08-27 00:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-13 15:44 - 2015-08-27 00:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-13 15:44 - 2015-08-27 00:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-13 15:44 - 2015-08-27 00:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-13 15:44 - 2015-08-27 00:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-13 15:44 - 2015-08-27 00:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-13 15:44 - 2015-08-27 00:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-13 15:44 - 2015-08-27 00:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-13 15:44 - 2015-08-27 00:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-13 15:44 - 2015-08-27 00:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-13 15:44 - 2015-08-27 00:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-13 15:44 - 2015-08-27 00:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-13 15:44 - 2015-08-27 00:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-13 15:44 - 2015-08-27 00:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-13 15:44 - 2015-08-27 00:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-13 15:44 - 2015-08-27 00:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-13 15:44 - 2015-08-27 00:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-13 15:44 - 2015-08-27 00:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-13 15:44 - 2015-08-27 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-13 15:28 - 2015-09-13 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-09-13 15:27 - 2015-09-13 03:52 - 00001494 _____ C:\Users\George\Desktop\Battle.net - Shortcut.lnk
2015-09-13 15:18 - 2015-09-13 15:18 - 00021504 _____ (Sagatek Co. Ltd.) C:\WINDOWS\system32\Drivers\MO4Driver.sys
2015-09-13 15:11 - 2015-09-13 15:11 - 00021504 _____ (Sagatek Co. Ltd.) C:\WINDOWS\system32\Drivers\MO4Driver(2668).sys
2015-09-13 15:11 - 2015-07-20 17:57 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63C2(2672).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63D6(2669).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63C3(2671).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63D4(2670).tmp
2015-09-13 14:49 - 2015-09-13 16:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-13 14:49 - 2015-09-13 14:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-13 03:39 - 2015-09-13 15:33 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-13 03:39 - 2015-09-13 03:39 - 00000000 ____D C:\Users\George\AppData\Roaming\Sun
2015-09-13 03:39 - 2015-09-13 03:39 - 00000000 ____D C:\Users\George\.oracle_jre_usage
2015-09-09 18:33 - 2015-09-13 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-09-09 18:32 - 2015-09-09 18:33 - 00000000 ____D C:\Users\George\AppData\Roaming\Guild Wars 2
2015-09-07 02:43 - 2015-09-07 02:47 - 00000000 ____D C:\Program Files (x86)\RaidCall
2015-09-07 02:43 - 2015-09-07 02:43 - 00001100 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-09-07 02:43 - 2015-09-07 02:43 - 00001076 _____ C:\Users\George\Desktop\RaidCall.lnk
2015-09-07 02:43 - 2015-09-07 02:43 - 00000000 ____D C:\Users\George\AppData\Roaming\raidcall
2015-09-07 02:43 - 2015-09-07 02:43 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-09-07 02:39 - 2015-09-12 22:38 - 00000000 ____D C:\Users\George\AppData\Roaming\TS3Client
2015-09-07 02:39 - 2015-09-07 02:39 - 00001325 _____ C:\Users\George\Desktop\TeamSpeak 3 Client.lnk
2015-09-07 02:39 - 2015-09-07 02:39 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-09-07 02:39 - 2015-09-07 02:39 - 00000000 ____D C:\Users\George\AppData\Local\TeamSpeak 3 Client
2015-09-06 22:02 - 2015-09-13 16:19 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-09-06 22:02 - 2015-09-06 22:02 - 06379288 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-09-06 22:02 - 2015-09-06 22:02 - 00767000 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00559640 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00539160 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00539160 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00416280 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00398360 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00327704 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys
2015-09-06 22:02 - 2015-09-06 22:02 - 00271640 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvpopf64.sys
2015-09-06 22:02 - 2015-09-06 22:02 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-09-06 22:02 - 2015-09-06 22:02 - 00266776 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco12101110.dll
2015-09-06 22:02 - 2015-09-06 22:02 - 00082289 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-09-06 22:02 - 2015-09-06 22:02 - 00034068 _____ C:\WINDOWS\system32\Repository.reg
2015-09-06 22:02 - 2015-09-06 22:02 - 00004678 _____ C:\WINDOWS\system32\lvcoinst.log
2015-09-06 22:02 - 2015-09-06 22:02 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-09-06 00:28 - 2015-09-06 00:28 - 00000743 _____ C:\Users\George\Desktop\Steam.lnk
2015-09-05 15:06 - 2015-09-05 15:06 - 00000219 _____ C:\Users\George\Desktop\Counter-Strike Global Offensive.url
2015-09-05 14:53 - 2015-09-05 14:53 - 00000000 ____D C:\Users\George\AppData\Local\Steam
2015-08-28 05:05 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 05:05 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 05:05 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 05:05 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 05:05 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 05:05 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 05:05 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 05:05 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 05:05 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 05:05 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 05:05 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 05:05 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 05:05 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 05:05 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 05:05 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 05:05 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 05:05 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 05:05 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 05:05 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 05:05 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 05:05 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 05:05 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 05:05 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 05:05 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 05:05 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 05:05 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 05:05 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 05:05 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 05:05 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 05:05 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 05:05 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 05:05 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 05:05 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 05:05 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 05:05 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 05:05 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 05:05 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 05:05 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 05:05 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 05:05 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 05:05 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-25 23:24 - 2015-08-25 23:24 - 00000000 ____D C:\Users\George\Tracing
