[egor_ea]

Компьютер работает стабильно. Реклама больше не появлялась. Я думаю всё получилось. Спасибо за помошь!

[egor_ea]

Отчёт после сканирования AdwCleaner.

[egor_ea]

Файлы повторного сканирования — FRST.txt и Addition.txt

[egor_ea]

FIXLOG.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by George Woods (2016-03-01 21:57:18) Run:1
Running from C:UsersGeorge WoodsDownloads
Loaded Profiles: George Woods (Available Profiles: George Woods)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {0711BCB4-519F-436A-AFB0-DCFA0B88BF38} — MicrosoftWindowsSetupGWXTriggersOutOfIdle-5d -> No File <==== ATTENTION
Task: {43985174-0BEB-4B29-BDF0-CBCE9D38CA9D} — MicrosoftWindowsSetupGWXTriggersTime-5d -> No File <==== ATTENTION
Task: {44649F7C-94DF-4509-9E5F-903CA792CB3A} — MicrosoftWindowsSetupGWXTriggersMachineUnlock-5d -> No File <==== ATTENTION
Task: {70D37677-FA25-48A6-BA6A-A7899221AA58} — MicrosoftWindowsSetupgwxrefreshgwxcontent -> No File <==== ATTENTION
Task: {78A8176F-C38B-4721-9984-94BEAECF2A35} — MicrosoftWindowsSetupGWXTriggersOutOfSleep-5d -> No File <==== ATTENTION
Task: {7B8F8723-756B-464E-80D5-3C5F9DB47B4B} — MicrosoftWindowsSetupGWXTriggersTelemetry-4xd -> No File <==== ATTENTION
Task: {8007E6AB-72B5-454F-AE80-39C2A9656459} — System32TasksMS => hxxp://gangnamgame.org
Task: {9D641659-6718-40CF-829E-F600576F9989} — MicrosoftWindowsSetupgwxlaunchtrayprocess -> No File <==== ATTENTION
Task: {A04CA024-F101-47B2-AD19-30B5D02BC908} — MicrosoftWindowsSetupGWXTriggersLogon-5d -> No File <==== ATTENTION
Task: {ACAB6266-DF19-4F93-BDB2-A8C4B0CBC9B5} — MicrosoftWindowsSetupGWXTriggersrefreshgwxconfig-B -> No File <==== ATTENTION
Task: {CFE552F9-77B4-46E8-9BDE-A3BD113C7865} — MicrosoftWindowsSetupgwxrefreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DB7FE589-27F4-41C7-9506-3C9E0A5794FC} — MicrosoftWindowsSetupgwxrefreshgwxconfig -> No File <==== ATTENTION
EmptyTemp:
*****************

«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{0711BCB4-519F-436A-AFB0-DCFA0B88BF38}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{0711BCB4-519F-436A-AFB0-DCFA0B88BF38}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersOutOfIdle-5d» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{43985174-0BEB-4B29-BDF0-CBCE9D38CA9D}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{43985174-0BEB-4B29-BDF0-CBCE9D38CA9D}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersTime-5d» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{44649F7C-94DF-4509-9E5F-903CA792CB3A}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{44649F7C-94DF-4509-9E5F-903CA792CB3A}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersMachineUnlock-5d» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{70D37677-FA25-48A6-BA6A-A7899221AA58}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{70D37677-FA25-48A6-BA6A-A7899221AA58}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupgwxrefreshgwxcontent» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{78A8176F-C38B-4721-9984-94BEAECF2A35}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{78A8176F-C38B-4721-9984-94BEAECF2A35}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersOutOfSleep-5d» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{7B8F8723-756B-464E-80D5-3C5F9DB47B4B}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{7B8F8723-756B-464E-80D5-3C5F9DB47B4B}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersTelemetry-4xd» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheBoot{8007E6AB-72B5-454F-AE80-39C2A9656459}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{8007E6AB-72B5-454F-AE80-39C2A9656459}» => key removed successfully
C:WINDOWSSystem32TasksMS => moved successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMS» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheLogon{9D641659-6718-40CF-829E-F600576F9989}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{9D641659-6718-40CF-829E-F600576F9989}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupgwxlaunchtrayprocess» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheLogon{A04CA024-F101-47B2-AD19-30B5D02BC908}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{A04CA024-F101-47B2-AD19-30B5D02BC908}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersLogon-5d» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{ACAB6266-DF19-4F93-BDB2-A8C4B0CBC9B5}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{ACAB6266-DF19-4F93-BDB2-A8C4B0CBC9B5}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupGWXTriggersrefreshgwxconfig-B» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{CFE552F9-77B4-46E8-9BDE-A3BD113C7865}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{CFE552F9-77B4-46E8-9BDE-A3BD113C7865}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupgwxrefreshgwxconfigandcontent» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{DB7FE589-27F4-41C7-9506-3C9E0A5794FC}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{DB7FE589-27F4-41C7-9506-3C9E0A5794FC}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsSetupgwxrefreshgwxconfig» => key removed successfully
EmptyTemp: => 1 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:58:40 ====

[egor_ea]

