Inactive Think I'm infected in some way, but I'm totally stumped on what to do

A

AJRoss94

Posts: 71   +0
For the record, I'm on Windows 10.

There are a lot of little things going on with my PC that makes me think it's infected, even though I can't detect any viruses. I cannot use the windows search bar at all. Nothing happens when I click it. I've tried looking up solutions but have had no success. Common programs I use all the time are starting to crash, frequently, for the first time ever (Firefox, League of Legends). Lastly, my PC will just restart on its own while I am doing stuff out of nowhere. For example, I was doing a scan a moment ago and in the middle of it my PC restarted.

I think that about does it for what is going on. Any help would be so amazing. I had a problem three years ago and one great guy worked with me to get it fixed, so I was hoping this site could be my hero once more.
 
Instead of bumping....you've been to this forum before so you should know what to do...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
That would have been smart and productive of me. My apologies.

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Andrew (administrator) on ANDREW-PC (25-03-2016 00:14:25)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & Me & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Andrew\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5021296 2015-12-22] (VIA)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-08] (Spotify Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-08] (Spotify Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [TIDAL] => C:\Program Files (x86)\TIDAL\TIDAL.exe [2335640 2016-02-03] (TIDAL Music AS)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\MountPoints2: {67590431-d597-11e5-a627-0862669ebaa9} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-08]
ShortcutTarget: Curse.lnk -> C:\Users\Andrew\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{750e38da-db93-4397-9936-1c88f735b80d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-18] (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\extensions\artur.dubovoy@gmail.com [2016-03-08]
FF Extension: Avira Browser Safety - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\abs@avira.com [2016-03-16]
FF Extension: Reddit Enhancement Suite - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-03-18]
FF Extension: Video DownloadHelper - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: YouTube Flash Video Player - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-11]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://blogoflegends.com/wp-admin/"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Google Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Tweepi Bulk Default Action (aka Select All)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpniicpnanbaopgkcagaphglbeaejnph [2016-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2078216 2015-10-08] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1284848 2016-03-21] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-09-10] (Realtek )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 00:14 - 2016-03-25 00:14 - 00020227 _____ C:\Users\Andrew\Downloads\FRST.txt
2016-03-25 00:13 - 2016-03-25 00:14 - 00000000 ____D C:\FRST
2016-03-25 00:13 - 2016-03-25 00:13 - 02374144 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2016-03-24 13:04 - 2016-03-24 13:04 - 00000660 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 19:25 - 2016-03-23 19:25 - 00000755 _____ C:\Users\Andrew\Desktop\fsd.txt
2016-03-23 17:40 - 2016-03-23 17:40 - 00302011 _____ C:\Users\Andrew\Downloads\WindowsUpdateDiagnostic.diagcab
2016-03-22 23:37 - 2016-03-22 23:37 - 00002067 _____ C:\Users\Andrew\Desktop\Overwolf.lnk
2016-03-19 13:36 - 2016-03-23 15:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 01:57 - 2016-03-19 02:30 - 281631191 _____ C:\Users\Andrew\Desktop\cut me quaddy.flv
2016-03-19 01:23 - 2016-03-19 01:53 - 257749065 _____ C:\Users\Andrew\Desktop\cut me quad.flv
2016-03-18 16:06 - 2016-03-18 16:19 - 429860169 _____ C:\Users\Andrew\Desktop\Cute Old Couple-1.m4v
2016-03-18 15:50 - 2016-03-18 16:05 - 880738193 _____ C:\Users\Andrew\Desktop\Nice Quad-1.m4v
2016-03-18 15:31 - 2016-03-18 15:49 - 984979313 _____ C:\Users\Andrew\Desktop\Best Comeback Na-1.m4v
2016-03-18 14:34 - 2016-03-18 14:46 - 518755516 _____ C:\Users\Andrew\Desktop\Another Quad-1.m4v
2016-03-18 13:45 - 2016-03-18 14:06 - 998641853 _____ C:\Users\Andrew\Desktop\Quad To Turn Things-1.m4v
2016-03-15 02:35 - 2016-03-15 02:35 - 04646597 _____ C:\Users\Andrew\Desktop\hs goat.flv
2016-03-15 01:41 - 2016-03-15 01:41 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\.mono
2016-03-15 01:41 - 2016-03-15 01:41 - 00000000 ____D C:\ProgramData\.mono
2016-03-14 00:06 - 2016-03-14 00:06 - 00000865 _____ C:\Users\Andrew\Desktop\Handbrake.lnk
2016-03-14 00:06 - 2016-03-14 00:06 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-03-14 00:06 - 2016-03-14 00:06 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\HandBrake Team
2016-03-14 00:06 - 2016-03-14 00:06 - 00000000 ____D C:\Program Files\Handbrake
2016-03-14 00:03 - 2016-03-14 00:06 - 16520043 _____ C:\Users\Andrew\Downloads\HandBrake-0.10.5-x86_64-Win_GUI-1.exe
2016-03-13 13:26 - 2016-03-13 13:26 - 00001915 _____ C:\Users\Andrew\Desktop\Snipping Tool.lnk
2016-03-13 12:41 - 2016-03-13 12:41 - 05111240 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\spsetup129.exe
2016-03-13 12:41 - 2016-03-13 12:41 - 00000000 ____D C:\Program Files\Speccy
2016-03-13 12:38 - 2016-03-13 12:38 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-13 12:38 - 2016-03-13 12:38 - 00000000 ____D C:\Program Files\CCleaner
2016-03-13 12:37 - 2016-03-13 12:37 - 06837784 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup515.exe
2016-03-13 01:13 - 2016-03-13 01:13 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-03-13 01:13 - 2016-03-13 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-13 01:13 - 2016-03-13 01:13 - 00000000 ____D C:\Program Files\RogueKiller
2016-03-13 01:12 - 2016-03-13 01:12 - 28777312 _____ (Adlice Software ) C:\Users\Andrew\Downloads\setup.exe
2016-03-10 23:01 - 2016-03-10 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-10 23:01 - 2016-03-10 23:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-10 23:01 - 2016-03-08 02:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-10 23:01 - 2016-02-13 21:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-10 23:01 - 2016-02-13 21:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-10 23:01 - 2016-02-13 21:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-10 23:01 - 2016-02-13 21:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-10 22:59 - 2016-03-08 06:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00545632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-07 23:33 - 2016-03-03 08:16 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436447.dll
2016-03-07 23:33 - 2016-03-03 08:16 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436447.dll
2016-03-07 23:33 - 2016-03-03 08:16 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-07 23:33 - 2016-03-03 08:16 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-05 22:54 - 2016-03-05 22:55 - 220443253 _____ C:\Users\Andrew\Desktop\Its.Always.Sunny.in.Philadelphia.S11E05.HDTV.x264-KILLERS[ettv].mp4
2016-03-01 16:18 - 2016-02-23 19:57 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436200.dll
2016-03-01 16:18 - 2016-02-23 19:57 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436200.dll
2016-02-29 03:32 - 2016-02-29 04:36 - 544647442 _____ C:\Users\Andrew\Desktop\boat.flv
2016-02-27 02:56 - 2016-03-14 01:33 - 00000000 ____D C:\Users\Andrew\Documents\DoverDownsPoker
2016-02-27 02:56 - 2016-02-27 02:56 - 00002242 _____ C:\Users\Andrew\Desktop\DoverDownsPokerAndCasino.lnk
2016-02-27 02:56 - 2016-02-27 02:56 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoverDownsPokerAndCasino
2016-02-27 02:56 - 2016-02-27 02:56 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\DoverDownsPokerAndCasino
2016-02-27 02:56 - 2016-02-27 02:56 - 00000000 ____D C:\Program Files (x86)\DoverDownsPokerAndCasino
2016-02-27 00:52 - 2016-02-27 00:52 - 00000000 ____D C:\Users\Andrew\Desktop\****ing pokemon, yo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 00:12 - 2015-08-19 04:09 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2016-03-25 00:07 - 2016-02-17 00:52 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0ECE6154-DA18-425B-AA4B-540870B2F261}
2016-03-25 00:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-25 00:05 - 2016-01-11 20:28 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2016-03-25 00:05 - 2016-01-08 20:37 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Curse Client
2016-03-25 00:05 - 2015-08-19 03:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-25 00:04 - 2015-12-11 16:51 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-24 23:03 - 2015-12-22 01:04 - 01009696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-24 23:03 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-24 23:02 - 2015-12-11 16:51 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-24 22:56 - 2015-12-22 01:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-24 22:56 - 2015-12-22 01:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-24 22:30 - 2015-08-19 03:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-24 19:16 - 2015-08-19 23:55 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2016-03-24 18:24 - 2015-08-20 00:23 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-03-24 13:50 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 13:39 - 2015-12-22 01:04 - 00000000 ____D C:\Users\Andrew
2016-03-24 13:15 - 2015-08-25 13:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-24 13:09 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-24 13:04 - 2015-08-19 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:39 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-23 23:30 - 2016-02-01 21:58 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-23 23:27 - 2015-11-29 21:08 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\OBS
2016-03-23 23:02 - 2016-01-10 20:02 - 00000000 ____D C:\Users\Andrew\AppData\Local\Purplizer
2016-03-23 22:48 - 2015-08-20 00:23 - 00000000 ____D C:\Users\Andrew\AppData\Local\Overwolf
2016-03-23 17:43 - 2016-01-11 21:51 - 00000000 ____D C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
2016-03-23 15:48 - 2015-08-19 03:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-23 15:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-23 12:39 - 2015-08-19 03:40 - 00000000 ____D C:\Users\Andrew\AppData\Local\Adobe
2016-03-22 17:53 - 2015-10-31 00:10 - 00000000 ____D C:\Users\Andrew\AppData\Local\Battle.net
2016-03-20 22:01 - 2016-01-13 00:10 - 00000000 ____D C:\Users\Andrew\Desktop\saved league ****
2016-03-18 01:37 - 2015-11-18 23:28 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\HandBrake
2016-03-17 04:45 - 2015-08-19 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-17 04:44 - 2016-02-02 01:03 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-03-17 04:44 - 2016-02-02 01:03 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-03-17 04:44 - 2016-02-02 01:03 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-03-17 02:28 - 2015-12-22 01:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\Packages
2016-03-14 18:03 - 2015-12-11 16:51 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 15:06 - 2015-08-19 03:12 - 00000000 ___RD C:\Users\Andrew\Desktop\Junk
2016-03-13 13:23 - 2015-08-19 03:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Spotify
2016-03-13 13:23 - 2015-08-19 03:30 - 00000000 ____D C:\Users\Andrew\AppData\Local\Spotify
2016-03-13 12:38 - 2016-02-01 23:05 - 00000000 ____D C:\Users\Me
2016-03-13 12:38 - 2016-01-23 19:17 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-03-13 12:34 - 2015-12-22 01:03 - 00000000 ____D C:\Program Files (x86)\Razer
2016-03-10 23:01 - 2015-12-22 01:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-10 23:01 - 2015-08-19 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-10 18:00 - 2015-08-24 00:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\qBittorrent
2016-03-10 14:09 - 2015-08-19 03:18 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-08-19 03:18 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-08-19 03:18 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-09 23:19 - 2015-08-29 01:31 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-09 19:48 - 2015-08-19 03:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 15:24 - 2015-08-19 04:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 15:20 - 2015-08-19 04:12 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 13:51 - 2015-08-19 03:29 - 00000000 ____D C:\ProgramData\Skype
2016-03-08 06:27 - 2015-08-29 01:31 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-08 06:27 - 2015-08-07 09:10 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 02:42 - 2015-12-22 01:24 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-08 02:42 - 2015-12-22 01:24 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-08 02:42 - 2015-12-22 01:03 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-07 00:22 - 2015-12-22 01:03 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-06 08:54 - 2015-12-22 01:02 - 04958424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-06 08:38 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\catroot2.old
2016-03-02 13:29 - 2015-08-19 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-01 16:06 - 2015-08-19 03:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\NVIDIA Corporation
2016-03-01 16:06 - 2015-08-19 03:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\NVIDIA
2016-02-27 03:48 - 2015-08-19 02:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\VirtualStore
2016-02-26 17:08 - 2015-12-23 19:55 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-25 22:31 - 2016-02-18 15:29 - 00000000 ____D C:\Users\Andrew\Desktop\old kanye leaks
2016-02-25 22:31 - 2015-08-19 23:49 - 00000000 ____D C:\Users\Andrew\Desktop\Games