2015-08-24 17:47 - 2015-09-13 15:17 - 00000000 ____D C:\Users\George\AppData\Roaming\OBS
2015-08-24 17:47 - 2015-08-24 17:47 - 00001004 _____ C:\Users\George\Desktop\Open Broadcaster Software.lnk
2015-08-24 17:47 - 2015-08-24 17:47 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-08-24 17:47 - 2015-08-24 17:47 - 00000000 ____D C:\Program Files\OBS
2015-08-24 17:47 - 2015-08-24 17:47 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-21 09:31 - 2015-08-21 09:31 - 00001249 _____ C:\Users\Public\Desktop\World of Warcraft Public Test.lnk
2015-08-21 09:31 - 2015-08-21 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2015-08-18 23:24 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-18 23:24 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-18 23:24 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-18 23:24 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-18 23:24 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-18 23:24 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-18 23:24 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-18 23:24 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-18 23:24 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-18 23:24 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-18 23:24 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil(5998).dll
2015-08-18 23:24 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-18 23:24 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-18 23:24 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-18 23:24 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-18 23:24 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-18 23:24 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-18 23:24 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-18 23:24 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-18 23:24 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-18 23:24 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-18 23:24 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-18 23:24 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-18 23:24 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-18 23:24 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-18 23:24 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-18 23:24 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-18 23:24 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-18 23:24 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-18 23:24 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-18 23:24 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-18 23:24 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 23:24 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-18 23:24 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-18 23:24 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-18 23:24 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-18 23:24 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-18 23:24 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-18 23:24 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-18 23:24 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-18 23:24 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-18 23:24 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-18 23:24 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-18 23:24 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-18 23:24 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-18 23:24 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-18 23:24 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-18 23:24 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-18 23:24 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull(6002).sys
2015-08-18 23:24 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-18 23:24 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-18 23:24 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-18 23:24 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-18 23:24 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-18 23:24 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-18 23:24 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-18 23:24 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-18 23:24 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-18 23:24 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-18 23:24 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-18 23:24 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-18 23:24 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-18 23:24 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-18 23:24 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-18 23:24 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-18 23:24 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-18 23:24 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-18 23:24 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 23:24 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-18 23:24 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-18 23:24 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-18 23:24 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-18 23:24 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-18 23:24 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-18 23:24 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-18 23:24 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-18 23:24 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-18 20:46 - 2015-09-13 03:55 - 00000000 ____D C:\Users\George\AppData\Local\Deployment
2015-08-18 19:20 - 2015-09-13 16:30 - 00000000 ____D C:\Users\George\AppData\Roaming\Skype
2015-08-18 19:20 - 2015-08-18 19:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-18 19:20 - 2015-08-18 19:20 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-18 19:20 - 2015-08-18 19:20 - 00000000 ____D C:\Users\George\AppData\Local\Skype
2015-08-18 19:20 - 2015-08-18 19:20 - 00000000 ____D C:\ProgramData\Skype
2015-08-18 19:20 - 2015-08-18 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-18 13:38 - 2015-08-18 13:38 - 00000000 ____D C:\Users\George\AppData\Local\NetworkTiles