Вот Addition.txt

[egor_ea]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-27 14:40 — 2016-02-27 14:40 — 00033324 _____ C:UsersGeorge WoodsDownloadsFRST.txt
2016-02-27 14:39 — 2016-02-27 14:39 — 02371072 _____ (Farbar) C:UsersGeorge WoodsDownloadsFRST64.exe
2016-02-27 12:48 — 2016-02-27 12:48 — 00000000 ___HD C:OneDriveTemp
2016-02-26 16:11 — 2016-02-26 16:11 — 00014268 _____ C:UsersGeorge WoodsDownloads[kat.cr]the.walking.dead.s06e10.1080p.web.dl.x265.hevc.aac.5.1.condo.torrent
2016-02-25 09:28 — 2016-02-25 09:28 — 00026550 _____ C:UsersGeorge WoodsDownloadsallbest-r-00024779.zip
2016-02-25 09:20 — 2016-02-25 09:20 — 00025995 _____ C:UsersGeorge WoodsDownloadsallbest-o-00139708.zip
2016-02-25 09:15 — 2016-02-25 09:15 — 07947005 _____ C:UsersGeorge WoodsDownloadsStudent_Employee.pdf
2016-02-24 19:43 — 2011-06-01 21:05 — 539334533 _____ C:UsersGeorge WoodsDesktopRaW MANUAL 1.1 Hi Final.pdf
2016-02-24 17:46 — 2016-02-24 19:22 — 374822507 _____ C:UsersGeorge WoodsDownloadsRaW_MANUAL_1.1_High_Res.zip
2016-02-16 22:24 — 2016-02-16 22:24 — 00029386 _____ C:UsersGeorge WoodsDesktopinfo.txt
2016-02-16 22:23 — 2016-02-16 22:28 — 00000000 ____D C:rsit
2016-02-16 22:23 — 2016-02-16 22:23 — 01107968 _____ C:UsersGeorge WoodsDownloadsRSIT.exe
2016-02-16 22:23 — 2016-02-16 22:23 — 00000000 ____D C:Program Files (x86)trend micro
2016-02-16 21:54 — 2016-02-27 12:48 — 00192216 _____ (Malwarebytes) C:WINDOWSsystem32DriversMBAMSwissArmy.sys
2016-02-16 21:54 — 2016-02-16 21:54 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2016-02-16 21:54 — 2016-02-16 21:54 — 00000000 ____D C:ProgramDataMalwarebytes
2016-02-16 21:54 — 2016-02-16 21:54 — 00000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2016-02-16 21:54 — 2015-10-05 09:50 — 00109272 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamchameleon.sys
2016-02-16 21:54 — 2015-10-05 09:50 — 00064216 _____ (Malwarebytes Corporation) C:WINDOWSsystem32Driversmwac.sys
2016-02-16 21:54 — 2015-10-05 09:50 — 00025816 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2016-02-16 21:53 — 2016-02-16 21:53 — 22908888 _____ (Malwarebytes ) C:UsersGeorge WoodsDownloadsmbam-setup-2.2.0.1024.exe
2016-02-16 21:47 — 2016-02-27 14:40 — 00000000 ____D C:FRST
2016-02-16 18:03 — 2016-02-16 18:04 — 00000000 ____D C:WINDOWSLastGood.Tmp
2016-02-16 18:03 — 2016-02-09 11:25 — 42983480 _____ C:WINDOWSsystem32nvcompiler.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 37616184 _____ C:WINDOWSSysWOW64nvcompiler.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 31119296 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvoglv64.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 24944064 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvoglv32.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 21201784 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvopencl.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 20741880 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuda.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 19779648 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvwgf2umx.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 17631304 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvopencl.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 17224664 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuda.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 17175248 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvwgf2um.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 17116936 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvd3dumx.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 14115136 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvd3dum.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 02541504 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcuvid.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 02187712 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvcuvid.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 01924152 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdispco6436191.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 01573432 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdispgenco6436191.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00950328 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvFBC64.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00882232 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFR64.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00786688 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncMFTH264.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00745408 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvFBC.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00689600 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFR.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00632336 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncMFTH264.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00423360 _____ (NVIDIA Corporation) C:WINDOWSsystem32NvIFROpenGL.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00379448 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64NvIFROpenGL.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00378968 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvEncodeAPI64.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00317144 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvEncodeAPI.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00175368 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvinitx.dll
2016-02-16 18:03 — 2016-02-09 11:25 — 00153392 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvinit.dll
2016-02-14 15:11 — 2016-02-14 15:11 — 00002216 _____ C:UsersPublicDesktopRepublic at War.lnk
2016-02-12 17:51 — 2016-02-12 17:51 — 00030794 _____ C:UsersGeorge WoodsDownloadsБрюки ACU-M.xlsx
2016-02-10 17:49 — 2016-01-29 09:57 — 04502352 _____ (Microsoft Corporation) C:WINDOWSexplorer.exe
2016-02-10 17:49 — 2016-01-29 09:33 — 04064320 _____ (Microsoft Corporation) C:WINDOWSSysWOW64explorer.exe
2016-02-10 17:49 — 2016-01-27 09:15 — 01557776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64KernelBase.dll
2016-02-10 17:49 — 2016-01-27 09:15 — 01542816 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ntdll.dll
2016-02-10 17:49 — 2016-01-27 09:01 — 07476064 _____ (Microsoft Corporation) C:WINDOWSsystem32ntoskrnl.exe
2016-02-10 17:49 — 2016-01-27 09:01 — 01997328 _____ (Microsoft Corporation) C:WINDOWSsystem32KernelBase.dll
2016-02-10 17:49 — 2016-01-27 09:01 — 01819720 _____ (Microsoft Corporation) C:WINDOWSsystem32ntdll.dll
2016-02-10 17:49 — 2016-01-27 08:59 — 00304752 _____ (Microsoft Corporation) C:WINDOWSsystem32systemreset.exe
2016-02-10 17:49 — 2016-01-27 08:57 — 02919320 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iertutil.dll
2016-02-10 17:49 — 2016-01-27 08:57 — 01824264 _____ (Microsoft Corporation) C:WINDOWSSysWOW64combase.dll
2016-02-10 17:49 — 2016-01-27 08:57 — 00820704 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WinTypes.dll
2016-02-10 17:49 — 2016-01-27 08:56 — 21124344 _____ (Microsoft Corporation) C:WINDOWSSysWOW64shell32.dll
2016-02-10 17:49 — 2016-01-27 08:55 — 05242496 _____ (Microsoft Corporation) C:WINDOWSSysWOW64windows.storage.dll
2016-02-10 17:49 — 2016-01-27 08:55 — 00081112 _____ (Microsoft Corporation) C:WINDOWSSysWOW64OpenWith.exe
2016-02-10 17:49 — 2016-01-27 08:54 — 00295264 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msv1_0.dll
2016-02-10 17:49 — 2016-01-27 08:46 — 02606824 _____ (Microsoft Corporation) C:WINDOWSsystem32combase.dll
2016-02-10 17:49 — 2016-01-27 08:46 — 01270072 _____ (Microsoft Corporation) C:WINDOWSsystem32WinTypes.dll
2016-02-10 17:49 — 2016-01-27 08:45 — 22564328 _____ (Microsoft Corporation) C:WINDOWSsystem32shell32.dll
2016-02-10 17:49 — 2016-01-27 08:45 — 06605544 _____ (Microsoft Corporation) C:WINDOWSsystem32windows.storage.dll
2016-02-10 17:49 — 2016-01-27 08:44 — 00604928 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverscng.sys
2016-02-10 17:49 — 2016-01-27 08:44 — 00085320 _____ (Microsoft Corporation) C:WINDOWSsystem32OpenWith.exe
2016-02-10 17:49 — 2016-01-27 08:43 — 00359776 _____ (Microsoft Corporation) C:WINDOWSsystem32msv1_0.dll
2016-02-10 17:49 — 2016-01-27 08:37 — 01998176 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversdxgkrnl.sys
2016-02-10 17:49 — 2016-01-27 08:37 — 00576352 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversdxgmms2.sys
2016-02-10 17:49 — 2016-01-27 08:21 — 00162816 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msorcl32.dll
2016-02-10 17:49 — 2016-01-27 08:15 — 00031232 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ztrace_maps.dll
2016-02-10 17:49 — 2016-01-27 08:13 — 00065536 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wininetlui.dll
