Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by garar (25-09-2016 20:23:31)
Running from C:\Users\garar\Downloads
Windows 10 Home Version 1511 (X64) (2016-09-01 00:42:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1963327732-3332141323-2774556287-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1963327732-3332141323-2774556287-503 - Limited - Disabled)
garar (S-1-5-21-1963327732-3332141323-2774556287-1001 - Administrator - Enabled) => C:\Users\garar
Guest (S-1-5-21-1963327732-3332141323-2774556287-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.29.1517 - Bitdefender)
Bitdefender Internet Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.29.1517 - Bitdefender)
CC3+ (HKLM-x32\...\CC3+) (Version: 3.74 - ProFantasy Software)
CC3+ (x32 Version: 3.74 - ProFantasy Software) Hidden
Discord (HKU\S-1-5-21-1963327732-3332141323-2774556287-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dungeon Designer 3 for CC3+ (HKLM-x32\...\Dungeon Designer 3 for CC3+) (Version: 3.0 - ProFantasy Software)
Dungeon Designer 3 for CC3+ (x32 Version: 3.0 - ProFantasy Software) Hidden
FastCAD (HKLM-x32\...\FastCAD) (Version: - )
Logitech Gaming Software 8.87 (HKLM\...\Logitech Gaming Software) (Version: 8.87.116 - Logitech Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.3 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.0.0.21 - MSI)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.16.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.810 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Symbol Set 4 for CC3+ (HKLM-x32\...\Symbol Set 4 for CC3+) (Version: 1.0 - ProFantasy Software)
Symbol Set 4 for CC3+ (x32 Version: 1.0 - ProFantasy Software) Hidden
System Broker version 4.01.0 (HKLM-x32\...\{BF0467E3-8C6F-40F1-B0B5-A75DE23C824C}_is1) (Version: 4.01.0 -
www.instads.com) <==== ATTENTION
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version: - CD PROJEKT RED)
TorrentsTime Media Player (HKLM\...\TorrentsTime Media Player_is1) (Version: 1.1.9.5 - Torrents Time)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1963327732-3332141323-2774556287-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-50903CC8184B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1963327732-3332141323-2774556287-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\garar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1963327732-3332141323-2774556287-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08CA42E2-97F3-4796-B785-49B82165C8B8} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {5F2401FF-5A8F-4F43-87DF-83ADD03F4A91} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {6BE31F69-634B-4608-84DB-8C56A8CBBBB7} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {6DCB024B-B6F8-41BF-8325-57F442E978E4} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\garar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-01] (Microsoft Corporation)
Task: {854B867B-D11D-43F5-94E4-2F6B96BA72A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {9044030B-5A38-4E69-9D0D-D0AF91144446} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [2016-06-24] (Bitdefender)
Task: {C0047965-CA8B-4E9A-BA04-0D6C657B69B5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {C9646A87-8EA7-4300-B7FE-38BFE368DFC1} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-gararion@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E0223F54-96A9-4DB9-B512-7E0C8F9D8155} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-15] (Overwolf LTD)
Task: {E21AC619-0D98-425D-8029-9E1FBB45EC0E} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\garar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\garar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-02 21:07 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-09-02 21:07 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-09-02 21:07 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-09-02 21:07 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-09-02 21:07 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2016-08-31 20:50 - 2016-07-10 18:58 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-02 23:37 - 2011-10-29 09:59 - 00918448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-08-31 22:05 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-13 18:54 - 2016-09-07 01:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-31 22:16 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-13 18:54 - 2016-09-07 01:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-01 21:32 - 2016-09-01 21:32 - 01864384 _____ () C:\Users\garar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-08-31 21:37 - 2016-08-31 21:37 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 14:47 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-13 18:52 - 2016-09-07 00:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-13 18:52 - 2016-09-07 00:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-13 18:52 - 2016-09-07 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-13 18:52 - 2016-09-07 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-08-29 20:17 - 2016-08-29 20:17 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-08-29 20:17 - 2016-08-29 20:17 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-09-02 23:37 - 2016-09-25 20:10 - 00023552 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2016-09-02 23:37 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2016-09-05 20:10 - 2016-01-22 08:45 - 00086528 _____ () C:\WINDOWS\desktop-c5iisbo_310816\mgwz.dll
2016-09-10 11:15 - 2016-02-25 18:35 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll
2016-08-31 22:16 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2016-08-31 21:37 - 2016-08-31 21:37 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-08-31 21:37 - 2016-08-31 21:37 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-31 22:05 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-01 21:32 - 2016-09-01 21:32 - 01383616 _____ () C:\Users\garar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-01 21:32 - 2016-09-01 21:32 - 00118976 _____ () C:\Users\garar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-09-04 23:45 - 2016-08-08 19:27 - 00785920 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2016-09-04 23:45 - 2015-07-01 18:06 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2016-09-04 23:45 - 2016-08-23 15:33 - 02321184 _____ () D:\Program Files (x86)\Steam\video.dll
2016-09-04 23:45 - 2015-07-01 18:06 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2016-09-04 23:45 - 2015-07-01 18:06 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2016-09-04 23:45 - 2016-01-27 03:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2016-09-04 23:45 - 2016-01-27 03:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2016-09-04 23:45 - 2016-01-27 03:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2016-09-04 23:45 - 2016-01-27 03:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2016-09-04 23:45 - 2016-01-27 03:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2016-09-04 23:45 - 2016-08-23 15:33 - 00835360 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-09-04 23:45 - 2016-07-04 18:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2016-09-15 10:48 - 2016-09-15 10:48 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.98.16.0\libcef.DLL