2015-08-17 23:24 - 2015-08-17 23:24 - 00001062 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-08-17 23:24 - 2015-08-17 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-13 17:22 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-13 17:18 - 2015-01-20 05:27 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 16:31 - 2015-05-24 21:06 - 00000000 ____D C:\Users\George\AppData\Local\Battle.net
2015-09-13 16:30 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 16:30 - 2015-05-28 13:04 - 00000000 ____D C:\Users\George\AppData\Local\Spotify
2015-09-13 16:30 - 2015-05-28 13:03 - 00000000 ____D C:\Users\George\AppData\Roaming\Spotify
2015-09-13 16:30 - 2015-01-20 20:59 - 00000000 ___DO C:\Users\George\OneDrive
2015-09-13 16:30 - 2015-01-20 18:26 - 00003194 _____ C:\WINDOWS\System32\Tasks\FRAPS
2015-09-13 16:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-13 16:29 - 2015-01-20 05:27 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 16:24 - 2015-08-06 12:43 - 00969890 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-13 16:19 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-13 16:19 - 2015-07-10 07:20 - 00201912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 16:19 - 2015-01-20 05:19 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-13 16:18 - 2015-08-06 12:44 - 00000000 ____D C:\Users\George
2015-09-13 16:18 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-13 16:18 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-13 16:18 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-13 16:13 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-13 15:34 - 2015-07-20 19:21 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-13 15:34 - 2015-07-20 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-13 15:34 - 2015-07-20 19:20 - 00000000 ____D C:\ProgramData\Oracle
2015-09-13 15:33 - 2015-01-20 05:17 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7234B6C9-5324-407E-A7C4-AEB54FBB52E8}
2015-09-13 15:28 - 2015-06-12 14:02 - 00001056 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2015-09-13 15:18 - 2015-01-20 05:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-09-13 15:17 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-09-13 15:17 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\servicing
2015-09-13 15:17 - 2015-05-24 21:06 - 00000000 ____D C:\Users\George\AppData\Roaming\Battle.net
2015-09-13 15:17 - 2015-01-20 21:00 - 00000000 ____D C:\Users\George\AppData\Roaming\vlc
2015-09-13 15:17 - 2015-01-20 05:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-13 15:16 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2015-09-10 17:55 - 2015-01-20 07:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-10 16:36 - 2015-08-06 12:39 - 00017660 _____ C:\WINDOWS\PFRO.log
2015-09-06 22:08 - 2015-07-10 07:20 - 00023694 _____ C:\WINDOWS\setupact.log
2015-09-05 23:00 - 2015-01-20 19:03 - 00047392 _____ C:\WINDOWS\DirectX.log
2015-09-05 14:51 - 2015-01-20 07:02 - 00000743 _____ C:\Users\Public\Desktop\Steam.lnk
2015-09-04 02:19 - 2015-01-20 05:27 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-30 18:18 - 2015-01-20 05:15 - 00000000 ____D C:\Users\George\AppData\Local\Packages
2015-08-29 15:15 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-29 13:29 - 2015-01-20 07:03 - 00000000 ____D C:\ProgramData\Origin
2015-08-29 04:15 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-29 04:15 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(5988)
2015-08-29 04:15 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(1844)
2015-08-28 13:13 - 2015-01-20 05:27 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 13:13 - 2015-01-20 05:27 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-23 04:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-22 19:41 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-21 08:15 - 2015-08-06 12:50 - 00000000 ____D C:\Users\George\AppData\Local\Comms
2015-08-20 22:14 - 2015-05-24 21:06 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-08-20 12:52 - 2015-08-06 12:52 - 00002379 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2015-01-30 18:41 - 2015-01-30 18:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\George\AppData\Local\Temp\jre-8u60-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-08 09:52
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by George (2015-09-13 17:41:49)
Running from D:\Downloads
Windows 10 Pro (X64) (2015-08-06 17:50:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2615718857-467728458-2752498082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2615718857-467728458-2752498082-503 - Limited - Disabled)
George (S-1-5-21-2615718857-467728458-2752498082-1001 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-2615718857-467728458-2752498082-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2615718857-467728458-2752498082-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
3Planesoft Screensaver Manager 1.4 (HKLM-x32\...\3Planesoft Screensaver Manager_is1) (Version: 1.4 - 3Planesoft)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ATI RADEON 8500 Tubes Screen Saver v1.1 (HKLM-x32\...\{338A8172-DD69-4D83-9CC8-4420561F15B0}) (Version: 1.1 - ATI Research, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\BitTorrent) (Version: 7.9.3.40761 - BitTorrent Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse Client (HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
Froggy demo by NVIDIA (remove only) (HKLM-x32\...\Froggy) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
Ghost Recon Phantoms - EU (HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\61e5da2b7c463135) (Version: 1.36.4809.2 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.8 - NETGEAR) Hidden
NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{3DAC7DF2-7E2B-41EF-8E47-96DC70E1925C}) (Version: 1.0.0.8 - NETGEAR)
NV_GEF7_LUNA_SS_nzone Screen Saver (HKLM-x32\...\NV_GEF7_LUNA_SS_nzone) (Version: - )
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.54 - NVIDIA Corporation)
NVIDIA A New Dawn demo (HKLM-x32\...\A New Dawn) (Version: 1.07 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Supersonic Sled demo (HKLM-x32\...\Supersonic Sled) (Version: - )
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic Radar (HKLM\...\{4AD04041-F286-4690-8555-38F175F0B50C}) (Version: 1.0.801 - ASUSTeKcomputer.Inc)
Spotify (HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\Spotify) (Version: 1.0.12.161.g64b0797c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sun Village NV 3D Screensaver 1.1 (HKLM-x32\...\Sun Village NV 3D Screensaver_is1) (Version: 1.1 - 3Planesoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Lost Watch II NV 3D Screensaver 1.0 (HKLM-x32\...\The Lost Watch II NV 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Western Railway NV 3D Screensaver 2.0 (HKLM-x32\...\Western Railway NV 3D Screensaver_is1) (Version: 2.0 - 3Planesoft)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKU\S-1-5-21-2615718857-467728458-2752498082-1001\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{0e560f5d-1227-4370-a13a-228fcabfef77}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615718857-467728458-2752498082-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