Some files in TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-18 02:53

==================== End of FRST.txt ============================
 
Addition log 1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Andrew (2016-03-25 00:15:14)
Running from C:\Users\Andrew\Downloads
Windows 10 Pro Version 1511 (X64) (2015-12-22 05:12:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-949621396-2988052152-2696581483-500 - Administrator - Disabled)
Andrew (S-1-5-21-949621396-2988052152-2696581483-1000 - Administrator - Enabled) => C:\Users\Andrew
DefaultAccount (S-1-5-21-949621396-2988052152-2696581483-503 - Limited - Disabled)
Guest (S-1-5-21-949621396-2988052152-2696581483-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-949621396-2988052152-2696581483-1002 - Limited - Enabled)
Me (S-1-5-21-949621396-2988052152-2696581483-1004 - Limited - Enabled) => C:\Users\Me

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version: - id Software)
DoverDownsPokerAndCasino (HKLM-x32\...\DoverDownsPokerAndCasino) (Version: - )
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Codec Pack 11.3.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaHuman Audio Converter version 1.9.5.2 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.5.2 - MediaHuman)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
NBA 2K13 (HKLM-x32\...\Steam App 219600) (Version: - Visual Concepts)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.92.229.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TIDAL (HKLM-x32\...\TIDAL 1.2.0.697) (Version: 1.2.0.697 - TIDAL)
TIDAL (x32 Version: 1.2.0.697 - TIDAL) Hidden
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Turbo Pug (HKLM-x32\...\Steam App 418070) (Version: - Space Cat Studios)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-949621396-2988052152-2696581483-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C9818A6-C859-45CD-8030-629413010CFC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {10CE1B54-33CE-4B64-8460-C5AA2B7766A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {13F01E3F-5A37-4696-8B3A-A1F0B8B098C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {201EDF50-A8FD-4DC7-81CD-6BE6B7E66C96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {21FB42DC-2C66-4380-8EE9-3CFF19DF5A57} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25672E76-4A47-4851-9C91-E0377DBB2CEB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {31EC608A-E191-4E7A-A5DE-EA9F47B64338} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {33BB3264-3046-4589-86CD-9D62C214AEFF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {37823EA5-B0C5-4832-8928-6B61388887EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {39AF0788-FCB7-4CEB-963D-D8439BF29D7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3CE17F95-D4B0-4259-9421-AE41BBF24684} - System32\Tasks\{4BCF8759-2761-4C80-AC36-B704AA9A16E3} => pcalua.exe -a C:\Users\Andrew\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Andrew\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:3588
Task: {3F5106D6-60A5-40BC-A7FC-CE453F22D2CA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {47644261-772F-4F50-8AC6-4F9FB1C3A838} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4961CB19-28F4-4770-86F5-E0BE542830A6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {4B9622F3-3697-4D63-9704-F5880346323F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4E34EDAA-4CC1-44AD-925B-A28D69239C7B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {50909C6B-5D48-4ACE-B35E-AAEE25D6A74C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {512EE3E1-3320-4143-98E7-FC650961F428} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {544E3E2E-11A7-4949-9A8C-EE951036EC28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {562BEEDD-C906-44AB-B965-4287CF202D50} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6790163C-E44F-4602-AC05-244C2CA96E63} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {697AEAB2-BEC9-47E8-B361-71EEC4573D7E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {6B69AAE5-7ACF-49A7-A5B9-3ECA6391DF60} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6BDB0806-989F-4426-ADF6-BE023E6407B8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {705EA8B8-A896-4751-9147-5950699BBB0D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {73691796-99EF-402F-AD4A-9E131FF6CA95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {76167D8C-7625-4558-846C-87D39CDF7229} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7DCBE1D4-CEDD-48B5-9379-CED6E85056A0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {82D57438-3756-40E3-A1F1-53576E2767AF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9E26EEB8-C38F-4A72-BBB0-EC5F2102D285} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {A3F2E532-D3DC-4B2A-81A7-E05CD77C9214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AAD8C293-563B-4BA9-9167-B525C2450EF3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AC714045-390B-4137-ABE1-ED3CB4C81B53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {B49855BF-E7C5-4AAA-B4DE-F54BAC16A045} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6F0EC2D-4465-4349-967A-BB54EAE02913} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B947783E-0DB9-4E65-A827-4B635EB21AF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {BBB0637C-6809-40D8-8766-3D9B4221ACEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEE54E9B-EBA4-41F3-A6A1-C6E9B624EC4A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C2E234E1-0261-4BAB-B082-62F3F2AFEA3D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C5F34884-E891-4D6E-B749-CC310A1AE43E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-03] ()
Task: {C8C0A8B4-6B96-42DF-B789-288C4BED8E59} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {C92BD1C6-A08E-4739-9121-9EDFB7581DEF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-03-21] (Overwolf LTD)
Task: {CDBACD7C-BE6A-4163-BEDB-59D995A5067D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D6A13708-320D-4D4B-B7AE-3E3C7D7B80AC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DAC6C47D-36F7-4A88-B4D9-4A197A2DC1D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E19E786F-F905-4A70-A1CC-47A1C49351D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {F64A1DF7-2C55-4C54-AA16-B99052686A7A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-22 01:03 - 2016-03-08 02:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-01 16:06 - 2016-02-17 02:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-22 01:20 - 2016-02-17 02:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-01 16:06 - 2016-02-17 02:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-11-04 20:11 - 2015-11-04 20:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-12-22 03:58 - 2015-12-22 03:58 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-22 03:58 - 2015-12-22 03:58 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () D:\Office\Office15\1033\GrooveIntlResource.dll
2015-12-22 01:28 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-22 01:28 - 2015-12-07 00:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-21 03:55 - 2015-12-21 03:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-01-21 17:54 - 2014-01-21 17:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-03-23 14:54 - 2016-03-23 14:54 - 02309632 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.13\deploy\LoLLauncher.exe
2016-03-23 14:54 - 2016-03-23 14:54 - 04225024 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\LoLPatcher.exe
2016-02-02 03:27 - 2016-02-02 03:27 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\LolClient.exe
2015-08-19 03:33 - 2016-02-17 03:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-11 11:36 - 2016-01-11 11:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-02-26 04:29 - 2016-02-26 04:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-03-02 13:31 - 2015-10-06 15:26 - 50656768 _____ () C:\Users\Andrew\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-03-02 13:31 - 2015-10-06 15:26 - 01874944 _____ () C:\Users\Andrew\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-03-02 13:31 - 2015-10-06 15:26 - 00075264 _____ () C:\Users\Andrew\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-03-23 14:54 - 2016-03-23 14:54 - 01396224 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.53\deploy\RiotLauncher.dll
2016-02-02 03:24 - 2016-02-02 03:24 - 04885152 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2016-02-02 03:24 - 2016-02-02 03:24 - 17414304 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.192\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-949621396-2988052152-2696581483-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "avgnt"
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\StartupApproved\Run: => "Spotify"
 