2016-09-06 19:33 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\garar\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-09-06 19:34 - 2016-09-06 19:34 - 01050296 _____ () \\?\C:\Users\garar\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-09-06 19:34 - 2016-09-06 19:34 - 03793080 _____ () \\?\C:\Users\garar\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-09-06 19:34 - 2016-09-06 19:34 - 00894136 _____ () \\?\C:\Users\garar\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-09-06 19:34 - 2016-09-06 19:34 - 01119416 _____ () \\?\C:\Users\garar\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-09-04 23:45 - 2016-08-04 16:56 - 49825056 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2016-09-06 19:33 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\garar\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-09-06 19:33 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\garar\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-09-15 10:48 - 2016-09-15 10:48 - 01643008 _____ () C:\Program Files (x86)\Overwolf\0.98.16.0\libglesv2.dll
2016-09-15 10:48 - 2016-09-15 10:48 - 00074752 _____ () C:\Program Files (x86)\Overwolf\0.98.16.0\libegl.dll
2016-09-25 20:11 - 2016-09-25 20:11 - 00170496 _____ () \\?\C:\Users\garar\AppData\Local\Temp\5F03.tmp.node
2016-09-06 19:34 - 2016-09-12 12:20 - 02022072 _____ () \\?\C:\Users\garar\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-08-08 22:29 - 2016-08-08 22:29 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-08-08 22:30 - 2016-08-08 22:30 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-08-08 22:31 - 2016-08-08 22:31 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-08 22:31 - 2016-08-08 22:31 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-08-24 08:17 - 2016-08-24 08:17 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-08-08 22:30 - 2016-08-08 22:30 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2016-08-08 22:29 - 2016-08-08 22:29 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\garar\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\garar\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-09-01 00:08 - 2016-09-25 20:10 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1963327732-3332141323-2774556287-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\garar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 216.104.96.22 - 216.104.98.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A5F85C36-01FA-43D8-A9EF-BE2193B219BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF79128C-B506-4C42-A0D2-D31B6FE4A9EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{398BE0D3-72D8-47B4-B3D8-1F25FA82AA0A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{253FEF33-FBBB-4A18-AB67-AABA12F0C8F3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EE3069FC-A6F3-4669-9CC7-52B305760348}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{227386A7-85C8-478F-A21E-14259B14FA3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C8BE6155-8521-4375-9462-95F4A2D571D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D418713-81C5-4636-9BD9-1485DDF1353A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DEB2F376-67C8-4BDD-B6D9-848A3907D21E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AEF3D32B-83B4-4A5F-AC78-C49618A77052}] => (Allow) LPort=26789
FirewallRules: [{78B8D7FD-6E27-4343-9F02-E1D9DAB88487}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1FFFE87C-3499-4D03-88A7-43A03B029FA9}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97D7D01F-0A3E-49F8-A9B5-8D1A36AAE96F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB3E6808-1938-4546-A483-1EBEB0D144C8}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4381A743-4EA3-420D-9B5F-B6259724C542}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{2BFBA710-B0AF-4B0B-A413-E1B22495DAA5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{A9E38D39-4CF9-4D04-AE4D-2BE704B28001}] => (Allow) C:\Users\garar\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{539E7F19-8BB5-4547-B127-66A31783A806}] => (Allow) C:\Users\garar\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{94357AF6-5E26-4A25-BBDB-8C43DA2DE336}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{DC8BBA11-5262-4276-8D0C-BC3F8A27D1DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
FirewallRules: [{1D8FAF57-3C5D-4A12-A44A-8F021476C25A}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
FirewallRules: [{A23D41D0-FC5E-4A89-A1D0-B9C2F1902A3B}] => (Allow) C:\Program Files (x86)\TorrentsTime Media Player\bin\chromecast\node.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2016 08:11:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/25/2016 08:11:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (09/25/2016 08:11:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (09/25/2016 08:11:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/25/2016 08:11:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/25/2016 08:11:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/25/2016 08:11:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/22/2016 07:46:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (09/22/2016 07:46:56 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (09/22/2016 07:46:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors:
=============
Error: (09/25/2016 08:10:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TimerBroker service failed to start due to the following error:
Access is denied.
Error: (09/25/2016 08:10:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:07:26 AM on 2016-09-23 was unexpected.
Error: (09/23/2016 12:08:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_bd22030 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/23/2016 12:08:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_bd22030 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/23/2016 12:08:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_bd22030 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/23/2016 12:08:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_bd22030 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/20/2016 11:54:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1e0e61f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/20/2016 11:54:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1e0e61f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/20/2016 11:54:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1e0e61f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/20/2016 11:54:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1e0e61f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-09-20 17:56:32.106
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-15 22:04:15.285
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-15 19:39:44.275
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-14 01:06:27.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.97.209.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
Date: 2016-09-06 19:35:15.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-05 20:09:29.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.97.209.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
Date: 2016-09-05 20:08:28.386
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.97.209.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
Date: 2016-09-02 20:27:17.980
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-01 19:54:02.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-31 20:43:55.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16364.13 MB
Available physical RAM: 12547.18 MB
Total Virtual: 18796.13 MB
Available Virtual: 14844.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:73.04 GB) NTFS
Drive d: (Storage) (Fixed) (Total:931.51 GB) (Free:890.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CEEBCC53)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 03ED3558)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================