2016-02-10 17:49 — 2016-01-27 08:12 — 00045568 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jsproxy.dll
2016-02-10 17:49 — 2016-01-27 08:11 — 00118272 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mtxoci.dll
2016-02-10 17:49 — 2016-01-27 08:10 — 22394368 _____ (Microsoft Corporation) C:WINDOWSsystem32edgehtml.dll
2016-02-10 17:49 — 2016-01-27 08:10 — 00099840 _____ (Microsoft Corporation) C:WINDOWSSysWOW64hlink.dll
2016-02-10 17:49 — 2016-01-27 08:08 — 00299008 _____ (Microsoft Corporation) C:WINDOWSsystem32microsoft-windows-system-events.dll
2016-02-10 17:49 — 2016-01-27 08:08 — 00036864 _____ (Microsoft Corporation) C:WINDOWSsystem32ztrace_maps.dll
2016-02-10 17:49 — 2016-01-27 08:07 — 00203264 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iassam.dll
2016-02-10 17:49 — 2016-01-27 08:05 — 19339776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.dll
2016-02-10 17:49 — 2016-01-27 08:05 — 18678272 _____ (Microsoft Corporation) C:WINDOWSSysWOW64edgehtml.dll
2016-02-10 17:49 — 2016-01-27 08:05 — 00069632 _____ (Microsoft Corporation) C:WINDOWSsystem32wininetlui.dll
2016-02-10 17:49 — 2016-01-27 08:05 — 00052224 _____ (Microsoft Corporation) C:WINDOWSsystem32jsproxy.dll
2016-02-10 17:49 — 2016-01-27 08:04 — 09918976 _____ (Microsoft Corporation) C:WINDOWSSysWOW64twinui.dll
2016-02-10 17:49 — 2016-01-27 08:04 — 00147456 _____ (Microsoft Corporation) C:WINDOWSsystem32mtxoci.dll
2016-02-10 17:49 — 2016-01-27 08:03 — 00099328 _____ (Microsoft Corporation) C:WINDOWSsystem32ngckeyenum.dll
2016-02-10 17:49 — 2016-01-27 08:02 — 00109056 _____ (Microsoft Corporation) C:WINDOWSsystem32hlink.dll
2016-02-10 17:49 — 2016-01-27 08:01 — 00792064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64kerberos.dll
2016-02-10 17:49 — 2016-01-27 07:59 — 00258048 _____ (Microsoft Corporation) C:WINDOWSsystem32iassam.dll
2016-02-10 17:49 — 2016-01-27 07:58 — 11545088 _____ (Microsoft Corporation) C:WINDOWSsystem32twinui.dll
2016-02-10 17:49 — 2016-01-27 07:57 — 00764928 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakradiag.dll
2016-02-10 17:49 — 2016-01-27 07:55 — 12125696 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ieframe.dll
2016-02-10 17:49 — 2016-01-27 07:55 — 03666432 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript9.dll
2016-02-10 17:49 — 2016-01-27 07:54 — 24603136 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.dll
2016-02-10 17:49 — 2016-01-27 07:52 — 00970752 _____ (Microsoft Corporation) C:WINDOWSsystem32kerberos.dll
2016-02-10 17:49 — 2016-01-27 07:50 — 02230784 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wininet.dll
2016-02-10 17:49 — 2016-01-27 07:50 — 01504768 _____ (Microsoft Corporation) C:WINDOWSSysWOW64urlmon.dll
2016-02-10 17:49 — 2016-01-27 07:50 — 00144384 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversmrxdav.sys
2016-02-10 17:49 — 2016-01-27 07:49 — 05662208 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Chakra.dll
2016-02-10 17:49 — 2016-01-27 07:48 — 13382656 _____ (Microsoft Corporation) C:WINDOWSsystem32ieframe.dll
2016-02-10 17:49 — 2016-01-27 07:44 — 00063488 _____ (Microsoft Corporation) C:WINDOWSSysWOW64cfgbkend.dll
2016-02-10 17:49 — 2016-01-27 07:42 — 01387520 _____ (Microsoft Corporation) C:WINDOWSsystem32lsasrv.dll
2016-02-10 17:49 — 2016-01-27 07:41 — 03592704 _____ (Microsoft Corporation) C:WINDOWSsystem32win32kfull.sys
2016-02-10 17:49 — 2016-01-27 07:39 — 02275328 _____ (Microsoft Corporation) C:WINDOWSsystem32wuaueng.dll
2016-02-10 17:49 — 2016-01-27 07:38 — 07835648 _____ (Microsoft Corporation) C:WINDOWSsystem32Chakra.dll
2016-02-10 17:49 — 2016-01-27 07:38 — 01734656 _____ (Microsoft Corporation) C:WINDOWSsystem32urlmon.dll
2016-02-10 17:49 — 2016-01-27 07:37 — 04894720 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript9.dll
2016-02-10 17:49 — 2016-01-27 07:36 — 02757120 _____ (Microsoft Corporation) C:WINDOWSsystem32wininet.dll
2016-02-10 17:49 — 2016-01-27 07:32 — 01087488 _____ (Microsoft Corporation) C:WINDOWSsystem32reseteng.dll
2016-02-10 17:49 — 2016-01-27 07:31 — 00079360 _____ (Microsoft Corporation) C:WINDOWSsystem32cfgbkend.dll
2016-02-08 16:41 — 2016-02-08 16:41 — 12363444 _____ C:UsersGeorge WoodsDownloadsICWv21Manual.pdf
2016-02-08 16:39 — 2016-02-08 16:39 — 02148259 _____ C:UsersGeorge WoodsDownloadsImperial Civil War 2.1 Manual download — Mod DB.pdf
2016-02-08 08:51 — 2016-02-08 08:51 — 00000020 _____ C:UsersGeorge WoodsDesktopNew WinRAR archive.rar
2016-02-07 15:37 — 2016-01-23 06:31 — 01924152 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdispco6436175.dll
2016-02-07 15:37 — 2016-01-23 06:31 — 01571776 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvdispgenco6436175.dll
2016-02-07 15:29 — 2016-02-07 15:29 — 00000651 _____ C:UsersPublicDesktopVLC media player.lnk
2016-02-07 15:25 — 2016-01-12 07:40 — 00112032 _____ C:WINDOWSsystem32NvRtmpStreamer64.dll
2016-02-07 15:21 — 2016-02-07 15:21 — 00398152 _____ (AVAST Software) C:WINDOWSsystem32aswBoot.exe
2016-02-07 15:21 — 2016-02-07 15:21 — 00052184 _____ (AVAST Software) C:WINDOWSavastSS.scr
2016-02-07 15:13 — 2016-02-16 21:52 — 00000000 ____D C:AdwCleaner
2016-02-06 08:06 — 2016-02-06 08:06 — 00027136 _____ C:UsersGeorge WoodsDownloadsPeresdachi_Fmoeu.xls
2016-02-06 08:05 — 2016-02-06 08:05 — 00038834 _____ C:UsersGeorge WoodsDownloadsKurs_2.xlsx
2016-01-29 16:15 — 2015-07-07 03:03 — 00000000 ____D C:UsersGeorge WoodsDesktopSCREENS
2016-01-29 14:48 — 2016-01-29 14:48 — 00019907 _____ C:UsersGeorge WoodsDownloadsNativeUI.zip
2016-01-29 13:44 — 2016-01-29 13:45 — 04235264 _____ (New Technology Studio) C:UsersGeorge WoodsDownloadsovisetup (1).exe
2016-01-29 12:54 — 2015-08-23 15:35 — 00031346 _____ C:UsersGeorge WoodsDesktopCheckpoint 4.xml
2016-01-29 12:29 — 2015-09-01 16:49 — 00244548 _____ C:UsersGeorge WoodsDesktopRockford Hills.xml
2016-01-29 12:10 — 2016-01-16 09:37 — 00202472 _____ (Microsoft Corporation) C:WINDOWSsystem32wscapi.dll
2016-01-29 12:10 — 2016-01-16 09:36 — 01173344 _____ (Microsoft Corporation) C:WINDOWSsystem32aeinv.dll
2016-01-29 12:10 — 2016-01-16 09:36 — 00713568 _____ (Microsoft Corporation) C:WINDOWSsystem32invagent.dll
2016-01-29 12:10 — 2016-01-16 09:34 — 00513888 _____ (Microsoft Corporation) C:WINDOWSsystem32devinv.dll
2016-01-29 12:10 — 2016-01-16 09:24 — 00538632 _____ (Microsoft Corporation) C:WINDOWSsystem32WWanAPI.dll
2016-01-29 12:10 — 2016-01-16 09:23 — 08728920 _____ (Microsoft Corp.) C:WINDOWSsystem32Windows.Media.Protection.PlayReady.dll
2016-01-29 12:10 — 2016-01-16 09:23 — 00848160 _____ (Microsoft Corporation) C:WINDOWSsystem32mfsvr.dll
2016-01-29 12:10 — 2016-01-16 09:23 — 00785088 _____ (Microsoft Corporation) C:WINDOWSsystem32evr.dll
2016-01-29 12:10 — 2016-01-16 09:23 — 00536256 _____ (Microsoft Corporation) C:WINDOWSsystem32AudioSes.dll
2016-01-29 12:10 — 2016-01-16 09:23 — 00408120 _____ (Microsoft Corporation) C:WINDOWSsystem32AUDIOKSE.dll
2016-01-29 12:10 — 2016-01-16 09:23 — 00369912 _____ (Microsoft Corporation) C:WINDOWSsystem32audiodg.exe
2016-01-29 12:10 — 2016-01-16 09:21 — 01750440 _____ (Microsoft Corporation) C:WINDOWSsystem32WpcMon.exe
2016-01-29 12:10 — 2016-01-16 09:20 — 06971752 _____ (Microsoft Corp.) C:WINDOWSSysWOW64Windows.Media.Protection.PlayReady.dll
2016-01-29 12:10 — 2016-01-16 09:20 — 00652312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64evr.dll
2016-01-29 12:10 — 2016-01-16 09:20 — 00431240 _____ (Microsoft Corporation) C:WINDOWSSysWOW64WWanAPI.dll
2016-01-29 12:10 — 2016-01-16 09:20 — 00366224 _____ (Microsoft Corporation) C:WINDOWSSysWOW64AUDIOKSE.dll
2016-01-29 12:10 — 2016-01-16 09:19 — 00709688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mfsvr.dll
2016-01-29 12:10 — 2016-01-16 09:19 — 00405568 _____ (Microsoft Corporation) C:WINDOWSSysWOW64AudioSes.dll
2016-01-29 12:10 — 2016-01-16 09:12 — 01415200 _____ (Microsoft Corporation) C:WINDOWSsystem32msctf.dll
2016-01-29 12:10 — 2016-01-16 09:09 — 01089880 _____ (Microsoft Corporation) C:WINDOWSsystem32Drivershttp.sys
2016-01-29 12:10 — 2016-01-16 09:08 — 01174008 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msctf.dll
2016-01-29 12:10 — 2016-01-16 09:08 — 00440152 _____ (Microsoft Corporation) C:WINDOWSsystem32services.exe
2016-01-29 12:10 — 2016-01-16 08:46 — 00067072 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversusbser.sys
2016-01-29 12:10 — 2016-01-16 08:45 — 16986112 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.UI.Xaml.dll
2016-01-29 12:10 — 2016-01-16 08:44 — 00166400 _____ (Microsoft Corporation) C:WINDOWSsystem32MusNotification.exe
2016-01-29 12:10 — 2016-01-16 08:44 — 00017408 _____ (Microsoft Corporation) C:WINDOWSsystem32rasadhlp.dll
2016-01-29 12:10 — 2016-01-16 08:44 — 00013824 _____ (Microsoft Corporation) C:WINDOWSsystem32rastlsext.dll
2016-01-29 12:10 — 2016-01-16 08:43 — 00097280 _____ (Microsoft Corporation) C:WINDOWSsystem32winhttpcom.dll
2016-01-29 12:10 — 2016-01-16 08:42 — 00120320 _____ (Microsoft Corporation) C:WINDOWSsystem32MapsBtSvc.dll