Addition log 2:

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{64E287AE-4C8C-4F74-A348-8B367EEA8205}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{AB28A634-34E8-4E30-926E-88749DA9C806}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{72B497E6-162F-4A1D-ACF4-F4CECEE73D79}] => (Allow) D:\Games\steamapps\common\Turbo Pug\game.exe
FirewallRules: [{2E5A9A03-95B2-4923-9D2D-1A6D6C36A8FD}] => (Allow) D:\Games\steamapps\common\Turbo Pug\game.exe
FirewallRules: [{178D2011-ECA5-4F8C-8823-9AA83A2D6B4A}] => (Allow) D:\Games\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{D0FBC89A-E027-4AD1-9E44-CBA5C5D67BD6}] => (Allow) D:\Games\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{58EB4FC2-9FA9-4C61-B515-1FDA216C2055}] => (Allow) D:\Games\steamapps\common\NBA2K13\nba2k13.exe
FirewallRules: [{306C3FEB-B400-4B37-A3F1-59B839DE47E6}] => (Allow) D:\Games\steamapps\common\NBA2K13\nba2k13.exe
FirewallRules: [{2FD0166E-CEF7-46BC-80E3-9B35CFC723ED}] => (Allow) D:\Games\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{F80DADC0-72D0-443D-958B-849BF8C2AFCD}] => (Allow) D:\Games\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{5160D0B8-798F-4F38-9412-19170AD32CCE}] => (Allow) D:\Games\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{7AF5C91F-FBB2-4EDA-8A1B-59BE62C5A8B7}] => (Allow) D:\Games\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{BC7AC26E-77F1-4819-9A00-FED6E83DA619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F9134F6-82B5-4F0C-A32A-46BCCE1A4F4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{09316112-2776-45CB-B06B-8F2FFFC1E6D3}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{F9A16EC3-B798-4AEB-9642-2273086140AD}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{1A40C085-C68F-4D2E-9671-76C0D636EA8E}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{594E4FC3-A0B9-4690-BC31-E47ED2DE31E2}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1219396C-8F2E-452F-8855-D1E23F8BC26C}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{56065548-D4EB-4D8A-8549-0DFBA7A84806}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B51CBA81-5A2D-4E11-83BF-9FBE42E38A36}D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{810EC75D-DE5E-4A13-83AF-41C743DEB06B}D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [{B6E4F0A6-CB6E-4F73-8B7A-0784CA7F4555}] => (Allow) D:\Games\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{C5D3DEEE-8733-4B13-A0C6-A9EA3098F000}] => (Allow) D:\Games\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{CED9B22A-4BEA-4F76-B675-F86A538D4066}] => (Allow) D:\Games\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{0211D519-5ED3-4D98-91C0-F955319A5DF0}] => (Allow) D:\Games\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{B54ADF5C-54C6-4303-86A6-19BEB0C5137B}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{1E980802-36E4-42CA-AC55-3C291576F2C5}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{DC01142E-177E-4A30-AD79-F59253500118}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{76272DBB-299B-4724-91BE-D454D5DE7D7B}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{95BF3791-51DC-49FB-821D-6D2855525F21}] => (Allow) D:\Games\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{AE5E202E-BF9E-48BC-A97B-8A2EB06E96EA}] => (Allow) D:\Games\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{B91B2F70-8BB8-4D45-99E5-EE9052FDB3A7}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E0FC4FA2-AD10-4F38-A21A-FEB7C2F02362}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{67216BA1-E1FA-455B-9CE6-47FEE211A0A8}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
FirewallRules: [{84014144-7ED4-4351-9960-8E3178266FAE}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
FirewallRules: [{E42021E9-8E17-44B1-85F0-44A6E927C1CA}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{B6B098A9-F075-47EF-93C0-39E8A2EADC6E}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{4CC0D74F-5A24-4915-8CBF-363ED98D2C39}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2DBD9806-41A7-4B8D-83AC-178AB0E7014D}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{F3BAD7C7-F247-4823-88A8-7727DB377C3A}] => (Allow) D:\Games\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7DB08D51-5ECF-4AD7-9BE9-0AD14BC56209}] => (Allow) D:\Games\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{35545E16-7D90-4AEA-9706-44B8D38963A4}] => (Allow) D:\Games\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{A38657A1-D6C3-480F-9E50-A24C945023C2}] => (Allow) D:\Games\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{73E08C30-BBF8-4BCB-999D-C5DB244DCF81}] => (Allow) D:\Office\Office15\outlook.exe
FirewallRules: [{3FE16122-DDE9-4C03-8D56-CDFC36DBCA74}] => (Allow) D:\Office\Office15\UcMapi.exe
FirewallRules: [{7FBD4D05-4163-4278-9C9A-AD767995F4BF}] => (Allow) D:\Office\Office15\UcMapi.exe
FirewallRules: [{85D3B745-7AC1-44C8-B163-B512481A86BA}] => (Allow) D:\Office\Office15\lync.exe
FirewallRules: [{763FB755-C7E9-4DFA-804C-C8D4653767D3}] => (Allow) D:\Office\Office15\lync.exe
FirewallRules: [UDP Query User{26234075-8116-4638-B64F-8E3E8E86BF02}D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Block) D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{FF8B9B4E-CBBA-4C6B-AA83-6FC47C0D5E66}D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Block) D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{F1EF357E-802A-4473-8F0A-1FEB7880A669}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{759B99C5-8BA6-4E62-982D-B0DF5F93C3F7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{0F6643AE-9E7D-4CE7-8C79-72CF221914C3}D:\games\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{725B56CB-5A23-4DE5-8F05-BDE683C64B51}D:\games\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{C53A8627-74A6-4EF2-A38F-661A18C7D46D}] => (Allow) D:\Games\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{890B90CD-6EB8-4E68-AEA6-0208D89ACD62}] => (Allow) D:\Games\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [UDP Query User{AA13B6D6-8EA7-4188-BFEC-87EBAE807A6A}D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{4975CF40-958C-4C73-B4E2-979B7AC1A749}D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{C4DD31CB-7F04-4B5E-ACA6-D824F4F34E4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1BA2BA4B-22E8-4311-B7FE-D7D2B7C503AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{20CFEDBC-9B8F-40F7-8FEE-D42F3CE8486E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CF521CEE-3461-4E5A-8135-34ED2E5BCF50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1B9BCB3B-DA9F-44F0-8814-C3643D86AF09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B9380B36-DD09-492D-AD83-3ACE05D85DF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86B6ACB1-5EB2-4A55-8127-4CCA97BA9B01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{75D5A061-0EA8-4639-BBE6-A282134D8B6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EC9C2B24-A0BA-45D0-80A8-5FB60FDA21A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{60BDD705-2C26-4ABC-A1C5-C664FF1E61E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{19585651-699A-4664-92A6-3B2F86EF4987}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DDC7E84A-124F-47B1-ABBB-FB88671F70B5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{362535EA-0F68-4C60-A9D4-86C64713319F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DD010EA2-2618-4826-B70E-407B5196F52B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{18E10D05-FD14-48BE-8BE1-67515766F4E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9E787DC-1866-4019-8FF6-10A2BCADF96F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CB3C3DD-812D-471A-A80F-B4E6F760FCC1}] => (Allow) D:\Games\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{23927C68-0087-4496-8588-0C0A7ADF4AB6}] => (Allow) D:\Games\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{DC193F8C-CE1F-4D20-A1D1-4F3A39B24738}] => (Allow) D:\Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{4BACEC68-B52A-4B33-AE34-2720C28F90C4}] => (Allow) D:\Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6E43518A-800A-473B-A6B8-C5A7C7E27CFD}] => (Allow) D:\Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FE982C88-E7BC-430A-BD1C-C1E828C4793D}] => (Allow) D:\Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{6EDA3214-F052-4B67-953F-C1548E297518}D:\games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{1A8FEE5F-6845-4744-86F5-2F90475461CE}D:\games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{8F6B3234-58E9-4514-8CF2-4C1B8E48E185}] => (Allow) D:\Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{77C7E188-B2E7-4531-B74B-D82E5957E3EB}] => (Allow) D:\Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{78D448CB-BAA7-48E8-ACAD-B89BEC6B33D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EDACF88-FE3F-4AB8-8878-92DD09FAA7D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D03FB14-1934-4E26-9FCE-9AE47858F162}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5CACE5D1-54FB-4B9D-A870-95CBE3E3F143}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10C8F04B-5CD7-44F7-B814-C0D9CB140A32}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{52500358-95B1-46C5-ABB3-B659F4503954}] => (Allow) D:\Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{84EF24DD-2A1F-4896-98BA-75A29BBEC4D6}] => (Allow) D:\Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{7594A909-3ACB-4A8B-B99D-9EC7A358ACD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-03-2016 23:27:35 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2016 12:14:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (03/25/2016 12:05:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024882 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 12:05:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x19d0
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 12:05:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 12:05:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x1b98
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 12:05:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 12:04:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x1a18
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 12:04:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 12:04:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x196c
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 12:04:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/25/2016 12:06:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_82baa service terminated with the following error:
%%193