13-09-2015 16:45:06 R.P.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0ED7D089-D949-4B6C-85B0-6D0523F23C2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {2B761F2E-FD63-4107-A307-D9525BC7926D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2FBA54CD-580C-40E7-805E-5D2E61385148} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {377EAA49-0B79-4158-A3C3-E456CB409A43} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {44C4DB75-8103-41D0-92A2-717C1CFA37FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {47242C2C-9257-4677-B403-E8D781E682FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {55847A7E-78B9-47D8-9865-5F1B4FF50BC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {635F3F10-9D2E-492B-9302-4261C2D3BD4C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66BC9BC6-DE7E-4A31-8723-36423B89B736} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8191270A-6BC4-4037-B044-99457AC6BC95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8CDA8F6E-327D-42FA-B34B-1EE8752A8AA6} - System32\Tasks\FRAPS => D:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-06] (Microsoft Corporation)
Task: {8E89D912-82D2-40A0-A155-C53E85577643} - System32\Tasks\SUPERAntiSpyware Scheduled Task e8002bfc-de59-4d92-bec3-8b7551bd53eb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {93685717-AFD3-4847-BA87-95E04C09DF78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {964A36B0-8339-4E55-A516-26A570E7F5D0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {9D740A39-5FEF-4119-89D9-3809E1BBD148} - System32\Tasks\SUPERAntiSpyware Scheduled Task 57f3165c-8bdc-447d-b53c-41bb2a63b577 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {B1D6818C-2C04-416F-9762-F946C1878390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D90ACBCC-3CF9-4B7B-A482-B668A2481113} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {EBD9210D-F8AB-4144-ACE4-B68E6F03587E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F71F367B-E7D5-4D6A-911F-56FE8FD5910D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 57f3165c-8bdc-447d-b53c-41bb2a63b577.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e8002bfc-de59-4d92-bec3-8b7551bd53eb.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-06 15:37 - 2015-08-06 15:37 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-20 05:19 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-18 23:24 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-06 12:40 - 2013-07-04 06:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-08-28 05:05 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 05:05 - 2015-08-18 02:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-06-24 22:57 - 2015-06-24 22:57 - 00105312 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2015-08-12 01:37 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-18 23:24 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 01:37 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-20 17:57 - 2015-07-20 17:57 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 17:57 - 2015-07-20 17:57 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-13 15:18 - 2015-09-13 15:18 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091301\algo.dll
2015-08-06 12:40 - 2015-09-13 16:19 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-08-06 12:40 - 2013-07-04 06:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-01-30 18:39 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-09 16:14 - 2014-10-09 16:14 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\Ralink.dll
2012-11-21 20:26 - 2012-11-21 20:26 - 01204224 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\RaWLAPI.dll
2015-07-20 17:57 - 2015-07-20 17:57 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-04 02:19 - 2015-08-27 19:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 02:19 - 2015-08-27 19:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\George\OneDrive:ms-properties
AlternateDataStreams: C:\Users\George\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2615718857-467728458-2752498082-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wallpaper-announcement-wide.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{5532DAED-43FD-4FB7-BE4B-B13CF30AF7A5}D:\program files (x86)\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\battle.net\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{59648F87-287D-4528-82AE-7167C7A7459E}D:\program files (x86)\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{3405BD14-ED83-4149-BB79-C3078130C604}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{13E9C481-92FA-4A13-A37A-7112BEEAAA4C}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{08649429-FE94-41F5-9454-95D6C118B4D5}D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0139F6A6-9C9A-403F-9A69-325416D8D033}D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A5A10B54-A8B2-450D-9486-54F4C9C992EA}] => (Allow) C:\Users\George\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B146433-8859-4D52-9339-CA2184591AD8}] => (Allow) C:\Users\George\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{395941CB-A760-49FD-9EAC-5A100A94E265}] => (Allow) D:\Program Files (x86)\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [{413836C4-F387-4A79-A06E-AE5800268BFE}] => (Allow) D:\Program Files (x86)\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{129A9ACF-9039-4CE6-8008-F6034330DE1F}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5D362F33-6991-4F9C-8997-DCB948AFD77C}C:\users\george\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\george\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AF01B745-0C5A-445A-9E7E-D21772CA4C32}D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8D0D8A55-816F-4EF5-97AC-C9FF3D0AE030}D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{924B11F6-020F-4AE0-BD70-65C59B89D29F}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FA8845BE-3A50-4F04-9276-534597091E0E}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{8166CCDE-E89A-4CD4-8F83-22B6EB3F828F}D:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe
FirewallRules: [TCP Query User{6ED36B2A-9DF2-4C4E-A26B-9C9763D7DAB9}D:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe
FirewallRules: [UDP Query User{16CE2B86-9B30-42FE-A7F5-E864A902B843}C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe] => (Block) C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{9AC257CD-4E0D-4BE9-8E6F-5E7062AB5BAE}C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe] => (Block) C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{45FE6C4E-53FD-4AED-996E-DD62EBB7255E}C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe] => (Allow) C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe
FirewallRules: [TCP Query User{1280DD72-CB61-4D0C-A58A-AFB43BB2085A}C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe] => (Allow) C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe
FirewallRules: [UDP Query User{617D0C91-D3F9-408F-95A5-804CC9153270}C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe] => (Allow) C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{16E1D3E4-0663-4D2F-82CF-5BFE7129C81F}C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe] => (Allow) C:\ubisoft\ghost recon phantoms\pdc-live\ghostreconphantoms.exe
FirewallRules: [{9016FA4F-FDD8-4B6D-B4AB-BC93F18862A6}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{E74CDAAB-125A-443A-8363-1E7A1B35CF30}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [UDP Query User{46A2E354-4045-47B6-AEFA-6CBE5F117A48}C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe] => (Allow) C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe
FirewallRules: [TCP Query User{4D8D861F-0F93-409C-9BA8-2FB68088D412}C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe] => (Allow) C:\users\george\appdata\local\apps\2.0\t8tkpmpx.epr\a919j518.r8y\laun...app_2e973cc213891be7_0001.0024_eafc301c6e5bc8c2\launcher.exe
FirewallRules: [{D3AC3AE0-71DA-474F-BF56-7E26CC366439}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4C7B354-186E-426E-BBEE-CCDB0CF44885}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{320E78E0-29BA-4826-8851-38402E6C5638}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC85A772-DEEE-4831-B00E-C11821EDE195}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5065C9C-E2B1-4026-8B42-6DBF0747A194}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{47D99B80-4F9C-48F0-BA0C-19F6A14B1AA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3110DA4B-B96C-40E7-9283-62FE66A724F0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD06BE16-81DA-4E28-B8D5-4EE6AF6C35F4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{B94394AF-6482-45FE-8542-E0EF6009E707}D:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) D:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{387865D1-0D29-42EE-A19B-E8180A78324D}D:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) D:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{3106F4DC-229B-485A-B09A-DC03652B9E99}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D5645C25-AE3A-4543-8979-09C53D50A3C6}D:\program files (x86)\battle.net\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\battle.net\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AC2D9C4A-178C-429F-8B84-2150BD2FADDE}D:\program files (x86)\battle.net\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\battle.net\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7C41AEBA-3E9C-4CF6-9E93-3BCF1A30437A}D:\program files (x86)\battle.net\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\battle.net\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7062783F-353D-4BB3-A1BB-AE769D1FCB47}D:\program files (x86)\battle.net\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\battle.net\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DBC14552-BDF0-467D-992D-BB3A6FC33167}D:\program files (x86)\battle.net\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\battle.net\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{86859AE5-9891-41BE-907F-B4D07963D42A}D:\program files (x86)\battle.net\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\battle.net\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [{47E9D3F0-B113-4A2A-BED7-419FB838ADC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7EA5D6A-8C25-4D9B-B174-CABCDAF1F6E7}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0C05D66-745D-4D79-B082-AF7C70C23CAE}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9718DF6A-FF81-409C-8F76-DC2D3E85025D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78AABCE9-755A-48DB-88CD-4DE1F25B88F5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2015 05:37:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 05:26:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 05:21:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 05:21:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 05:19:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 05:19:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 05:13:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/13/2015 05:13:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/13/2015 04:45:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/13/2015 04:31:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/13/2015 05:15:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/13/2015 05:15:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 05:15:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/13/2015 05:15:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 05:15:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/13/2015 05:15:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 05:13:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/13/2015 05:13:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys

Error: (09/13/2015 05:13:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/13/2015 05:13:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys


Microsoft Office:
=========================
Error: (09/13/2015 05:37:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147009284

Error: (09/13/2015 05:26:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147009284

Error: (09/13/2015 05:21:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147009284

Error: (09/13/2015 05:21:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147009284

Error: (09/13/2015 05:19:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2147009284

Error: (09/13/2015 05:19:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147009284

Error: (09/13/2015 05:13:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestD:\Downloads\esetsmartinstaller_enu.exe

Error: (09/13/2015 05:13:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestD:\Downloads\esetsmartinstaller_enu.exe

Error: (09/13/2015 04:45:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (09/13/2015 04:31:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DADBUILTTHIS)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2147009284


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 23%
Total physical RAM: 16321.61 MB
Available physical RAM: 12447.07 MB
Total Virtual: 18753.61 MB
Available Virtual: 14870.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:193.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Mass Storage) (Fixed) (Total:2789.51 GB) (Free:2717.3 GB) NTFS
Drive e: (WNDA3100v3) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
Drive z: (RECOVERY PARTITION) (Fixed) (Total:4.88 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: DCB31BFE)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: DCB31BE6)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Thanks!
 
-gravity9674

Attached Files


Edited by Oh My!, 13 September 2015 - 08:24 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 13 September 2015 - 08:43 PM

Greetings gravity9674 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please move FRST.exe onto your Desktop:
 

Running from D:\Downloads


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Program Files (x86)\Arc\plugins\NPSWF32.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 ArcService; D:\Program Files (x86)\Arc\ArcService.exe [X]
S3 Futuremark SystemInfo Service; "D:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
S3 Origin Client Service; "D:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-09-13 15:11 - 2015-07-20 17:57 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63C2(2672).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63D6(2669).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63C3(2671).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63D4(2670).tmp
2015-09-06 22:02 - 2015-09-13 16:19 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-01-30 18:41 - 2015-01-30 18:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {0ED7D089-D949-4B6C-85B0-6D0523F23C2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {377EAA49-0B79-4158-A3C3-E456CB409A43} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {44C4DB75-8103-41D0-92A2-717C1CFA37FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {47242C2C-9257-4677-B403-E8D781E682FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {55847A7E-78B9-47D8-9865-5F1B4FF50BC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {635F3F10-9D2E-492B-9302-4261C2D3BD4C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66BC9BC6-DE7E-4A31-8723-36423B89B736} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8191270A-6BC4-4037-B044-99457AC6BC95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93685717-AFD3-4847-BA87-95E04C09DF78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F71F367B-E7D5-4D6A-911F-56FE8FD5910D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*Warcraft*
*neverwinter*
*heroesofthestorm*
:folderfind
*Warcraft*
*neverwinter*
*heroesofthestorm*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • SystemLook report
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#3 gravity9674

gravity9674
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 September 2015 - 09:05 PM