2016-01-29 12:10 — 2016-01-16 08:42 — 00013824 _____ (Microsoft Corporation) C:WINDOWSsystem32sscoreext.dll
2016-01-29 12:10 — 2016-01-16 08:41 — 00055296 _____ (Microsoft Corporation) C:WINDOWSsystem32MusNotificationUx.exe
2016-01-29 12:10 — 2016-01-16 08:40 — 00106496 _____ (Microsoft Corporation) C:WINDOWSsystem32rasauto.dll
2016-01-29 12:10 — 2016-01-16 08:40 — 00049152 _____ (Microsoft Corporation) C:WINDOWSsystem32pcaui.exe
2016-01-29 12:10 — 2016-01-16 08:40 — 00019456 _____ (Microsoft Corporation) C:WINDOWSsystem32rasautou.exe
2016-01-29 12:10 — 2016-01-16 08:39 — 00149504 _____ (Microsoft Corporation) C:WINDOWSsystem32FilterDS.dll
2016-01-29 12:10 — 2016-01-16 08:38 — 07979008 _____ (Microsoft Corporation) C:WINDOWSsystem32mos.dll
2016-01-29 12:10 — 2016-01-16 08:38 — 00406528 _____ (Microsoft Corporation) C:WINDOWSsystem32MusUpdateHandlers.dll
2016-01-29 12:10 — 2016-01-16 08:38 — 00193024 _____ (Microsoft Corporation) C:WINDOWSsystem32SimCfg.dll
2016-01-29 12:10 — 2016-01-16 08:38 — 00130560 _____ (Microsoft Corporation) C:WINDOWSsystem32winbio.dll
2016-01-29 12:10 — 2016-01-16 08:37 — 00617984 _____ (Microsoft Corporation) C:WINDOWSsystem32StorSvc.dll
2016-01-29 12:10 — 2016-01-16 08:37 — 00274944 _____ (Microsoft Corporation) C:WINDOWSsystem32DisplayManager.dll
2016-01-29 12:10 — 2016-01-16 08:37 — 00190464 _____ (Microsoft Corporation) C:WINDOWSsystem32wscsvc.dll
2016-01-29 12:10 — 2016-01-16 08:37 — 00073728 _____ (Microsoft Corporation) C:WINDOWSsystem32SMSRouter.dll
2016-01-29 12:10 — 2016-01-16 08:36 — 00638464 _____ (Microsoft Corporation) C:WINDOWSsystem32enterprisecsps.dll
2016-01-29 12:10 — 2016-01-16 08:36 — 00475648 _____ (Microsoft Corporation) C:WINDOWSsystem32DDDS.dll
2016-01-29 12:10 — 2016-01-16 08:36 — 00221696 _____ (Microsoft Corporation) C:WINDOWSsystem32ie4uinit.exe
2016-01-29 12:10 — 2016-01-16 08:36 — 00160768 _____ (Microsoft Corporation) C:WINDOWSsystem32SimAuth.dll
2016-01-29 12:10 — 2016-01-16 08:36 — 00011776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rastlsext.dll
2016-01-29 12:10 — 2016-01-16 08:35 — 13018624 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.UI.Xaml.dll
2016-01-29 12:10 — 2016-01-16 08:35 — 00383488 _____ (Microsoft Corporation) C:WINDOWSsystem32iedkcs32.dll
2016-01-29 12:10 — 2016-01-16 08:35 — 00013312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rasadhlp.dll
2016-01-29 12:10 — 2016-01-16 08:34 — 00610816 _____ (Microsoft Corporation) C:WINDOWSsystem32rastls.dll
2016-01-29 12:10 — 2016-01-16 08:34 — 00590848 _____ (Microsoft Corporation) C:WINDOWSsystem32SmsRouterSvc.dll
2016-01-29 12:10 — 2016-01-16 08:34 — 00477696 _____ (Microsoft Corporation) C:WINDOWSsystem32srcore.dll
2016-01-29 12:10 — 2016-01-16 08:34 — 00275456 _____ (Microsoft Corporation) C:WINDOWSsystem32AudioEndpointBuilder.dll
2016-01-29 12:10 — 2016-01-16 08:34 — 00079360 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winhttpcom.dll
2016-01-29 12:10 — 2016-01-16 08:33 — 00726528 _____ (Microsoft Corporation) C:WINDOWSsystem32wlidcli.dll
2016-01-29 12:10 — 2016-01-16 08:33 — 00574976 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 12:10 — 2016-01-16 08:33 — 00087040 _____ (Microsoft Corporation) C:WINDOWSSysWOW64MapsBtSvc.dll
2016-01-29 12:10 — 2016-01-16 08:32 — 00621568 _____ (Microsoft Corporation) C:WINDOWSsystem32wbiosrvc.dll
2016-01-29 12:10 — 2016-01-16 08:32 — 00041984 _____ (Microsoft Corporation) C:WINDOWSSysWOW64pcaui.exe
2016-01-29 12:10 — 2016-01-16 08:31 — 00851456 _____ (Microsoft Corporation) C:WINDOWSsystem32MapsStore.dll
2016-01-29 12:10 — 2016-01-16 08:31 — 00794112 _____ (Microsoft Corporation) C:WINDOWSsystem32winhttp.dll
2016-01-29 12:10 — 2016-01-16 08:31 — 00440320 _____ (Microsoft Corporation) C:WINDOWSsystem32CredProvDataModel.dll
2016-01-29 12:10 — 2016-01-16 08:31 — 00343552 _____ (Microsoft Corporation) C:WINDOWSsystem32SensorsApi.dll
2016-01-29 12:10 — 2016-01-16 08:31 — 00017408 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rasautou.exe
2016-01-29 12:10 — 2016-01-16 08:30 — 02127360 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl
2016-01-29 12:10 — 2016-01-16 08:30 — 01053696 _____ (Microsoft Corporation) C:WINDOWSsystem32audiosrv.dll
2016-01-29 12:10 — 2016-01-16 08:30 — 00784384 _____ (Microsoft Corporation) C:WINDOWSsystem32msfeeds.dll
2016-01-29 12:10 — 2016-01-16 08:30 — 00157696 _____ (Microsoft Corporation) C:WINDOWSSysWOW64SimCfg.dll
2016-01-29 12:10 — 2016-01-16 08:30 — 00093696 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winbio.dll
2016-01-29 12:10 — 2016-01-16 08:29 — 01500672 _____ (Microsoft Corporation) C:WINDOWSsystem32RecoveryDrive.exe
2016-01-29 12:10 — 2016-01-16 08:29 — 00200704 _____ (Microsoft Corporation) C:WINDOWSSysWOW64DisplayManager.dll
2016-01-29 12:10 — 2016-01-16 08:28 — 02624512 _____ (Microsoft Corporation) C:WINDOWSsystem32InputService.dll
2016-01-29 12:10 — 2016-01-16 08:28 — 01318912 _____ (Microsoft Corporation) C:WINDOWSsystem32wifinetworkmanager.dll
2016-01-29 12:10 — 2016-01-16 08:28 — 00884736 _____ (Microsoft Corporation) C:WINDOWSsystem32rasdlg.dll
2016-01-29 12:10 — 2016-01-16 08:28 — 00129024 _____ (Microsoft Corporation) C:WINDOWSSysWOW64SimAuth.dll
2016-01-29 12:10 — 2016-01-16 08:27 — 00335872 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iedkcs32.dll
2016-01-29 12:10 — 2016-01-16 08:26 — 00535040 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rastls.dll
2016-01-29 12:10 — 2016-01-16 08:26 — 00345600 _____ (Microsoft Corporation) C:WINDOWSsystem32TextInputFramework.dll
2016-01-29 12:10 — 2016-01-16 08:26 — 00260608 _____ C:WINDOWSsystem32MTFServer.dll
2016-01-29 12:10 — 2016-01-16 08:26 — 00175616 _____ (Microsoft Corporation) C:WINDOWSsystem32Windows.UI.Core.TextInput.dll
2016-01-29 12:10 — 2016-01-16 08:25 — 00510976 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wlidcli.dll
2016-01-29 12:10 — 2016-01-16 08:25 — 00457728 _____ (Microsoft Corporation) C:WINDOWSsystem32ipnathlp.dll
2016-01-29 12:10 — 2016-01-16 08:25 — 00235008 _____ C:WINDOWSsystem32MTF.dll
2016-01-29 12:10 — 2016-01-16 08:24 — 02057216 _____ (Microsoft Corporation) C:WINDOWSsystem32wlidsvc.dll
2016-01-29 12:10 — 2016-01-16 08:24 — 00613888 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winhttp.dll
2016-01-29 12:10 — 2016-01-16 08:24 — 00350720 _____ (Microsoft Corporation) C:WINDOWSSysWOW64CredProvDataModel.dll
2016-01-29 12:10 — 2016-01-16 08:24 — 00273408 _____ (Microsoft Corporation) C:WINDOWSSysWOW64SensorsApi.dll
2016-01-29 12:10 — 2016-01-16 08:23 — 02050048 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl
2016-01-29 12:10 — 2016-01-16 08:23 — 00687616 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msfeeds.dll
2016-01-29 12:10 — 2016-01-16 08:21 — 06297088 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mos.dll
2016-01-29 12:10 — 2016-01-16 08:20 — 07199232 _____ (Microsoft Corporation) C:WINDOWSsystem32BingMaps.dll
2016-01-29 12:10 — 2016-01-16 08:20 — 02597888 _____ (Microsoft Corporation) C:WINDOWSsystem32NetworkMobileSettings.dll
2016-01-29 12:10 — 2016-01-16 08:20 — 01944576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64InputService.dll
2016-01-29 12:10 — 2016-01-16 08:20 — 00799744 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rasdlg.dll
2016-01-29 12:10 — 2016-01-16 08:19 — 00733184 _____ (Microsoft Corporation) C:WINDOWSsystem32rasapi32.dll
2016-01-29 12:10 — 2016-01-16 08:19 — 00245760 _____ (Microsoft Corporation) C:WINDOWSSysWOW64TextInputFramework.dll
2016-01-29 12:10 — 2016-01-16 08:19 — 00162816 _____ C:WINDOWSSysWOW64MTF.dll
2016-01-29 12:10 — 2016-01-16 08:19 — 00133632 _____ (Microsoft Corporation) C:WINDOWSSysWOW64Windows.UI.Core.TextInput.dll
2016-01-29 12:10 — 2016-01-16 08:18 — 01674240 _____ (Microsoft Corporation) C:WINDOWSsystem32quartz.dll
2016-01-29 12:10 — 2016-01-16 08:17 — 05503488 _____ (Microsoft Corporation) C:WINDOWSsystem32d2d1.dll
2016-01-29 12:10 — 2016-01-16 08:16 — 05202944 _____ (Microsoft Corporation) C:WINDOWSSysWOW64BingMaps.dll
2016-01-29 12:10 — 2016-01-16 08:16 — 01542656 _____ (Microsoft Corporation) C:WINDOWSSysWOW64quartz.dll
2016-01-29 12:10 — 2016-01-16 08:15 — 04759040 _____ (Microsoft Corporation) C:WINDOWSSysWOW64d2d1.dll
2016-01-29 12:10 — 2016-01-16 08:14 — 01946624 _____ (Microsoft Corporation) C:WINDOWSsystem32dwmcore.dll
2016-01-29 12:10 — 2016-01-16 08:14 — 01626624 _____ (Microsoft Corporation) C:WINDOWSSysWOW64dwmcore.dll
2016-01-29 12:10 — 2016-01-16 08:11 — 00653312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rasapi32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-27 14:38 — 2016-01-26 13:35 — 00000000 ____D C:UsersGeorge WoodsAppDataLocalCrashDumps
2016-02-27 14:06 — 2014-12-13 14:54 — 00000830 _____ C:WINDOWSTasksAdobe Flash Player Updater.job
2016-02-27 14:05 — 2014-11-04 22:53 — 00000000 ____D C:UsersGeorge WoodsAppDataLocalPackages