Error: (03/25/2016 12:06:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Movies & TV.

Error: (03/25/2016 12:06:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft People.

Error: (03/25/2016 12:06:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft Phone.

Error: (03/25/2016 12:05:03 AM) (Source: DCOM) (EventID: 10010) (User: Andrew-PC)
Description: CortanaUI

Error: (03/25/2016 12:05:00 AM) (Source: DCOM) (EventID: 10010) (User: Andrew-PC)
Description: CortanaUI

Error: (03/25/2016 12:04:57 AM) (Source: DCOM) (EventID: 10010) (User: Andrew-PC)
Description: CortanaUI

Error: (03/25/2016 12:04:55 AM) (Source: DCOM) (EventID: 10010) (User: Andrew-PC)
Description: CortanaUI

Error: (03/24/2016 10:56:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (03/24/2016 10:56:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:08 PM on ‎3/‎24/‎2016 was unexpected.


CodeIntegrity:
===================================
Date: 2016-03-23 04:26:55.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 01:14:31.419
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 14:36:58.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 22:28:07.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 03:26:57.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-01 23:59:53.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:53.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:52.937
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:52.849
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:52.773
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 16366.11 MB
Available physical RAM: 13197.98 MB
Total Virtual: 32750.11 MB
Available Virtual: 28988.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:25.09 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:609.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D5279623)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7B32E4EC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller:

RogueKiller V12.0.1.0 (x64) [Mar 7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Andrew [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/25/2016 01:42:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD PM810 2.5" 7mm 128GB ATA Device +++++
--- User ---
[MBR] a5a14c99199f610be7523d0c687cf0bd
[BSP] 497fb8c0e7135cd9cd83d79141f45dc6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 121552 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-1ER162 ATA Device +++++
--- User ---
[MBR] eb54763ae573fc1fe48cdf359448c245
[BSP] 2c14ab0c478e521e8594ea05ff154af9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
ADW log:

# AdwCleaner v5.032 - Logfile created 01/02/2016 at 21:10:38
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Desktop\adwcleaner_5.032.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [889 bytes] ##########
# AdwCleaner v5.105 - Logfile created 25/03/2016 at 01:22:44
# Updated 21/03/2016 by Xplode
# Database : 2016-03-24.4 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Downloads\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\invalidprefs.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1996 bytes] - [01/02/2016 22:10:38]
C:\AdwCleaner\AdwCleaner[C2].txt - [2739 bytes] - [03/02/2016 01:24:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [2300 bytes] - [01/02/2016 22:09:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [647 bytes] - [01/02/2016 22:12:14]
C:\AdwCleaner\AdwCleaner[S3].txt - [2501 bytes] - [03/02/2016 00:54:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [2501 bytes] - [03/02/2016 01:23:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2433 bytes] ##########
 
JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Pro x64
Ran by Andrew (Administrator) on Fri 03/25/2016 at 1:24:44.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/25/2016 at 1:26:11.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2016
Scan Time: 1:26 AM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.25.01
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Andrew