Thanks for the reply and I look forward to hearing back from you!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by George (2015-09-13 20:53:36) Run:1
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available Profiles: George)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Program Files (x86)\Arc\plugins\NPSWF32.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 ArcService; D:\Program Files (x86)\Arc\ArcService.exe [X]
S3 Futuremark SystemInfo Service; "D:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
S3 Origin Client Service; "D:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-09-13 15:11 - 2015-07-20 17:57 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63C2(2672).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63D6(2669).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63C3(2671).tmp
2015-09-13 15:11 - 2015-07-20 17:57 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw63D4(2670).tmp
2015-09-06 22:02 - 2015-09-13 16:19 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-01-30 18:41 - 2015-01-30 18:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {0ED7D089-D949-4B6C-85B0-6D0523F23C2F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {377EAA49-0B79-4158-A3C3-E456CB409A43} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {44C4DB75-8103-41D0-92A2-717C1CFA37FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {47242C2C-9257-4677-B403-E8D781E682FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {55847A7E-78B9-47D8-9865-5F1B4FF50BC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {635F3F10-9D2E-492B-9302-4261C2D3BD4C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66BC9BC6-DE7E-4A31-8723-36423B89B736} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8191270A-6BC4-4037-B044-99457AC6BC95} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93685717-AFD3-4847-BA87-95E04C09DF78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F71F367B-E7D5-4D6A-911F-56FE8FD5910D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => key removed successfully
ArcService => service removed successfully
Futuremark SystemInfo Service => service removed successfully
Origin Client Service => service removed successfully
wfpcapture => service removed successfully
C:\WINDOWS\system32\Drivers\asw63C2(2672).tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw63D6(2669).tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw63C3(2671).tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw63D4(2670).tmp => moved successfully
C:\WINDOWS\system32\Drivers\lvuvc.hs => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ED7D089-D949-4B6C-85B0-6D0523F23C2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ED7D089-D949-4B6C-85B0-6D0523F23C2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{377EAA49-0B79-4158-A3C3-E456CB409A43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377EAA49-0B79-4158-A3C3-E456CB409A43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44C4DB75-8103-41D0-92A2-717C1CFA37FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44C4DB75-8103-41D0-92A2-717C1CFA37FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47242C2C-9257-4677-B403-E8D781E682FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47242C2C-9257-4677-B403-E8D781E682FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55847A7E-78B9-47D8-9865-5F1B4FF50BC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55847A7E-78B9-47D8-9865-5F1B4FF50BC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{635F3F10-9D2E-492B-9302-4261C2D3BD4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{635F3F10-9D2E-492B-9302-4261C2D3BD4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66BC9BC6-DE7E-4A31-8723-36423B89B736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66BC9BC6-DE7E-4A31-8723-36423B89B736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8191270A-6BC4-4037-B044-99457AC6BC95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8191270A-6BC4-4037-B044-99457AC6BC95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93685717-AFD3-4847-BA87-95E04C09DF78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93685717-AFD3-4847-BA87-95E04C09DF78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F71F367B-E7D5-4D6A-911F-56FE8FD5910D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F71F367B-E7D5-4D6A-911F-56FE8FD5910D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
 