2016-02-27 13:23 — 2015-11-02 20:17 — 00000446 _____ C:WINDOWSTasksОбновление Браузера Яндекс .job
2016-02-27 12:52 — 2015-11-29 14:56 — 00004170 _____ C:WINDOWSSystem32TasksUser_Feed_Synchronization-{07556339-E7B6-46CA-AB09-3D12D078CCDF}
2016-02-27 12:51 — 2015-05-11 13:59 — 00003544 _____ C:WINDOWSSystem32TasksASUS Live Update1
2016-02-27 12:51 — 2015-05-11 13:59 — 00003534 _____ C:WINDOWSSystem32TasksASUS Live Update2
2016-02-27 12:48 — 2016-01-16 20:57 — 00000000 ____D C:ProgramDataASUS Smart Gesture
2016-02-27 12:48 — 2016-01-14 09:07 — 00000165 _____ C:UsersGeorge WoodsAppDataRoamingsp_data.sys
2016-02-27 12:48 — 2015-12-20 03:45 — 00000180 _____ C:WINDOWSsystem32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-27 12:48 — 2015-11-07 19:15 — 00000000 __SHD C:UsersGeorge WoodsIntelGraphicsProfiles
2016-02-27 12:48 — 2015-10-09 18:20 — 00000000 __RDO C:UsersGeorge WoodsOneDrive
2016-02-26 22:53 — 2015-09-29 10:20 — 00000436 _____ C:WINDOWSTasksYandex.Browser update.job
2016-02-26 22:51 — 2015-09-26 16:51 — 00000446 _____ C:WINDOWSTasksОбновление Браузера Яндекс.job
2016-02-26 20:55 — 2014-11-07 14:59 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingSkype
2016-02-26 17:23 — 2014-11-07 20:06 — 00000000 ____D C:UsersGeorge WoodsAppDataRoaminguTorrent
2016-02-26 15:16 — 2015-10-30 10:24 — 00000000 ___HD C:Program FilesWindowsApps
2016-02-26 15:16 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSAppReadiness
2016-02-25 21:55 — 2015-12-20 03:47 — 00000000 ____D C:UsersGeorge Woods
2016-02-25 17:57 — 2015-11-07 19:15 — 00879220 _____ C:WINDOWSsystem32PerfStringBackup.INI
2016-02-25 17:57 — 2015-10-30 10:21 — 00000000 ____D C:WINDOWSINF
2016-02-25 17:50 — 2015-12-20 03:51 — 00000006 ____H C:WINDOWSTasksSA.DAT
2016-02-25 09:32 — 2015-12-12 22:11 — 00000000 ____D C:UsersGeorge WoodsDownloadsPic
2016-02-23 17:39 — 2014-11-04 23:29 — 00463744 _____ (AVAST Software) C:WINDOWSsystem32Driversaswsp.sys
2016-02-20 18:10 — 2015-02-12 22:34 — 00000000 ___RD C:UsersGeorge WoodsDesktop2015
2016-02-16 22:03 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSbcastdvr
2016-02-16 22:03 — 2015-10-30 09:28 — 02621440 ___SH C:WINDOWSsystem32configBBI
2016-02-16 21:36 — 2015-06-19 09:42 — 00000000 ____D C:Program Files (x86)NCH Software
2016-02-16 19:52 — 2015-11-03 17:17 — 00002457 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2016-02-16 19:39 — 2014-11-04 23:30 — 00004276 _____ C:WINDOWSSystem32Tasksavast! Emergency Update
2016-02-16 18:04 — 2015-12-20 03:46 — 00000000 ____D C:ProgramDataNVIDIA
2016-02-16 17:11 — 2015-04-27 15:52 — 00000000 ____D C:UsersGeorge WoodsAppDataLocalSteam
2016-02-14 14:34 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSrescache
2016-02-14 10:16 — 2014-11-05 00:10 — 00000000 ____D C:WINDOWSsystem32MRT
2016-02-14 10:13 — 2014-11-05 00:10 — 146614896 _____ (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2016-02-12 16:29 — 2015-09-10 08:27 — 00000000 __RHD C:UsersPublicAccountPictures
2016-02-11 22:58 — 2015-10-30 12:05 — 00000000 ____D C:Program FilesWindows Journal
2016-02-11 19:35 — 2015-10-30 10:11 — 00000000 ____D C:WINDOWSCbsTemp
2016-02-10 15:21 — 2014-11-04 23:29 — 00287016 _____ (AVAST Software) C:WINDOWSsystem32Driversaswvmm.sys
2016-02-10 09:27 — 2015-07-13 20:45 — 12478528 _____ (NVIDIA Corporation) C:WINDOWSsystem32Driversnvlddmkm.sys
2016-02-09 17:31 — 2014-11-05 00:26 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam
2016-02-09 11:25 — 2015-07-13 20:45 — 03649576 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvapi64.dll
2016-02-09 11:25 — 2015-07-13 20:45 — 03231544 _____ (NVIDIA Corporation) C:WINDOWSSysWOW64nvapi.dll
2016-02-09 11:25 — 2015-07-13 20:45 — 00035832 _____ C:WINDOWSsystem32nvinfo.pb
2016-02-09 08:29 — 2015-12-20 03:46 — 06368824 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvcpl.dll
2016-02-09 08:29 — 2015-12-20 03:46 — 02992064 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvsvc64.dll
2016-02-09 08:29 — 2015-12-20 03:46 — 02561472 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvsvcr.dll
2016-02-09 08:29 — 2015-12-20 03:46 — 01263040 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvvsvc.exe
2016-02-09 08:29 — 2015-12-20 03:46 — 00530368 _____ (NVIDIA Corporation) C:WINDOWSsystem32nv3dappshext.dll
2016-02-09 08:29 — 2015-12-20 03:46 — 00392128 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvmctray.dll
2016-02-09 08:29 — 2015-12-20 03:46 — 00083512 _____ (NVIDIA Corporation) C:WINDOWSsystem32nv3dappshextr.dll
2016-02-09 08:29 — 2015-12-20 03:46 — 00071224 _____ (NVIDIA Corporation) C:WINDOWSsystem32nvshext.dll
2016-02-07 16:17 — 2014-11-04 23:30 — 00000000 ____D C:WINDOWSSysWOW64vbox
2016-02-07 16:17 — 2014-11-04 23:30 — 00000000 ____D C:WINDOWSsystem32vbox
2016-02-07 15:37 — 2015-12-20 03:45 — 00000000 ____D C:Program FilesNVIDIA Corporation
2016-02-07 15:36 — 2014-11-07 14:59 — 00000000 ____D C:ProgramDataSkype
2016-02-07 15:35 — 2014-11-07 14:59 — 00000000 ___RD C:Program Files (x86)Skype
2016-02-07 15:33 — 2014-11-18 17:51 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
2016-02-07 15:33 — 2014-11-18 17:51 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWinRAR
2016-02-07 15:33 — 2014-11-11 22:03 — 00000000 ____D C:Program Files (x86)Mozilla Firefox
2016-02-07 15:32 — 2015-11-13 12:31 — 00000000 ____D C:UsersGeorge Woods.oracle_jre_usage
2016-02-07 15:32 — 2015-03-07 16:26 — 00110176 _____ (Oracle Corporation) C:WINDOWSsystem32WindowsAccessBridge-64.dll
2016-02-07 15:32 — 2015-03-07 16:26 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava
2016-02-07 15:31 — 2015-03-07 16:26 — 00000000 ____D C:Program FilesJava
2016-02-07 15:28 — 2015-12-06 12:44 — 00000000 ____D C:Program FilesKMSpico
2016-02-07 15:25 — 2015-12-20 03:45 — 00000000 ____D C:ProgramDataNVIDIA Corporation
2016-02-07 15:25 — 2014-11-04 23:42 — 00000000 ____D C:Program Files (x86)NVIDIA Corporation
2016-02-07 15:25 — 2014-11-04 22:53 — 00000000 ____D C:UsersGeorge WoodsAppDataLocalNVIDIA
2016-02-07 15:21 — 2014-11-04 23:29 — 00165344 _____ (AVAST Software) C:WINDOWSsystem32DriversaswStm.sys
2016-02-07 15:21 — 2014-11-04 23:29 — 00107792 _____ (AVAST Software) C:WINDOWSsystem32DriversaswMonFlt.sys
2016-02-07 15:21 — 2014-11-04 23:29 — 00103064 _____ (AVAST Software) C:WINDOWSsystem32DriversaswRdr2.sys
2016-02-07 15:21 — 2014-11-04 23:29 — 00074544 _____ (AVAST Software) C:WINDOWSsystem32DriversaswRvrt.sys
2016-02-07 15:21 — 2014-11-04 23:29 — 00037656 _____ (AVAST Software) C:WINDOWSsystem32DriversaswHwid.sys
2016-02-07 15:20 — 2015-08-27 13:58 — 00154024 _____ (AVAST Software) C:WINDOWSsystem32Driversngvss.sys
2016-02-07 15:20 — 2014-11-04 23:29 — 01065720 _____ (AVAST Software) C:WINDOWSsystem32DriversaswSnx.sys
2016-02-07 15:15 — 2015-06-01 16:43 — 00001081 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsОperа.lnk
2016-02-07 15:15 — 2015-06-01 16:43 — 00001079 _____ C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsIntеrnet Еxрlorеr.lnk
2016-02-07 15:15 — 2015-05-11 14:09 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsShards of War
2016-02-07 15:15 — 2015-04-08 18:39 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWorld of Warships
2016-02-07 15:15 — 2015-03-07 16:43 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsMinecraft
2016-02-07 15:15 — 2015-02-15 21:30 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome
2016-02-07 15:15 — 2015-02-15 20:41 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsYandex
2016-02-07 14:39 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSsystem32NDF
2016-02-06 17:58 — 2015-12-20 03:46 — 06154909 _____ C:WINDOWSsystem32nvcoproc.bin
2016-02-05 18:59 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSModemLogs
2016-02-03 22:01 — 2015-10-30 10:26 — 00828920 _____ (Adobe Systems Incorporated) C:WINDOWSSysWOW64FlashPlayerApp.exe
2016-02-03 22:01 — 2015-10-30 10:26 — 00176632 _____ (Adobe Systems Incorporated) C:WINDOWSSysWOW64FlashPlayerCPLApp.cpl
2016-02-03 16:01 — 2014-11-06 04:35 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingvlc
2016-02-03 10:11 — 2015-11-07 19:17 — 00002390 _____ C:UsersGeorge WoodsAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2016-01-30 12:34 — 2015-10-30 10:24 — 00000000 ___SD C:WINDOWSsystem32F12
2016-01-30 12:34 — 2015-10-30 10:24 — 00000000 ___RD C:WINDOWSPurchaseDialog
2016-01-30 12:34 — 2015-10-30 10:24 — 00000000 ___RD C:WINDOWSImmersiveControlPanel
2016-01-30 12:34 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSsystem32WinBioPlugIns
2016-01-30 12:34 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSsystem32oobe
2016-01-30 12:34 — 2015-10-30 10:24 — 00000000 ____D C:WINDOWSsystem32appraiser
2016-01-29 16:40 — 2016-01-27 13:24 — 00000000 ____D C:UsersGeorge WoodsAppDataRoamingGTAV Enhanced Native Trainer
2016-01-29 12:51 — 2016-01-26 09:11 — 00000000 ____D C:UsersGeorge WoodsDesktopbackup