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442552
Time Elapsed: 6 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Not much there...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Andrew (administrator) on ANDREW-PC (25-03-2016 17:57:39)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew & (Available Profiles: Andrew & Me & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Users\Andrew\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Farbar) C:\Users\Andrew\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5021296 2015-12-22] (VIA)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-08] (Spotify Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-08] (Spotify Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [TIDAL] => C:\Program Files (x86)\TIDAL\TIDAL.exe [2335640 2016-02-03] (TIDAL Music AS)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\MountPoints2: {67590431-d597-11e5-a627-0862669ebaa9} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-08] (Spotify Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-08] (Spotify Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TIDAL] => C:\Program Files (x86)\TIDAL\TIDAL.exe [2335640 2016-02-03] (TIDAL Music AS)
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {67590431-d597-11e5-a627-0862669ebaa9} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-08]
ShortcutTarget: Curse.lnk -> C:\Users\Andrew\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{750e38da-db93-4397-9936-1c88f735b80d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-18] (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\extensions\artur.dubovoy@gmail.com [2016-03-08]
FF Extension: Avira Browser Safety - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\abs@avira.com [2016-03-16]
FF Extension: Reddit Enhancement Suite - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-03-18]
FF Extension: Video DownloadHelper - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: YouTube Flash Video Player - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ug3ir2j1.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-11]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://blogoflegends.com/wp-admin/"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Google Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Tweepi Bulk Default Action (aka Select All)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpniicpnanbaopgkcagaphglbeaejnph [2016-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2078216 2015-10-08] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1284848 2016-03-21] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 TeamViewer; C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-09-10] (Realtek )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 17:56 - 2016-03-25 17:56 - 02374144 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64(1).exe
2016-03-25 01:49 - 2016-03-25 01:49 - 00003318 _____ C:\Users\Andrew\Desktop\roguekillerlog.txt
2016-03-25 01:34 - 2016-03-25 01:34 - 00001047 _____ C:\Users\Andrew\Desktop\malwarebytes.txt
2016-03-25 01:26 - 2016-03-25 01:26 - 00000555 _____ C:\Users\Andrew\Desktop\JRT.txt
2016-03-25 01:24 - 2016-03-25 01:24 - 00002512 _____ C:\Users\Andrew\Desktop\AdwCleaner[C1].txt
2016-03-25 01:19 - 2016-03-25 01:19 - 01530368 _____ C:\Users\Andrew\Downloads\adwcleaner_5.105.exe
2016-03-25 01:17 - 2016-03-25 01:17 - 19655240 _____ C:\Users\Andrew\Downloads\RogueKiller.exe
2016-03-25 00:15 - 2016-03-25 00:15 - 00053456 _____ C:\Users\Andrew\Downloads\Addition.txt
2016-03-25 00:14 - 2016-03-25 17:57 - 00020692 _____ C:\Users\Andrew\Downloads\FRST.txt
2016-03-25 00:13 - 2016-03-25 17:57 - 00000000 ____D C:\FRST
2016-03-25 00:13 - 2016-03-25 00:13 - 02374144 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2016-03-24 13:04 - 2016-03-24 13:04 - 00000660 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 19:25 - 2016-03-23 19:25 - 00000755 _____ C:\Users\Andrew\Desktop\fsd.txt
2016-03-23 17:40 - 2016-03-23 17:40 - 00302011 _____ C:\Users\Andrew\Downloads\WindowsUpdateDiagnostic.diagcab
2016-03-22 23:37 - 2016-03-22 23:37 - 00002067 _____ C:\Users\Andrew\Desktop\Overwolf.lnk
2016-03-19 13:36 - 2016-03-23 15:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 01:57 - 2016-03-19 02:30 - 281631191 _____ C:\Users\Andrew\Desktop\cut me quaddy.flv
2016-03-19 01:23 - 2016-03-19 01:53 - 257749065 _____ C:\Users\Andrew\Desktop\cut me quad.flv
2016-03-18 16:06 - 2016-03-18 16:19 - 429860169 _____ C:\Users\Andrew\Desktop\Cute Old Couple-1.m4v
2016-03-18 15:50 - 2016-03-18 16:05 - 880738193 _____ C:\Users\Andrew\Desktop\Nice Quad-1.m4v
2016-03-18 15:31 - 2016-03-18 15:49 - 984979313 _____ C:\Users\Andrew\Desktop\Best Comeback Na-1.m4v
2016-03-18 14:34 - 2016-03-18 14:46 - 518755516 _____ C:\Users\Andrew\Desktop\Another Quad-1.m4v
2016-03-18 13:45 - 2016-03-18 14:06 - 998641853 _____ C:\Users\Andrew\Desktop\Quad To Turn Things-1.m4v
2016-03-15 02:35 - 2016-03-15 02:35 - 04646597 _____ C:\Users\Andrew\Desktop\hs goat.flv
2016-03-15 01:41 - 2016-03-15 01:41 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\.mono
2016-03-15 01:41 - 2016-03-15 01:41 - 00000000 ____D C:\ProgramData\.mono
2016-03-14 00:06 - 2016-03-14 00:06 - 00000865 _____ C:\Users\Andrew\Desktop\Handbrake.lnk
2016-03-14 00:06 - 2016-03-14 00:06 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-03-14 00:06 - 2016-03-14 00:06 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\HandBrake Team
2016-03-14 00:06 - 2016-03-14 00:06 - 00000000 ____D C:\Program Files\Handbrake
2016-03-14 00:03 - 2016-03-14 00:06 - 16520043 _____ C:\Users\Andrew\Downloads\HandBrake-0.10.5-x86_64-Win_GUI-1.exe
2016-03-13 13:26 - 2016-03-13 13:26 - 00001915 _____ C:\Users\Andrew\Desktop\Snipping Tool.lnk
2016-03-13 12:41 - 2016-03-13 12:41 - 05111240 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\spsetup129.exe
2016-03-13 12:41 - 2016-03-13 12:41 - 00000000 ____D C:\Program Files\Speccy
2016-03-13 12:38 - 2016-03-13 12:38 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-13 12:38 - 2016-03-13 12:38 - 00000000 ____D C:\Program Files\CCleaner
2016-03-13 12:37 - 2016-03-13 12:37 - 06837784 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup515.exe
2016-03-13 01:13 - 2016-03-13 01:13 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-03-13 01:13 - 2016-03-13 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-13 01:13 - 2016-03-13 01:13 - 00000000 ____D C:\Program Files\RogueKiller
2016-03-13 01:12 - 2016-03-13 01:12 - 28777312 _____ (Adlice Software ) C:\Users\Andrew\Downloads\setup.exe
2016-03-10 23:01 - 2016-03-10 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-10 23:01 - 2016-03-10 23:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-10 23:01 - 2016-03-08 02:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-10 23:01 - 2016-02-13 21:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-10 23:01 - 2016-02-13 21:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-10 23:01 - 2016-02-13 21:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-10 23:01 - 2016-02-13 21:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-10 22:59 - 2016-03-08 06:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00545632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-10 22:59 - 2016-03-08 06:27 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-07 23:33 - 2016-03-03 08:16 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436447.dll
2016-03-07 23:33 - 2016-03-03 08:16 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436447.dll
2016-03-07 23:33 - 2016-03-03 08:16 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-07 23:33 - 2016-03-03 08:16 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-05 22:54 - 2016-03-05 22:55 - 220443253 _____ C:\Users\Andrew\Desktop\Its.Always.Sunny.in.Philadelphia.S11E05.HDTV.x264-KILLERS[ettv].mp4
2016-03-01 16:18 - 2016-02-23 19:57 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436200.dll
2016-03-01 16:18 - 2016-02-23 19:57 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436200.dll
2016-02-29 03:32 - 2016-02-29 04:36 - 544647442 _____ C:\Users\Andrew\Desktop\boat.flv
2016-02-27 02:56 - 2016-03-14 01:33 - 00000000 ____D C:\Users\Andrew\Documents\DoverDownsPoker
2016-02-27 02:56 - 2016-02-27 02:56 - 00002242 _____ C:\Users\Andrew\Desktop\DoverDownsPokerAndCasino.lnk
2016-02-27 02:56 - 2016-02-27 02:56 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoverDownsPokerAndCasino
2016-02-27 02:56 - 2016-02-27 02:56 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\DoverDownsPokerAndCasino
2016-02-27 02:56 - 2016-02-27 02:56 - 00000000 ____D C:\Program Files (x86)\DoverDownsPokerAndCasino
2016-02-27 00:52 - 2016-02-27 00:52 - 00000000 ____D C:\Users\Andrew\Desktop\****ing pokemon, yo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-25 17:55 - 2016-01-11 20:28 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2016-03-25 17:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-25 16:02 - 2015-12-11 16:51 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-25 14:30 - 2015-08-19 03:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-25 14:02 - 2015-12-11 16:51 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-25 13:51 - 2016-02-17 00:52 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0ECE6154-DA18-425B-AA4B-540870B2F261}
2016-03-25 12:02 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-25 03:52 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-25 01:34 - 2016-02-01 21:58 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-25 01:30 - 2015-12-22 01:04 - 01009696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-25 01:30 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-25 01:26 - 2015-08-25 13:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-25 01:24 - 2016-01-08 20:37 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Curse Client
2016-03-25 01:24 - 2015-08-19 04:09 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2016-03-25 01:24 - 2015-08-19 03:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-25 01:23 - 2015-12-22 01:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-25 01:23 - 2015-12-22 01:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-25 01:22 - 2015-12-22 01:04 - 00000000 ____D C:\Users\Andrew
2016-03-25 01:22 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-25 01:20 - 2016-02-01 22:09 - 00000000 ____D C:\AdwCleaner
2016-03-25 01:16 - 2015-11-29 21:08 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\OBS
2016-03-25 00:23 - 2015-08-20 00:23 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-03-24 19:16 - 2015-08-19 23:55 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2016-03-24 13:04 - 2015-08-19 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 23:02 - 2016-01-10 20:02 - 00000000 ____D C:\Users\Andrew\AppData\Local\Purplizer
2016-03-23 22:48 - 2015-08-20 00:23 - 00000000 ____D C:\Users\Andrew\AppData\Local\Overwolf
2016-03-23 17:43 - 2016-01-11 21:51 - 00000000 ____D C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
2016-03-23 15:48 - 2015-08-19 03:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-23 15:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-23 12:39 - 2015-08-19 03:40 - 00000000 ____D C:\Users\Andrew\AppData\Local\Adobe
2016-03-22 17:53 - 2015-10-31 00:10 - 00000000 ____D C:\Users\Andrew\AppData\Local\Battle.net
2016-03-20 22:01 - 2016-01-13 00:10 - 00000000 ____D C:\Users\Andrew\Desktop\saved league ****
2016-03-18 01:37 - 2015-11-18 23:28 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\HandBrake
2016-03-17 04:45 - 2015-08-19 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-17 04:44 - 2016-02-02 01:03 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-03-17 04:44 - 2016-02-02 01:03 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-03-17 04:44 - 2016-02-02 01:03 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-03-17 02:28 - 2015-12-22 01:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\Packages
2016-03-14 18:03 - 2015-12-11 16:51 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 15:06 - 2015-08-19 03:12 - 00000000 ___RD C:\Users\Andrew\Desktop\Junk
2016-03-13 13:23 - 2015-08-19 03:30 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Spotify
2016-03-13 13:23 - 2015-08-19 03:30 - 00000000 ____D C:\Users\Andrew\AppData\Local\Spotify
2016-03-13 12:38 - 2016-02-01 23:05 - 00000000 ____D C:\Users\Me
2016-03-13 12:38 - 2016-01-23 19:17 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-03-13 12:34 - 2015-12-22 01:03 - 00000000 ____D C:\Program Files (x86)\Razer
2016-03-10 23:01 - 2015-12-22 01:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-10 23:01 - 2015-08-19 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-10 18:00 - 2015-08-24 00:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\qBittorrent
2016-03-10 14:09 - 2015-08-19 03:18 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-08-19 03:18 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-08-19 03:18 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-09 23:19 - 2015-08-29 01:31 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-09 19:48 - 2015-08-19 03:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 15:24 - 2015-08-19 04:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 15:20 - 2015-08-19 04:12 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 13:51 - 2015-08-19 03:29 - 00000000 ____D C:\ProgramData\Skype
2016-03-08 06:27 - 2015-08-29 01:31 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-08 06:27 - 2015-08-29 01:31 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-08 06:27 - 2015-08-07 09:10 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 02:42 - 2015-12-22 01:24 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-08 02:42 - 2015-12-22 01:24 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-08 02:42 - 2015-12-22 01:03 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-08 02:42 - 2015-12-22 01:03 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-07 00:22 - 2015-12-22 01:03 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-06 08:54 - 2015-12-22 01:02 - 04958424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-06 08:38 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\catroot2.old
2016-03-02 13:29 - 2015-08-19 03:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-01 16:06 - 2015-08-19 03:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\NVIDIA Corporation
2016-03-01 16:06 - 2015-08-19 03:34 - 00000000 ____D C:\Users\Andrew\AppData\Local\NVIDIA
2016-02-27 03:48 - 2015-08-19 02:44 - 00000000 ____D C:\Users\Andrew\AppData\Local\VirtualStore
2016-02-26 17:08 - 2015-12-23 19:55 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-25 22:31 - 2016-02-18 15:29 - 00000000 ____D C:\Users\Andrew\Desktop\old kanye leaks
2016-02-25 22:31 - 2015-08-19 23:49 - 00000000 ____D C:\Users\Andrew\Desktop\Games