==== End of Fixlog 20:53:36 ====
 
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 20:55 on 13/09/2015 by George
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Warcraft*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk --a---- 1000 bytes [02:12 25/05/2015] [00:08 24/06/2015] 6BF7D4BD1D53439E038A91E50D921E6B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test\World of Warcraft Public Test.lnk --a---- 1149 bytes [14:31 21/08/2015] [14:31 21/08/2015] BD98AEAC3B2D973CE4A65CBADE93BE2D
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk --a---- 1000 bytes [02:12 25/05/2015] [00:08 24/06/2015] 6BF7D4BD1D53439E038A91E50D921E6B
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test\World of Warcraft Public Test.lnk --a---- 1149 bytes [14:31 21/08/2015] [14:31 21/08/2015] BD98AEAC3B2D973CE4A65CBADE93BE2D
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\hearthstone_heroes_of_warcraft.png --a---- 7491 bytes [13:15 12/09/2015] [13:15 12/09/2015] C194030B692E95653774054C1F82A595
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\warcraft_3_tft.png --a---- 3262 bytes [13:15 12/09/2015] [13:15 12/09/2015] 486AA8538646CC52BA79AEF9A3B53013
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\world_of_warcraft_mists_of_pandaria.png --a---- 5819 bytes [13:15 12/09/2015] [13:15 12/09/2015] B761325DD85B2F7BC4A560CE54BBC1C6
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\hearthstone_heroes_of_warcraft.translation --a---- 23259 bytes [13:15 12/09/2015] [13:15 12/09/2015] 52E6BB7E11DEC7BFA1CB4037A56DB556
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\warcraft_3_tft.translation --a---- 66286 bytes [13:15 12/09/2015] [13:15 12/09/2015] CACEB644F416968EBCAA3B06BFD080A5
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\world_of_warcraft_mists_of_pandaria.translation --a---- 255670 bytes [13:15 12/09/2015] [13:15 12/09/2015] 6148C5A113D7C315978296646D04092A
C:\Users\George\AppData\Roaming\BitTorrent\World of Warcraft - Cataclysm 4.3.4 (15595).rar.torrent ------- 32849 bytes [00:47 22/06/2015] [00:47 22/06/2015] A6EA7701B37AEDDB6277A69153316D21
C:\Users\George\AppData\Roaming\BitTorrent\World.of.Warcraft.3.3.5a.Truewow.torrent ------- 57266 bytes [05:30 13/07/2015] [05:30 13/07/2015] F359E64D266534B27716655FD3FF9FA3
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft - Cataclysm 4.3.4 (15595).lnk --a---- 678 bytes [04:25 22/06/2015] [20:51 01/09/2015] 6B50C94D21E8905D1143908ACEF1257F
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 8_12_2015 12_29_37 PM.lnk --a---- 826 bytes [17:29 12/08/2015] [17:29 12/08/2015] D181719AA752C2D7C599AAC9534BE616
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 8_12_2015 12_30_25 PM.lnk --a---- 770 bytes [17:30 12/08/2015] [02:18 24/08/2015] 872DDA7C5D1AA975C884EDEA15909A15
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 8_7_2015 10_52_09 PM.lnk --a---- 914 bytes [17:06 12/08/2015] [17:06 12/08/2015] E6E2F498832C5DEC35567D623A662051
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 9_2_2015 9_15_05 PM.lnk --a---- 909 bytes [02:16 03/09/2015] [02:16 03/09/2015] 3CD7F4B6D192DFE40A63FC028781E2CB
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft Classic.lnk --a---- 492 bytes [20:08 18/06/2015] [20:10 18/06/2015] 07321A7121CCC761F8CA450F7E839D37
C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic\World of Warcraft Classic.lnk --a---- 644 bytes [01:10 17/06/2015] [01:10 17/06/2015] 9BD661714BA5F947E6BE1CF8541D2B7D
C:\Users\George\Desktop\World of Warcraft Classic.lnk --a---- 644 bytes [01:10 17/06/2015] [01:10 17/06/2015] 9BD661714BA5F947E6BE1CF8541D2B7D
C:\Users\Public\Desktop\World of Warcraft Public Test.lnk --a---- 1249 bytes [14:31 21/08/2015] [14:31 21/08/2015] B8BBF3E3AF133714F804EB87037547F0
C:\Users\Public\Desktop\World of Warcraft.lnk --a---- 1076 bytes [02:12 25/05/2015] [00:08 24/06/2015] 10B348B2648E947C55D9DCAB9EBF07E8
 
Searching for "*neverwinter*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Neverwinter.lnk --a---- 903 bytes [22:18 13/08/2015] [22:18 13/08/2015] ADFB845FAAC24E5F523F57A0EE8CAFEB
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Neverwinter.lnk --a---- 903 bytes [22:18 13/08/2015] [22:18 13/08/2015] ADFB845FAAC24E5F523F57A0EE8CAFEB
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_neverwinter.gamepedia.com_0.localstorage --a---- 8192 bytes [04:59 14/08/2015] [05:00 14/08/2015] C3FEA5A4E2B108754EBBE81F8F642B0C
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_neverwinter.gamepedia.com_0.localstorage-journal --a---- 3608 bytes [04:59 14/08/2015] [05:00 14/08/2015] B3E129339153D7B706F4FD026E354AF4
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\neverwinter.png --a---- 4293 bytes [13:15 12/09/2015] [13:15 12/09/2015] BEF1EA9EA4810B3C4526C567238AA91D
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\neverwinter.translation --a---- 258446 bytes [13:15 12/09/2015] [13:15 12/09/2015] F6C75B2F985D1C52D28932599C0EF42F
C:\Users\Public\Desktop\Neverwinter.lnk --a---- 903 bytes [22:14 13/08/2015] [22:18 13/08/2015] 9028F098847485FBF98B7ECCDB263961
C:\Windows\Prefetch\NEVERWINTER.EXE-56850F05.pf --a---- 29348 bytes [22:18 13/08/2015] [00:26 31/08/2015] 68758DA18C643D58E46F2660021AA163
 
Searching for "*heroesofthestorm*"
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_heroesofthestorm.gamepedia.com_0.localstorage --a---- 371712 bytes [05:12 26/08/2015] [05:14 26/08/2015] 707EE6C8A33698E91275F9624CBCDB4C
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_heroesofthestorm.gamepedia.com_0.localstorage-journal --a---- 5672 bytes [05:12 26/08/2015] [05:14 26/08/2015] E36239AFB5950D1B3584F864525967E0
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-8BFDCF84.pf --a---- 35155 bytes [03:14 21/08/2015] [06:37 23/08/2015] 5B78A2687A553F270C322347A0816A8A
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-9BAA61C4.pf --a---- 28827 bytes [00:34 31/08/2015] [00:34 31/08/2015] 74BEA10247D96B8A787A110C0AF2FF81
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-C3AA1CF8.pf --a---- 28895 bytes [04:27 26/08/2015] [04:27 26/08/2015] 6E389FCF65F81AC1F541C437B61210DF
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-D9E9265B.pf --a---- 31143 bytes [04:52 11/09/2015] [04:28 12/09/2015] 539C6944CA2A2882F0668B64002AD4B3
 