==================== Files in the root of some directories =======

2016-01-14 09:07 — 2016-02-27 12:48 — 0000165 _____ () C:UsersGeorge WoodsAppDataRoamingsp_data.sys
2015-11-26 20:05 — 2015-11-26 20:07 — 0001456 _____ () C:UsersGeorge WoodsAppDataLocalAdobe Сохранить для Web 13.0 Prefs
2015-09-27 20:00 — 2015-09-27 20:00 — 0000017 _____ () C:UsersGeorge WoodsAppDataLocalsi
2015-12-20 03:45 — 2015-12-20 03:45 — 0000000 ____H () C:ProgramDataDP45977C.lfl
2013-12-17 16:45 — 2012-09-07 14:40 — 0000256 _____ () C:ProgramDataSetStretch.cmd
2013-12-17 16:45 — 2009-07-22 13:04 — 0024576 _____ () C:ProgramDataSetStretch.exe
2013-12-17 16:45 — 2012-09-07 14:37 — 0000103 _____ () C:ProgramDataSetStretch.VBS
2015-06-19 08:51 — 2015-06-19 08:51 — 0005005 _____ () C:ProgramDatawmzddnmb.cix

Some files in TEMP:
====================
C:UsersGeorge WoodsAppDataLocalTempHola-Setup-Plugin-x64-1.10.994.exe
C:UsersGeorge WoodsAppDataLocalTempSetup-yabrowser.exe
C:UsersGeorge WoodsAppDataLocalTempsqlite3.dll
C:UsersGeorge WoodsAppDataLocalTempunrar.dll
C:UsersGeorge WoodsAppDataLocalTempyupdate-exec-yabrowser.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:WINDOWSsystem32winlogon.exe => File is digitally signed
C:WINDOWSsystem32wininit.exe => File is digitally signed
C:WINDOWSexplorer.exe => File is digitally signed
C:WINDOWSSysWOW64explorer.exe => File is digitally signed
C:WINDOWSsystem32svchost.exe => File is digitally signed
C:WINDOWSSysWOW64svchost.exe => File is digitally signed
C:WINDOWSsystem32services.exe => File is digitally signed
C:WINDOWSsystem32User32.dll => File is digitally signed
C:WINDOWSSysWOW64User32.dll => File is digitally signed
C:WINDOWSsystem32userinit.exe => File is digitally signed
C:WINDOWSSysWOW64userinit.exe => File is digitally signed
C:WINDOWSsystem32rpcss.dll => File is digitally signed
C:WINDOWSsystem32dnsapi.dll => File is digitally signed
C:WINDOWSSysWOW64dnsapi.dll => File is digitally signed
C:WINDOWSsystem32Driversvolsnap.sys => File is digitally signed