Some files in TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-18 02:53

==================== End of FRST.txt ============================
 
Addition log part one:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Andrew (2016-03-25 17:58:03)
Running from C:\Users\Andrew\Downloads
Windows 10 Pro Version 1511 (X64) (2015-12-22 05:12:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-949621396-2988052152-2696581483-500 - Administrator - Disabled)
Andrew (S-1-5-21-949621396-2988052152-2696581483-1000 - Administrator - Enabled) => C:\Users\Andrew
DefaultAccount (S-1-5-21-949621396-2988052152-2696581483-503 - Limited - Disabled)
Guest (S-1-5-21-949621396-2988052152-2696581483-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-949621396-2988052152-2696581483-1002 - Limited - Enabled)
Me (S-1-5-21-949621396-2988052152-2696581483-1004 - Limited - Enabled) => C:\Users\Me

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version: - id Software)
DoverDownsPokerAndCasino (HKLM-x32\...\DoverDownsPokerAndCasino) (Version: - )
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Codec Pack 11.3.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaHuman Audio Converter version 1.9.5.2 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.5.2 - MediaHuman)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
NBA 2K13 (HKLM-x32\...\Steam App 219600) (Version: - Visual Concepts)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.92.229.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
Spotify (HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TIDAL (HKLM-x32\...\TIDAL 1.2.0.697) (Version: 1.2.0.697 - TIDAL)
TIDAL (x32 Version: 1.2.0.697 - TIDAL) Hidden
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Turbo Pug (HKLM-x32\...\Steam App 418070) (Version: - Space Cat Studios)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
Addition log part two:

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-949621396-2988052152-2696581483-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C9818A6-C859-45CD-8030-629413010CFC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {10CE1B54-33CE-4B64-8460-C5AA2B7766A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {13F01E3F-5A37-4696-8B3A-A1F0B8B098C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {201EDF50-A8FD-4DC7-81CD-6BE6B7E66C96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {21FB42DC-2C66-4380-8EE9-3CFF19DF5A57} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25672E76-4A47-4851-9C91-E0377DBB2CEB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {31EC608A-E191-4E7A-A5DE-EA9F47B64338} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {33BB3264-3046-4589-86CD-9D62C214AEFF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {37823EA5-B0C5-4832-8928-6B61388887EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {39AF0788-FCB7-4CEB-963D-D8439BF29D7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3CE17F95-D4B0-4259-9421-AE41BBF24684} - System32\Tasks\{4BCF8759-2761-4C80-AC36-B704AA9A16E3} => pcalua.exe -a C:\Users\Andrew\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Andrew\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:3588
Task: {3F5106D6-60A5-40BC-A7FC-CE453F22D2CA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {47644261-772F-4F50-8AC6-4F9FB1C3A838} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4961CB19-28F4-4770-86F5-E0BE542830A6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {4B9622F3-3697-4D63-9704-F5880346323F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4E34EDAA-4CC1-44AD-925B-A28D69239C7B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {50909C6B-5D48-4ACE-B35E-AAEE25D6A74C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {512EE3E1-3320-4143-98E7-FC650961F428} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {544E3E2E-11A7-4949-9A8C-EE951036EC28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {562BEEDD-C906-44AB-B965-4287CF202D50} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6790163C-E44F-4602-AC05-244C2CA96E63} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {697AEAB2-BEC9-47E8-B361-71EEC4573D7E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {6B69AAE5-7ACF-49A7-A5B9-3ECA6391DF60} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6BDB0806-989F-4426-ADF6-BE023E6407B8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {705EA8B8-A896-4751-9147-5950699BBB0D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {73691796-99EF-402F-AD4A-9E131FF6CA95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {76167D8C-7625-4558-846C-87D39CDF7229} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7DCBE1D4-CEDD-48B5-9379-CED6E85056A0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {82D57438-3756-40E3-A1F1-53576E2767AF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {9E26EEB8-C38F-4A72-BBB0-EC5F2102D285} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {A3F2E532-D3DC-4B2A-81A7-E05CD77C9214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AAD8C293-563B-4BA9-9167-B525C2450EF3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AC714045-390B-4137-ABE1-ED3CB4C81B53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {B49855BF-E7C5-4AAA-B4DE-F54BAC16A045} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6F0EC2D-4465-4349-967A-BB54EAE02913} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B947783E-0DB9-4E65-A827-4B635EB21AF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {BBB0637C-6809-40D8-8766-3D9B4221ACEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEE54E9B-EBA4-41F3-A6A1-C6E9B624EC4A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C2E234E1-0261-4BAB-B082-62F3F2AFEA3D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C5F34884-E891-4D6E-B749-CC310A1AE43E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-03] ()
Task: {C8C0A8B4-6B96-42DF-B789-288C4BED8E59} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {C92BD1C6-A08E-4739-9121-9EDFB7581DEF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-03-21] (Overwolf LTD)
Task: {CDBACD7C-BE6A-4163-BEDB-59D995A5067D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D6A13708-320D-4D4B-B7AE-3E3C7D7B80AC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {DAC6C47D-36F7-4A88-B4D9-4A197A2DC1D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E19E786F-F905-4A70-A1CC-47A1C49351D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {F64A1DF7-2C55-4C54-AA16-B99052686A7A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-11-04 20:11 - 2015-11-04 20:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-01 16:06 - 2016-02-17 02:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-22 01:20 - 2016-02-17 02:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-01 16:06 - 2016-02-17 02:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-22 03:58 - 2015-12-22 03:58 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-22 03:58 - 2015-12-22 03:58 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () D:\Office\Office15\1033\GrooveIntlResource.dll
2015-12-22 01:28 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-22 01:28 - 2015-12-07 00:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-19 03:33 - 2016-02-17 03:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-949621396-2988052152-2696581483-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "avgnt"
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-949621396-2988052152-2696581483-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{64E287AE-4C8C-4F74-A348-8B367EEA8205}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{AB28A634-34E8-4E30-926E-88749DA9C806}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{72B497E6-162F-4A1D-ACF4-F4CECEE73D79}] => (Allow) D:\Games\steamapps\common\Turbo Pug\game.exe
FirewallRules: [{2E5A9A03-95B2-4923-9D2D-1A6D6C36A8FD}] => (Allow) D:\Games\steamapps\common\Turbo Pug\game.exe
FirewallRules: [{178D2011-ECA5-4F8C-8823-9AA83A2D6B4A}] => (Allow) D:\Games\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{D0FBC89A-E027-4AD1-9E44-CBA5C5D67BD6}] => (Allow) D:\Games\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{58EB4FC2-9FA9-4C61-B515-1FDA216C2055}] => (Allow) D:\Games\steamapps\common\NBA2K13\nba2k13.exe
FirewallRules: [{306C3FEB-B400-4B37-A3F1-59B839DE47E6}] => (Allow) D:\Games\steamapps\common\NBA2K13\nba2k13.exe
FirewallRules: [{2FD0166E-CEF7-46BC-80E3-9B35CFC723ED}] => (Allow) D:\Games\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{F80DADC0-72D0-443D-958B-849BF8C2AFCD}] => (Allow) D:\Games\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{5160D0B8-798F-4F38-9412-19170AD32CCE}] => (Allow) D:\Games\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{7AF5C91F-FBB2-4EDA-8A1B-59BE62C5A8B7}] => (Allow) D:\Games\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{BC7AC26E-77F1-4819-9A00-FED6E83DA619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F9134F6-82B5-4F0C-A32A-46BCCE1A4F4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{09316112-2776-45CB-B06B-8F2FFFC1E6D3}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{F9A16EC3-B798-4AEB-9642-2273086140AD}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{1A40C085-C68F-4D2E-9671-76C0D636EA8E}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{594E4FC3-A0B9-4690-BC31-E47ED2DE31E2}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1219396C-8F2E-452F-8855-D1E23F8BC26C}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{56065548-D4EB-4D8A-8549-0DFBA7A84806}C:\users\andrew\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andrew\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B51CBA81-5A2D-4E11-83BF-9FBE42E38A36}D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{810EC75D-DE5E-4A13-83AF-41C743DEB06B}D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) D:\games\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [{B6E4F0A6-CB6E-4F73-8B7A-0784CA7F4555}] => (Allow) D:\Games\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{C5D3DEEE-8733-4B13-A0C6-A9EA3098F000}] => (Allow) D:\Games\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{CED9B22A-4BEA-4F76-B675-F86A538D4066}] => (Allow) D:\Games\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{0211D519-5ED3-4D98-91C0-F955319A5DF0}] => (Allow) D:\Games\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{B54ADF5C-54C6-4303-86A6-19BEB0C5137B}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{1E980802-36E4-42CA-AC55-3C291576F2C5}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{DC01142E-177E-4A30-AD79-F59253500118}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{76272DBB-299B-4724-91BE-D454D5DE7D7B}] => (Allow) D:\Games\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{95BF3791-51DC-49FB-821D-6D2855525F21}] => (Allow) D:\Games\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{AE5E202E-BF9E-48BC-A97B-8A2EB06E96EA}] => (Allow) D:\Games\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{B91B2F70-8BB8-4D45-99E5-EE9052FDB3A7}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E0FC4FA2-AD10-4F38-A21A-FEB7C2F02362}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{67216BA1-E1FA-455B-9CE6-47FEE211A0A8}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
FirewallRules: [{84014144-7ED4-4351-9960-8E3178266FAE}] => (Allow) C:\Users\Public\temp\TeamViewer\TeamViewer.exe
FirewallRules: [{E42021E9-8E17-44B1-85F0-44A6E927C1CA}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{B6B098A9-F075-47EF-93C0-39E8A2EADC6E}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{4CC0D74F-5A24-4915-8CBF-363ED98D2C39}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2DBD9806-41A7-4B8D-83AC-178AB0E7014D}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{F3BAD7C7-F247-4823-88A8-7727DB377C3A}] => (Allow) D:\Games\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7DB08D51-5ECF-4AD7-9BE9-0AD14BC56209}] => (Allow) D:\Games\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{35545E16-7D90-4AEA-9706-44B8D38963A4}] => (Allow) D:\Games\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{A38657A1-D6C3-480F-9E50-A24C945023C2}] => (Allow) D:\Games\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{73E08C30-BBF8-4BCB-999D-C5DB244DCF81}] => (Allow) D:\Office\Office15\outlook.exe
FirewallRules: [{3FE16122-DDE9-4C03-8D56-CDFC36DBCA74}] => (Allow) D:\Office\Office15\UcMapi.exe
FirewallRules: [{7FBD4D05-4163-4278-9C9A-AD767995F4BF}] => (Allow) D:\Office\Office15\UcMapi.exe
FirewallRules: [{85D3B745-7AC1-44C8-B163-B512481A86BA}] => (Allow) D:\Office\Office15\lync.exe
FirewallRules: [{763FB755-C7E9-4DFA-804C-C8D4653767D3}] => (Allow) D:\Office\Office15\lync.exe
FirewallRules: [UDP Query User{26234075-8116-4638-B64F-8E3E8E86BF02}D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Block) D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{FF8B9B4E-CBBA-4C6B-AA83-6FC47C0D5E66}D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Block) D:\games\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{F1EF357E-802A-4473-8F0A-1FEB7880A669}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{759B99C5-8BA6-4E62-982D-B0DF5F93C3F7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{0F6643AE-9E7D-4CE7-8C79-72CF221914C3}D:\games\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{725B56CB-5A23-4DE5-8F05-BDE683C64B51}D:\games\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{C53A8627-74A6-4EF2-A38F-661A18C7D46D}] => (Allow) D:\Games\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{890B90CD-6EB8-4E68-AEA6-0208D89ACD62}] => (Allow) D:\Games\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [UDP Query User{AA13B6D6-8EA7-4188-BFEC-87EBAE807A6A}D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{4975CF40-958C-4C73-B4E2-979B7AC1A749}D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\games\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{C4DD31CB-7F04-4B5E-ACA6-D824F4F34E4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1BA2BA4B-22E8-4311-B7FE-D7D2B7C503AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{20CFEDBC-9B8F-40F7-8FEE-D42F3CE8486E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CF521CEE-3461-4E5A-8135-34ED2E5BCF50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1B9BCB3B-DA9F-44F0-8814-C3643D86AF09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B9380B36-DD09-492D-AD83-3ACE05D85DF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86B6ACB1-5EB2-4A55-8127-4CCA97BA9B01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{75D5A061-0EA8-4639-BBE6-A282134D8B6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EC9C2B24-A0BA-45D0-80A8-5FB60FDA21A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{60BDD705-2C26-4ABC-A1C5-C664FF1E61E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{19585651-699A-4664-92A6-3B2F86EF4987}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DDC7E84A-124F-47B1-ABBB-FB88671F70B5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{362535EA-0F68-4C60-A9D4-86C64713319F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DD010EA2-2618-4826-B70E-407B5196F52B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{18E10D05-FD14-48BE-8BE1-67515766F4E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9E787DC-1866-4019-8FF6-10A2BCADF96F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CB3C3DD-812D-471A-A80F-B4E6F760FCC1}] => (Allow) D:\Games\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{23927C68-0087-4496-8588-0C0A7ADF4AB6}] => (Allow) D:\Games\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{DC193F8C-CE1F-4D20-A1D1-4F3A39B24738}] => (Allow) D:\Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{4BACEC68-B52A-4B33-AE34-2720C28F90C4}] => (Allow) D:\Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6E43518A-800A-473B-A6B8-C5A7C7E27CFD}] => (Allow) D:\Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FE982C88-E7BC-430A-BD1C-C1E828C4793D}] => (Allow) D:\Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{6EDA3214-F052-4B67-953F-C1548E297518}D:\games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{1A8FEE5F-6845-4744-86F5-2F90475461CE}D:\games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{8F6B3234-58E9-4514-8CF2-4C1B8E48E185}] => (Allow) D:\Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{77C7E188-B2E7-4531-B74B-D82E5957E3EB}] => (Allow) D:\Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{78D448CB-BAA7-48E8-ACAD-B89BEC6B33D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EDACF88-FE3F-4AB8-8878-92DD09FAA7D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D03FB14-1934-4E26-9FCE-9AE47858F162}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5CACE5D1-54FB-4B9D-A870-95CBE3E3F143}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10C8F04B-5CD7-44F7-B814-C0D9CB140A32}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{52500358-95B1-46C5-ABB3-B659F4503954}] => (Allow) D:\Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{84EF24DD-2A1F-4896-98BA-75A29BBEC4D6}] => (Allow) D:\Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{7594A909-3ACB-4A8B-B99D-9EC7A358ACD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-03-2016 01:24:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2016 05:55:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 05:55:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x197c
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 01:38:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HubTaskHost.exe, version: 16.0.6811.2377, time stamp: 0x56e33455
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x23e8
Faulting application start time: 0xHubTaskHost.exe0
Faulting application path: HubTaskHost.exe1
Faulting module path: HubTaskHost.exe2
Report Id: HubTaskHost.exe3
Faulting package full name: HubTaskHost.exe4
Faulting package-relative application ID: HubTaskHost.exe5