========== folderfind ==========
 
Searching for "*Warcraft*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft d------ [02:12 25/05/2015]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test d------ [14:31 21/08/2015]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\World of Warcraft d------ [02:12 25/05/2015]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test d------ [14:31 21/08/2015]
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\hearthstone_heroes_of_warcraft d------ [10:25 20/01/2015]
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\warcraft_3_tft d------ [10:25 20/01/2015]
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\world_of_warcraft_mists_of_pandaria d------ [10:25 20/01/2015]
C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic d------ [01:10 17/06/2015]
 
Searching for "*neverwinter*"
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\neverwinter d------ [10:25 20/01/2015]
 
Searching for "*heroesofthestorm*"
No folders found.
 
-= EOF =-
 
 
 
 
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 13 September 2015 - 10:15 PM

Greetings,

Let's look again using a different program. Please do this.

===================================================

Installing Everything Search Engine

--------------------
  • Download Everything Search for 64 bit computers and save it to your desktop
  • Double click the icon and select Run, then I Agree
  • Click Next, then Next
  • Click Install, then Finish
  • Click Tools, then Options
  • Under Indexes left click NTFS
  • On the right side make sure Auto include new fixed volumes and Auto include new removable volumes are checked
  • Click Apply, then OK
  • In the Everything window individually type the following in the box under File and check to see if any results are found on your D:\ drive

Warcraft
neverwinter
heroesofthestorm

  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Everything Search results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 gravity9674

gravity9674
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 September 2015 - 10:23 PM

Warcraft:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\hearthstone_heroes_of_warcraft
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\warcraft_3_tft
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\world_of_warcraft_mists_of_pandaria
C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic
D:\World of Warcraft Classic
D:\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595)
D:\Downloads\World.of.Warcraft.3.3.5a.Truewow
D:\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595)\World of Warcraft - Cataclysm 4.3.4 (15595)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test\World of Warcraft Public Test.lnk
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\hearthstone_heroes_of_warcraft.png
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\warcraft_3_tft.png
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\world_of_warcraft_mists_of_pandaria.png
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\hearthstone_heroes_of_warcraft.translation
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\warcraft_3_tft.translation
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\world_of_warcraft_mists_of_pandaria.translation
C:\Users\George\AppData\Roaming\BitTorrent\World of Warcraft - Cataclysm 4.3.4 (15595).rar.torrent
C:\Users\George\AppData\Roaming\BitTorrent\World.of.Warcraft.3.3.5a.Truewow.torrent
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft - Cataclysm 4.3.4 (15595).lnk
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 8_12_2015 12_29_37 PM.lnk
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 8_12_2015 12_30_25 PM.lnk
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 8_7_2015 10_52_09 PM.lnk
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft 9_2_2015 9_15_05 PM.lnk
C:\Users\George\AppData\Roaming\Microsoft\Windows\Recent\World of Warcraft Classic.lnk
C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic\World of Warcraft Classic.lnk
C:\Users\George\Desktop\World of Warcraft Classic.lnk
C:\Users\Public\Desktop\World of Warcraft Public Test.lnk
C:\Users\Public\Desktop\World of Warcraft.lnk
D:\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595).rar
D:\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595).rar.torrent
D:\Downloads\World.of.Warcraft.3.3.5a.Truewow.torrent
D:\Videos\Captures\World of Warcraft 8_12_2015 12_30_25 PM.mp4
D:\Videos\Captures\World of Warcraft 8_7_2015 10_52_09 PM.mp4
D:\Videos\Captures\World of Warcraft 9_2_2015 9_15_05 PM.mp4
 
Neverwinter
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\wrappers\neverwinter
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_neverwinter.gamepedia.com_0.localstorage
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_neverwinter.gamepedia.com_0.localstorage-journal
C:\Windows\Prefetch\NEVERWINTER.EXE-56850F05.pf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Neverwinter.lnk
C:\Users\Public\Desktop\Neverwinter.lnk
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\icons\neverwinter.png
C:\Users\George\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\data\translations\neverwinter.translation
 
heroessofthestorm:
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-8BFDCF84.pf
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-9BAA61C4.pf
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-C3AA1CF8.pf
C:\Windows\Prefetch\HEROESOFTHESTORM_X64.EXE-D9E9265B.pf
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_heroesofthestorm.gamepedia.com_0.localstorage
C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_heroesofthestorm.gamepedia.com_0.localstorage-journal


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 13 September 2015 - 10:40 PM

I am assuming what you are looking for are files other than the downloads and mp4 files. Unfortunately it appears the information is gone. I can't explain how or why that happened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#7 gravity9674

gravity9674
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 September 2015 - 10:49 PM

I appreciate the assistance.  I will see what tomorrow brings and go from there.  Thank you



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 14 September 2015 - 09:41 AM

You are welcome. Sorry I couldn't deliver better news.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 14 September 2015 - 09:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users