LastRegBack: 2016-02-18 22:06

==================== End of FRST.txt ============================

[egor_ea]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by George Woods (administrator) on GEORGE-PC (27-02-2016 14:40:28)
Running from C:UsersGeorge WoodsDownloads
Loaded Profiles: George Woods (Available Profiles: George Woods)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Yandex Browser)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(Intel Corporation) C:WindowsSystem32igfxCUIService.exe
(Intel Corporation) C:WindowsSysWOW64IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK HotkeyAsLdrSrv.exe
(ASUS) C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
(AVAST Software) D:PROGRAMSAvast Internet SecurityAvastSvc.exe
(Microsoft Corporation) C:WindowsSystem32wlanext.exe
() C:ProgramDataDatacardServiceHWDeviceService64.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe
(Broadcom Corporation.) C:WindowsSystem32BtwRSupportService.exe
(ABBYY) C:Program Files (x86)Common FilesABBYYLingvo15.0LicensingNetworkLicenseServer.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
() C:WindowsSysWOW64SecUPDUtilSvc.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
() C:ProgramDataConnect ManagerOnlineUpdateouc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
(Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Avast Software) D:PROGRAMSAvast Internet SecurityngvboxAvastVBoxSVC.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
(Intel Corporation) C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplication47.0.2526.3539suspend_api_check.exe
(ASUS) C:Program FilesASUSP4GBatteryLife.exe
(ASUS) C:Program Files (x86)ASUSSplendidACMON.exe
(Intel Corporation) C:WindowsSystem32igfxEM.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
(Intel Corporation) C:WindowsSystem32igfxHK.exe
() C:WindowsSystem32igfxTray.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
(AsusTek) C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
(ASUSTek Computer Inc.) C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
(AsusTek) C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe
(AsusTek) C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe
() C:Program FilesCommon FilesCommon Desktop AgentCDASrv.exe
(Valve Corporation) D:PROGRAMSSteamSteam.exe
(AVAST Software) D:PROGRAMSAvast Internet Securityavastui.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedOFFICE15CSISYNCCLIENT.EXE
(Valve Corporation) D:PROGRAMSSteambinsteamwebhelper.exe
(Valve Corporation) C:Program Files (x86)Common FilesSteamSteamService.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(ASUS) C:Program FilesASUSASUS GPU TweakGPUTweak.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamUserAgent.exe
(ASUSTeK Computer Inc.) C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe
(Microsoft Corporation) C:WindowsSystem32SettingSyncHost.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe
(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.ZuneVideo_3.6.16941.0_x64__8wekyb3d8bbweVideo.UI.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
() C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplication47.0.2526.3539crash_service.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
(ABBYY (BIT Software)) C:Program Files (x86)ABBYY Lingvo x5Lingvo.exe
(ABBYY (BIT Software)) C:Program Files (x86)ABBYY Lingvo x5LvAgent.exe
(ABBYY (BIT Software)) C:Program Files (x86)ABBYY Lingvo x5LvAgent64.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
() C:Program FilesWindowsAppsMicrosoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbweSkypeHost.exe
(YANDEX LLC) C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [ETDCtrl] => C:Program FilesElantechETDCtrl.exe [3348712 2015-06-22] (ELAN Microelectronics Corp.)
HKLM…Run: [Thunderbolt] => C:Program FilesIntelThunderbolt SoftwareThunderbolt.exe [767944 2013-10-25] (Intel Corporation)
HKLM…Run: [IgfxTray] => C:Windowssystem32igfxtray.exe [396688 2015-07-18] ()
HKLM…Run: [ShadowPlay] => «C:WINDOWSsystem32rundll32.exe» C:WINDOWSsystem32nvspcap64.dll,ShadowPlayOnSystemStart
HKLM…Run: [CDAServer] => C:Program FilesCommon FilesCommon Desktop AgentCDASrv.exe [464608 2014-09-08] ()
HKLM…Run: [Andy] => «C:Program FilesAndyHandyAndy.exe»
HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM…Run: [NvBackend] => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM-x32…Run: [ASUSPRP] => C:Program Files (x86)ASUSAPRPAPRP.EXE [3216032 2013-12-17] (ASUSTek Computer Inc.)
HKLM-x32…Run: [AvastUI.exe] => D:PROGRAMSAvast Internet SecurityAvastUI.exe [7139768 2016-02-15] (AVAST Software)
HKLM-x32…Run: [Lingvo Launcher] => C:Program Files (x86)ABBYY Lingvo x5LvAgent.exe [639240 2011-05-26] (ABBYY (BIT Software))
HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32…Run: [BlueStacks Agent] => C:Program Files (x86)BlueStacksHD-Agent.exe
HKLM-x32…Run: [SwitchBoard] => C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32…Run: [AdobeCS6ServiceManager] => C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…Run: [Steam] => D:PROGRAMSSteamsteam.exe [3014224 2016-02-05] (Valve Corporation)
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…RunOnce: [Application Restart #0] => C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe [2055800 2016-01-22] (YANDEX LLC)
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…RunOnce: [Uninstall C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1amd64] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q «C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1amd64»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…RunOnce: [Uninstall C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q «C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {052ef910-b168-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {052ef9ae-b168-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {07175e58-b09e-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {07175e8a-b09e-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {141b3792-af3a-11e5-82c1-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {141b37c7-af3a-11e5-82c1-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229eea8c-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229eeb17-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef111-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef133-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef28a-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef66c-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef67c-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef830-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {229ef83a-b2d8-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {429c37f0-c9dd-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {429c383a-c9dd-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {4b5159ab-abf8-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {4b515a03-abf8-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {509f70eb-b18e-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {509f7113-b18e-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {509f73ad-b18e-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {509f73b9-b18e-11e5-82c3-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5459194b-b518-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5459195c-b518-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {54591f65-b518-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {54591f76-b518-11e5-82c4-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5a9f4583-c010-11e5-82cc-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5a9f45c6-c010-11e5-82cc-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed41e2-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed4217-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed4f70-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed4f7e-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed5229-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed5285-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed5666-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed5671-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed58df-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed5910-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed607f-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed6089-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed629b-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {5bed62fe-c1bc-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {962816fb-ca8f-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {96281705-ca8f-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {977efd14-c4b3-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {977efd25-c4b3-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {977f01e3-c4b3-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {977f0247-c4b3-11e5-82ce-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {ab2c5aa2-c7f0-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {ab2c5add-c7f0-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {acc65496-ab35-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {acc654d1-ab35-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {c5e68c4f-ad22-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {c5e68c83-ad22-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {c5e6a5ed-ad22-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {c5e6a5fa-ad22-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {c5e6aa0f-ad22-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {c5e6aa1b-ad22-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {dd3ee9c5-c117-11e5-82cd-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {dd3eea0a-c117-11e5-82cd-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {e0c37bd8-ca74-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {e0c37c0b-ca74-11e5-82d0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {f7cee5dc-c7c3-11e5-82cf-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {f7cee5e9-c7c3-11e5-82cf-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {f8a2a874-abea-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {f8a2a8aa-abea-11e5-82c0-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {ff9b6880-b005-11e5-82c2-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {ff9b68bf-b005-11e5-82c2-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {ff9b6f04-b005-11e5-82c2-54271ef4e98e} — «H:AutoRun.exe»
HKUS-1-5-21-4162306376-2686703833-2895202155-1001…MountPoints2: {ff9b6f10-b005-11e5-82c2-54271ef4e98e} — «H:AutoRun.exe»
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:PROGRAMSAvast Internet SecurityashShA64.dll [2016-02-07] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4162306376-2686703833-2895202155-1001] => 125.80.0.75:80
TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{0a0087b5-2999-488c-9db5-266d955ee6fe}: [NameServer] 185.37.37.37,185.37.39.39
Tcpip..Interfaces{0a0087b5-2999-488c-9db5-266d955ee6fe}: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{10990345-8abf-49c2-9c0c-1bb2b638cf17}: [NameServer] 213.87.0.1 213.87.1.1
Tcpip..Interfaces{da63c43c-7dd5-4850-af09-eb338e48efa7}: [NameServer] 213.87.0.1 213.87.1.1
Tcpip..Interfaces{e95900ae-03fb-4aeb-bd4c-a38c58618117}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKUS-1-5-21-4162306376-2686703833-2895202155-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
HKUS-1-5-21-4162306376-2686703833-2895202155-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKUS-1-5-21-4162306376-2686703833-2895202155-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=165&clid=2084454&text={searchTerms}
SearchScopes: HKUS-1-5-21-4162306376-2686703833-2895202155-1001 -> EF99FFF542025FF42A355A115DA50694 URL =
SearchScopes: HKUS-1-5-21-4162306376-2686703833-2895202155-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=165&clid=2084454&text={searchTerms}
SearchScopes: HKUS-1-5-21-4162306376-2686703833-2895202155-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre1.8.0_72binssv.dll [2016-02-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:PROGRAMSAvast Internet SecurityaswWebRepIE64.dll [2016-02-07] (AVAST Software)
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre1.8.0_72binjp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:PROGRAMSAvast Internet SecurityaswWebRepIE.dll [2016-02-07] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:Program Files (x86)Microsoft OfficeOffice15GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
Toolbar: HKUS-1-5-21-4162306376-2686703833-2895202155-1001 -> No Name — {91397D20-1446-11D4-8AF4-0040CA1127B6} — No File
Handler: osf — {D924BDC6-C83A-4BD5-90D0-095128A113D1} — D:PROGRAMSOffice 1.0Office15MSOSB.DLL [2015-04-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.default
FF NewTab: about:newtab
FF DefaultSearchUrl: hxxp://yandex.ru/yandsearch
FF SearchEngineOrder.1: Yandex
FF SelectedSearchEngine: Yandex
FF Homepage: hxxp://yandex.ru/?clid=2101081
FF Keyword.URL: hxxp://yandex.ru/yandsearch
FF Plugin: @adobe.com/FlashPlayer -> C:WINDOWSsystem32MacromedFlashNPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @asus.com/npAOHelpAssistant -> C:Program Files (x86)ASUSHomeCIOpluginnpAOHelpAssistantx64.dll [2015-04-17] (AsusTek)
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:Program FilesJavajre1.8.0_72bindtpluginnpDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:Program FilesJavajre1.8.0_72binplugin2npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:PROGRAMSOffice 1.0Office15NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WINDOWSSysWOW64MacromedFlashNPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @asus.com/npAOHelpAssistant -> C:Program Files (x86)ASUSHomeCIOpluginnpAOHelpAssistantx86.dll [2015-04-17] (AsusTek)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~2MICROS~1Office15NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:UsersGeorge WoodsDesktopGAMESGarena PlusbbtalkpluginsnpPluginnpGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:PROGRAMSVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> D:PROGRAMSVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:PROGRAMSVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-4162306376-2686703833-2895202155-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:UsersGeorge WoodsAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF SearchPlugin: C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.defaultsearchpluginsgoogle-avast.xml [2015-06-05]
FF Extension: Яндекс Next — C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.defaultextensionsyandexnext@everhelper.me.xpi [2015-10-03]
FF Extension: Advanced SystemCare Surfing Protection — C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.defaultExtensionsiobitascsurfingprotection@iobit.com [2015-06-01] [not signed]
FF HKLM…FirefoxExtensions: [wrc@avast.com] — D:PROGRAMSAvast Internet SecurityWebRepFF
FF Extension: Avast Online Security — D:PROGRAMSAvast Internet SecurityWebRepFF [2016-02-07]
FF HKLM-x32…FirefoxExtensions: [wrc@avast.com] — D:PROGRAMSAvast Internet SecurityWebRepFF
FF HKLM-x32…FirefoxExtensions: [sp@avast.com] — D:PROGRAMSAvast Internet SecuritySafePriceFF
FF Extension: Avast SafePrice — D:PROGRAMSAvast Internet SecuritySafePriceFF [2016-02-07]

Chrome:
=======
CHR HKLM-x32…ChromeExtension: [eofcbnmajmjmplflapaojjnihcjkigck] — D:PROGRAMSAvast Internet SecurityWebRepChromeaswWebRepChromeSp.crx [2016-02-07]
CHR HKLM-x32…ChromeExtension: [gomekmidlodglbbmalcneegieacbdmki] — D:PROGRAMSAvast Internet SecurityWebRepChromeaswWebRepChrome.crx [2016-02-07]
CHR HKLM-x32…ChromeExtension: [pgaidlfgjkmeendhknafahppllbniejm] — hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.Lingvo.Desktop.15.0; C:Program Files (x86)Common FilesABBYYLingvo15.0LicensingNetworkLicenseServer.exe [816904 2011-05-17] (ABBYY)
S4 AOHelpService; C:Program Files (x86)ASUSHomeCIOAOHelpService.exe [28240 2015-09-28] ()
R2 avast! Antivirus; D:PROGRAMSAvast Internet SecurityAvastSvc.exe [237096 2016-02-07] (AVAST Software)
R3 AvastVBoxSvc; D:PROGRAMSAvast Internet SecurityngvboxAvastVBoxSVC.exe [5570120 2016-02-07] (Avast Software)
R2 BcmBtRSupport; C:Windowssystem32BtwRSupportService.exe [2278152 2015-11-07] (Broadcom Corporation.)
S2 Connect Manager. RunOuc; C:Program Files (x86)Connect ManagerUpdateDogouc.exe [651856 2013-10-26] ()
R2 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:ProgramDataDatacardServiceHWDeviceService64.exe [351824 2014-01-15] ()
R2 igfxCUIService2.0.0.0; C:Windowssystem32igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:Program FilesInteliCLS ClientSocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NBService; C:Program Files (x86)NeroNero 7Nero BackItUpNBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 NvNetworkService; C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 SamsungUPDUtilSvc; C:WindowsSysWOW64SecUPDUtilSvc.exe [118576 2014-11-26] ()
S3 SwitchBoard; C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:Windowssystem32driversaswHwid.sys [37656 2016-02-07] (AVAST Software)
R2 aswMonFlt; C:Windowssystem32driversaswMonFlt.sys [107792 2016-02-07] (AVAST Software)
R1 aswRdr; C:Windowssystem32driversaswRdr2.sys [103064 2016-02-07] (AVAST Software)
R0 aswRvrt; C:WindowsSystem32DriversaswRvrt.sys [74544 2016-02-07] (AVAST Software)
R1 aswSnx; C:Windowssystem32driversaswSnx.sys [1065720 2016-02-07] (AVAST Software)
R1 aswSP; C:Windowssystem32driversaswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:Windowssystem32driversaswStm.sys [165344 2016-02-07] (AVAST Software)
R0 aswVmm; C:WindowsSystem32DriversaswVmm.sys [287016 2016-02-10] (AVAST Software)
R3 ATP; C:WindowsSystem32driversAsusTP.sys [100776 2015-06-30] (ASUS Corporation)
S3 ATSZIO; C:Program Files (x86)ASUSHomeCIOATSZIO64.sys [20280 2013-04-26] (ASUSTek Computer Inc.)
R3 bcbtums; C:Windowssystem32driversbcbtums.sys [199472 2015-11-07] (Broadcom Corporation.)
R3 BCM43XX; C:Windowssystem32DRIVERSbcmwl63a.sys [7546544 2014-08-09] (Broadcom Corporation)
R3 BthA2DP; C:Windowssystem32driversBthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:Windowssystem32DRIVERSBthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
S3 BtHidBus; C:WindowsSystem32DriversBtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
S3 btnetBUs; C:WindowsSystem32DriversbtnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R1 HWiNFO32; C:WindowsSysWOW64driversHWiNFO64A.SYS [26528 2015-06-04] (REALiX(tm))
S3 hwusb_cdcacm; C:Windowssystem32DRIVERSew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:WindowsSystem32driversew_wwanecm.sys [380800 2014-09-11] (Huawei Technologies Co., Ltd.)
R1 ISODrive; C:Program Files (x86)UltraISOdriversISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 IvtAudioBusSrv; C:WindowsSystem32DriversIvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtBtBUs; C:WindowsSystem32DriversIvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:WindowsSystem32DriversbtnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R3 kbfiltr; C:WindowsSystem32driverskbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMProtector; C:WINDOWSsystem32driversmbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSsystem32driversMBAMSwissArmy.sys [192216 2016-02-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:WINDOWSsystem32driversmwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:Windowssystem32DRIVERSTeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R0 ngvss; C:WindowsSystem32Driversngvss.sys [154024 2016-02-07] (AVAST Software)
R3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:Windowssystem32driversnvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R2 plctrl; C:Program FilesASUSP4Gplctrl.sys [14136 2014-02-12] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; D:PROGRAMSAvast Internet SecurityngvboxVBoxAswDrv.sys [310904 2016-02-07] (Avast Software)
S3 WdBoot; C:Windowssystem32driversWdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driversWdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 pccsmcfd; SystemRootsystem32DRIVERSpccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