Error: (03/25/2016 01:24:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/25/2016 01:23:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 01:23:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x1c34
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 01:23:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 01:23:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x1a30
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (03/25/2016 01:23:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Andrew-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/25/2016 01:23:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Exception code: 0xc000027b
Fault offset: 0x00000000001a10fd
Faulting process id: 0x1bb0
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5


System errors:
=============
Error: (03/25/2016 12:02:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft Phone.

Error: (03/25/2016 12:02:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Store.

Error: (03/25/2016 12:01:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft Photos.

Error: (03/25/2016 12:01:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Movies & TV.

Error: (03/25/2016 12:01:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft People.

Error: (03/25/2016 03:52:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: Update for Microsoft Access 2013 (KB3114735) 64-Bit Edition.

Error: (03/25/2016 03:52:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: Update for Microsoft Office 2013 (KB3114828) 64-Bit Edition.

Error: (03/25/2016 03:52:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: Update for Microsoft OneDrive for Business (KB3114841) 64-Bit Edition.

Error: (03/25/2016 03:52:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: Update for Microsoft Excel 2013 (KB3114834) 64-Bit Edition.

Error: (03/25/2016 03:52:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: Update for Skype for Business 2015 (KB3114831) 64-Bit Edition.


CodeIntegrity:
===================================
Date: 2016-03-23 04:26:55.592
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 01:14:31.419
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 14:36:58.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 22:28:07.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 03:26:57.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-01 23:59:53.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:53.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:52.937
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:52.849
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-01 23:59:52.773
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 16%
Total physical RAM: 16366.11 MB
Available physical RAM: 13653.55 MB
Total Virtual: 32750.11 MB
Available Virtual: 29678.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:27.46 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:609.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: D5279623)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7B32E4EC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.8 KB · Views: 2
Fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Andrew (2016-03-25 23:45:27) Run:1
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew & (Available Profiles: Andrew & Me & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-949621396-2988052152-2696581483-1000\...\MountPoints2: {67590431-d597-11e5-a627-0862669ebaa9} - "E:\LaunchU3.exe" -a
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Andrew\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
Task: {10CE1B54-33CE-4B64-8460-C5AA2B7766A3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {13F01E3F-5A37-4696-8B3A-A1F0B8B098C3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33BB3264-3046-4589-86CD-9D62C214AEFF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {39AF0788-FCB7-4CEB-963D-D8439BF29D7C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {544E3E2E-11A7-4949-9A8C-EE951036EC28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {562BEEDD-C906-44AB-B965-4287CF202D50} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {73691796-99EF-402F-AD4A-9E131FF6CA95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A3F2E532-D3DC-4B2A-81A7-E05CD77C9214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B6F0EC2D-4465-4349-967A-BB54EAE02913} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BBB0637C-6809-40D8-8766-3D9B4221ACEB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEE54E9B-EBA4-41F3-A6A1-C6E9B624EC4A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DAC6C47D-36F7-4A88-B4D9-4A197A2DC1D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-949621396-2988052152-2696581483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67590431-d597-11e5-a627-0862669ebaa9}" => key removed successfully
HKCR\CLSID\{67590431-d597-11e5-a627-0862669ebaa9} => key not found.
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Andrew\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10CE1B54-33CE-4B64-8460-C5AA2B7766A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10CE1B54-33CE-4B64-8460-C5AA2B7766A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13F01E3F-5A37-4696-8B3A-A1F0B8B098C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13F01E3F-5A37-4696-8B3A-A1F0B8B098C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33BB3264-3046-4589-86CD-9D62C214AEFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33BB3264-3046-4589-86CD-9D62C214AEFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39AF0788-FCB7-4CEB-963D-D8439BF29D7C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39AF0788-FCB7-4CEB-963D-D8439BF29D7C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{544E3E2E-11A7-4949-9A8C-EE951036EC28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{544E3E2E-11A7-4949-9A8C-EE951036EC28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{562BEEDD-C906-44AB-B965-4287CF202D50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{562BEEDD-C906-44AB-B965-4287CF202D50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73691796-99EF-402F-AD4A-9E131FF6CA95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73691796-99EF-402F-AD4A-9E131FF6CA95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3F2E532-D3DC-4B2A-81A7-E05CD77C9214}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3F2E532-D3DC-4B2A-81A7-E05CD77C9214}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6F0EC2D-4465-4349-967A-BB54EAE02913}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F0EC2D-4465-4349-967A-BB54EAE02913}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBB0637C-6809-40D8-8766-3D9B4221ACEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBB0637C-6809-40D8-8766-3D9B4221ACEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEE54E9B-EBA4-41F3-A6A1-C6E9B624EC4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEE54E9B-EBA4-41F3-A6A1-C6E9B624EC4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DAC6C47D-36F7-4A88-B4D9-4A197A2DC1D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC6C47D-36F7-4A88-B4D9-4A197A2DC1D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully

==== End of Fixlog 23:45:27 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Securitycheck:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 21.0.0.197
Mozilla Firefox (45.0.1)
Google Chrome (48.0.2564.116)
Google Chrome (49.0.2623.87)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
Avira Antivirus sched.exe
Avira Antivirus avshadow.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


FSS:

Farbar Service Scanner Version: 27-01-2016
Ran by Andrew (administrator) on 25-03-2016 at 23:59:36
Running from "C:\Users\Andrew\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
I have tried to run Sophos three times. Each time my computer resets sometime in the beginning. What does this mean?
 
Try this instead....

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thanks for your help. So if I am still having those issues (search bar doesn't work, PC restarts sometimes, programs crash) does that mean it is an OS issue or hardware problem? I know malware is your area, but I thought you might know.
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You must log in or register to reply here.

Similar threads

J
What if Nvidia had acquired Arm?
Replies
12
Views
250
Disiw
D
Senius
What would my FPS be low with 4090?
Replies
1
Views
856
Nelson28
N
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back