[egor_ea]

log.txt (продолжение, потому что одним сообщением не влезает)

======File associations======

.js — edit — C:WindowsSystem32Notepad.exe %1
.js — open — C:WindowsSystem32WScript.exe «%1» %*

======List of files/folders created in the last 3 months======

2016-02-16 22:23:52 —-D—- C:rsit
2016-02-16 22:23:52 —-D—- C:Program Files (x86)trend micro
2016-02-16 22:04:34 —-HD—- C:OneDriveTemp
2016-02-16 21:54:24 —-D—- C:ProgramDataMalwarebytes
2016-02-16 21:54:24 —-D—- C:Program Files (x86)Malwarebytes Anti-Malware
2016-02-16 21:47:01 —-D—- C:FRST
2016-02-16 18:03:40 —-D—- C:WINDOWSLastGood.Tmp
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvwgf2um.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvopencl.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvoglv32.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvinit.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64NvIFROpenGL.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64NvIFR.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64NvFBC.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvEncodeAPI.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvEncMFTH264.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvd3dum.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvcuvid.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvcuda.dll
2016-02-16 18:03:15 —-A—- C:WINDOWSSysWOW64nvcompiler.dll
2016-02-10 17:49:21 —-A—- C:WINDOWSSysWOW64mshtml.dll
2016-02-10 17:49:19 —-A—- C:WINDOWSSysWOW64shell32.dll
2016-02-10 17:49:18 —-A—- C:WINDOWSSysWOW64windows.storage.dll
2016-02-10 17:49:17 —-A—- C:WINDOWSSysWOW64twinui.dll
2016-02-10 17:49:16 —-A—- C:WINDOWSSysWOW64ieframe.dll
2016-02-10 17:49:16 —-A—- C:WINDOWSSysWOW64Chakra.dll
2016-02-10 17:49:15 —-A—- C:WINDOWSSysWOW64edgehtml.dll
2016-02-10 17:49:14 —-A—- C:WINDOWSSysWOW64wininet.dll
2016-02-10 17:49:14 —-A—- C:WINDOWSSysWOW64explorer.exe
2016-02-10 17:49:14 —-A—- C:WINDOWSexplorer.exe
2016-02-10 17:49:13 —-A—- C:WINDOWSSysWOW64ntdll.dll
2016-02-10 17:49:13 —-A—- C:WINDOWSSysWOW64KernelBase.dll
2016-02-10 17:49:13 —-A—- C:WINDOWSSysWOW64jscript9.dll
2016-02-10 17:49:13 —-A—- C:WINDOWSSysWOW64iertutil.dll
2016-02-10 17:49:13 —-A—- C:WINDOWSSysWOW64combase.dll
2016-02-10 17:49:12 —-A—- C:WINDOWSSysWOW64msv1_0.dll
2016-02-10 17:49:12 —-A—- C:WINDOWSSysWOW64kerberos.dll
2016-02-10 17:49:11 —-A—- C:WINDOWSSysWOW64WinTypes.dll
2016-02-10 17:49:10 —-A—- C:WINDOWSSysWOW64ztrace_maps.dll
2016-02-10 17:49:10 —-A—- C:WINDOWSSysWOW64urlmon.dll
2016-02-10 17:49:10 —-A—- C:WINDOWSSysWOW64OpenWith.exe
2016-02-10 17:49:10 —-A—- C:WINDOWSSysWOW64msorcl32.dll
2016-02-10 17:49:09 —-A—- C:WINDOWSSysWOW64mtxoci.dll
2016-02-10 17:49:09 —-A—- C:WINDOWSSysWOW64jsproxy.dll
2016-02-10 17:49:09 —-A—- C:WINDOWSSysWOW64iassam.dll
2016-02-10 17:49:09 —-A—- C:WINDOWSSysWOW64cfgbkend.dll
2016-02-10 17:49:08 —-A—- C:WINDOWSSysWOW64wininetlui.dll
2016-02-10 17:49:08 —-A—- C:WINDOWSSysWOW64hlink.dll
2016-02-07 15:21:00 —-A—- C:WINDOWSavastSS.scr
2016-02-07 15:13:52 —-D—- C:AdwCleaner
2016-01-29 12:10:47 —-A—- C:WINDOWSSysWOW64Windows.Media.Protection.PlayReady.dll
2016-01-29 12:10:42 —-A—- C:WINDOWSSysWOW64Windows.UI.Xaml.dll
2016-01-29 12:10:37 —-A—- C:WINDOWSSysWOW64mos.dll
2016-01-29 12:10:34 —-A—- C:WINDOWSSysWOW64d2d1.dll
2016-01-29 12:10:34 —-A—- C:WINDOWSSysWOW64BingMaps.dll
2016-01-29 12:10:32 —-A—- C:WINDOWSSysWOW64InputService.dll
2016-01-29 12:10:32 —-A—- C:WINDOWSSysWOW64dwmcore.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64WWanAPI.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64winhttp.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64SensorsApi.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64quartz.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64MTF.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64msfeeds.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64msctf.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64mfsvr.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64iedkcs32.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64evr.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64CredProvDataModel.dll
2016-01-29 12:10:31 —-A—- C:WINDOWSSysWOW64AudioSes.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64TextInputFramework.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64SimCfg.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64SimAuth.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64rastls.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64rasdlg.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64rasapi32.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64pcaui.exe
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64MapsBtSvc.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64DisplayManager.dll
2016-01-29 12:10:30 —-A—- C:WINDOWSSysWOW64AUDIOKSE.dll
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64wlidcli.dll
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64winhttpcom.dll
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64Windows.UI.Core.TextInput.dll
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64winbio.dll
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64rastlsext.dll
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64rasautou.exe
2016-01-29 12:10:29 —-A—- C:WINDOWSSysWOW64rasadhlp.dll
2016-01-27 13:24:21 —-D—- C:UsersGeorge WoodsAppDataRoamingGTAV Enhanced Native Trainer
2016-01-16 21:05:32 —-D—- C:ProgramDataEpic
2016-01-16 20:57:41 —-D—- C:ProgramDataASUS Smart Gesture
2016-01-15 21:51:13 —-D—- C:UsersGeorge WoodsAppDataRoamingState of Decay YOSE — Day One Edition
2016-01-14 09:30:55 —-D—- C:UsersGeorge WoodsAppDataRoamingLiveChat
2016-01-14 09:29:40 —-D—- C:UsersGeorge WoodsAppDataRoamingAOHelp20
2016-01-14 09:29:40 —-D—- C:ProgramDataAOHelp20
2016-01-14 09:29:37 —-D—- C:UsersGeorge WoodsAppDataRoamingAsusAoHelp
2016-01-14 09:07:32 —-A—- C:UsersGeorge WoodsAppDataRoamingsp_data.sys
2016-01-13 20:17:55 —-D—- C:ProgramDataAge of Empires 3
2016-01-12 21:58:36 —-A—- C:WINDOWSSysWOW64mfnetsrc.dll
2016-01-12 21:58:36 —-A—- C:WINDOWSSysWOW64mfcore.dll
2016-01-12 21:58:34 —-A—- C:WINDOWSSysWOW64msxml6.dll
2016-01-12 21:58:34 —-A—- C:WINDOWSSysWOW64mfnetcore.dll
2016-01-12 21:58:33 —-A—- C:WINDOWSSysWOW64WMADMOD.DLL
2016-01-12 21:58:33 —-A—- C:WINDOWSSysWOW64Windows.Media.dll
2016-01-12 21:58:32 —-A—- C:WINDOWSSysWOW64WWAHost.exe
2016-01-12 21:58:32 —-A—- C:WINDOWSSysWOW64WMSPDMOD.DLL
2016-01-12 21:58:32 —-A—- C:WINDOWSSysWOW64schannel.dll
2016-01-12 21:58:32 —-A—- C:WINDOWSSysWOW64gdi32.dll
2016-01-12 21:58:31 —-A—- C:WINDOWSSysWOW64advapi32.dll
2016-01-12 21:58:30 —-A—- C:WINDOWSSysWOW64qdvd.dll
2016-01-12 21:58:30 —-A—- C:WINDOWSSysWOW64MP3DMOD.DLL
2016-01-12 21:58:30 —-A—- C:WINDOWSSysWOW64mftranscode.dll
2016-01-12 21:58:30 —-A—- C:WINDOWSSysWOW64mfps.dll
2016-01-12 21:58:30 —-A—- C:WINDOWSSysWOW64MessagingDataModel2.dll
2016-01-12 21:58:29 —-A—- C:WINDOWSSysWOW64uReFS.dll
2016-01-12 21:58:29 —-A—- C:WINDOWSSysWOW64qedit.dll
2016-01-12 21:58:28 —-A—- C:WINDOWSSysWOW64WMSPDMOE.DLL
2016-01-12 21:58:28 —-A—- C:WINDOWSSysWOW64usermgrcli.dll
2016-01-12 21:58:28 —-A—- C:WINDOWSSysWOW64ProximityCommon.dll
2016-01-12 21:58:27 —-A—- C:WINDOWSSysWOW64vbscript.dll
2016-01-12 21:58:27 —-A—- C:WINDOWSSysWOW64UserMgrProxy.dll
2016-01-12 19:50:47 —-D—- C:UsersGeorge WoodsAppDataRoamingInstallShield
2016-01-12 18:54:07 —-A—- C:WINDOWSSysWOW64x3daudio1_1.dll
2016-01-08 18:33:49 —-D—- C:UsersGeorge WoodsAppDataRoamingConsultantPlus
2016-01-08 18:32:52 —-D—- C:ConsHS
2015-12-20 21:58:38 —-A—- C:WINDOWSSysWOW64mfasfsrcsnk.dll
2015-12-20 21:58:37 —-A—- C:WINDOWSSysWOW64mfmpeg2srcsnk.dll
2015-12-20 21:58:36 —-A—- C:WINDOWSSysWOW64LicenseManager.dll
2015-12-20 21:58:36 —-A—- C:WINDOWSSysWOW64ActiveSyncProvider.dll
2015-12-20 21:58:35 —-A—- C:WINDOWSSysWOW64MFMediaEngine.dll
2015-12-20 21:58:33 —-A—- C:WINDOWSSysWOW64WpcWebFilter.dll
2015-12-20 21:58:33 —-A—- C:WINDOWSSysWOW64NetSetupEngine.dll
2015-12-20 21:58:33 —-A—- C:WINDOWSSysWOW64mfsrcsnk.dll
2015-12-20 21:58:33 —-A—- C:WINDOWSSysWOW64mfplat.dll
2015-12-20 21:58:32 —-A—- C:WINDOWSSysWOW64Windows.Networking.BackgroundTransfer.dll
2015-12-20 21:58:32 —-A—- C:WINDOWSSysWOW64mfmp4srcsnk.dll
2015-12-20 21:58:32 —-A—- C:WINDOWSSysWOW64mfds.dll
2015-12-20 21:58:31 —-A—- C:WINDOWSSysWOW64Windows.Media.Audio.dll
2015-12-20 21:58:31 —-A—- C:WINDOWSSysWOW64mfreadwrite.dll
2015-12-20 21:58:31 —-A—- C:WINDOWSSysWOW64MFPlay.dll
2015-12-20 21:58:31 —-A—- C:WINDOWSSysWOW64MFCaptureEngine.dll
2015-12-20 21:58:30 —-A—- C:WINDOWSSysWOW64StoreAgent.dll
2015-12-20 21:58:30 —-A—- C:WINDOWSSysWOW64mfmkvsrcsnk.dll
2015-12-20 21:58:29 —-A—- C:WINDOWSSysWOW64NetSetupApi.dll
2015-12-20 21:58:29 —-A—- C:WINDOWSSysWOW64MSMPEG2ENC.DLL
2015-12-20 21:58:29 —-A—- C:WINDOWSSysWOW64InstallAgent.exe
2015-12-20 21:58:28 —-A—- C:WINDOWSSysWOW64MSFlacDecoder.dll
2015-12-20 21:58:26 —-A—- C:WINDOWSSysWOW64MapConfiguration.dll
2015-12-20 21:58:25 —-A—- C:WINDOWSSysWOW64BackgroundTransferHost.exe
2015-12-20 14:43:54 —-DC—- C:WINDOWSPanther
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64remoteaudioendpoint.dll
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64PlayToManager.dll
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64PlayToDevice.dll
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64bcastdvr.proxy.dll
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64bcastdvr.exe
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64AudioEng.dll
2015-12-20 14:41:39 —-A—- C:WINDOWSSysWOW64AppCapture.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64wwapi.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64wimgapi.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64policymanager.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64mssign32.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64LogonController.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64LaunchWinApp.exe
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64comsvcs.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64catsrvut.dll
2015-12-20 14:41:36 —-A—- C:WINDOWSSysWOW64authui.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64XblAuthTokenBrokerExt.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64XblAuthManagerProxy.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64WordBreakers.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64Windows.UI.Xaml.Resources.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64Windows.UI.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64user32.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64Unistore.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64UIAutomationCoreRes.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64UIAutomationCore.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64twinui.appcore.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64offlinelsa.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64NmaDirect.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64NMAA.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64msftedit.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64MosStorage.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64MosResource.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64MosHostClient.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64Microsoft-Windows-MosTrace.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64Microsoft-Windows-MosHost.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64Microsoft-Windows-MapControls.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64mfpmp.exe
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64mf.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64MbaeApi.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64MapControlStringsRes.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64MapControlCore.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64lpk.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64jscript.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64JpMapControl.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64InputLocaleManager.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64fontsub.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64fontdrvhost.exe
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64ETWCoreUIComponentsResources.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64EditBufferTestHook.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64deviceaccess.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64dciman32.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64d3d11.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64cryptngc.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64CoreUIComponents.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64cdp.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64BingOnlineServices.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64atmlib.dll
2015-12-20 14:41:34 —-A—- C:WINDOWSSysWOW64atmfd.dll
2015-12-20 14:41:33 —-A—- C:WINDOWSSysWOW64Windows.Internal.Bluetooth.dll
2015-12-20 14:41:33 —-A—- C:WINDOWSSysWOW64SRHInproc.dll
2015-12-20 14:41:33 —-A—- C:WINDOWSSysWOW64SRH.dll
2015-12-20 14:41:33 —-A—- C:WINDOWSSysWOW64GdiPlus.dll
2015-12-20 14:41:33 —-A—- C:WINDOWSSysWOW64dcomp.dll
2015-12-20 14:38:12 —-D—- C:Program Files (x86)Reference Assemblies
2015-12-20 14:38:12 —-D—- C:Program Files (x86)MSBuild
2015-12-20 14:37:53 —-A—- C:WINDOWSSysWOW64TsWpfWrp.exe
2015-12-20 14:37:53 —-A—- C:WINDOWSSysWOW64PresentationNative_v0300.dll
2015-12-20 14:37:53 —-A—- C:WINDOWSSysWOW64PresentationCFFRasterizerNative_v0300.dll
2015-12-20 03:53:24 —-SHD—- C:Recovery
2015-12-20 03:53:24 —-SHD—- C:ProgramDataTemplates
2015-12-20 03:53:24 —-SHD—- C:ProgramDataStart Menu
2015-12-20 03:53:24 —-SHD—- C:ProgramDataDocuments
2015-12-20 03:53:24 —-SHD—- C:ProgramDataDesktop
2015-12-20 03:53:24 —-SHD—- C:ProgramDataApplication Data
2015-12-20 03:50:20 —-ASH—- C:hiberfil.sys
2015-12-20 03:47:06 —-SD—- C:UsersGeorge WoodsAppDataRoamingMicrosoft
2015-12-20 03:46:40 —-A—- C:WINDOWSSysWOW64PrintConfig.dll
2015-12-20 03:46:10 —-D—- C:ProgramDataNVIDIA
2015-12-20 03:46:08 —-HD—- C:Program Files (x86)Uninstall Information
2015-12-20 03:45:58 —-D—- C:ProgramDataNVIDIA Corporation
2015-12-20 03:45:48 —-A—- C:WINDOWSSysWOW64OpenCL.DLL
2015-12-20 03:45:15 —-D—- C:Program Files (x86)Common FilesIntel
2015-12-20 03:45:10 —-AS—- C:WINDOWSbootstat.dat
2015-12-20 03:44:54 —-D—- C:WINDOWSSysWOW64RTCOM
2015-12-20 03:44:35 —-D—- C:WINDOWSPrefetch
2015-12-15 21:40:04 —-D—- C:UsersGeorge WoodsAppDataRoamingSumatraPDF
2015-12-15 21:38:48 —-D—- C:UsersGeorge WoodsAppDataRoamingHamster PDF Reader
2015-12-14 21:56:55 —-D—- C:Program Files (x86)MSECache
2015-12-13 21:01:21 —-D—- C:ProgramDataCall of Duty — Black Ops (Rip by X-NET)
2015-12-12 18:11:07 —-AD—- C:Program Files (x86)Common FilesSkype
2015-11-22 17:33:26 —-D—- C:ProgramDataregid.1986-12.com.adobe
2015-11-19 20:49:21 —-D—- C:Fraps

======List of files/folders modified in the last 3 months======

2016-02-16 22:23:52 —-RD—- C:Program Files (x86)
2016-02-16 22:12:13 —-D—- C:WINDOWSTemp
2016-02-16 22:11:11 —-D—- C:WINDOWSSystem32
2016-02-16 22:11:11 —-D—- C:WINDOWSINF
2016-02-16 22:03:42 —-D—- C:WINDOWSbcastdvr
2016-02-16 21:54:24 —-HD—- C:ProgramData
2016-02-16 21:52:28 —-SHD—- C:Config.Msi
2016-02-16 21:48:04 —-D—- C:Windows
2016-02-16 21:37:02 —-SHDC—- C:WINDOWSInstaller
2016-02-16 21:36:49 —-D—- C:Program Files (x86)NCH Software
2016-02-16 21:35:16 —-RD—- C:Program Files
2016-02-16 21:35:16 —-D—- C:WINDOWSSysWOW64
2016-02-16 18:34:36 —-D—- C:WINDOWSMicrosoft.NET
2016-02-16 18:03:44 —-D—- C:UsersGeorge WoodsAppDataRoaminguTorrent
2016-02-14 14:34:15 —-D—- C:WINDOWSrescache
2016-02-13 17:57:08 —-D—- C:WINDOWSAppReadiness
2016-02-13 13:16:26 —-D—- C:UsersGeorge WoodsAppDataRoamingSkype
2016-02-12 19:37:26 —-RSD—- C:WINDOWSassembly
2016-02-12 19:25:39 —-D—- C:WINDOWSWinSxS
2016-02-11 22:58:17 —-D—- C:WINDOWSSysWOW64en-US
2016-02-11 19:35:15 —-D—- C:WINDOWSCbsTemp
2016-02-09 11:25:53 —-A—- C:WINDOWSSysWOW64nvapi.dll
2016-02-07 16:17:58 —-D—- C:WINDOWSSysWOW64vbox
2016-02-07 15:45:07 —-D—- C:Program Files (x86)Common FilesSteam
2016-02-07 15:35:35 —-RD—- C:Program Files (x86)Skype
2016-02-07 15:33:53 —-AD—- C:Program Files (x86)Mozilla Firefox
2016-02-07 15:25:08 —-D—- C:Program Files (x86)NVIDIA Corporation
2016-02-07 15:15:24 —-D—- C:WINDOWSSysWOW64drivers
2016-02-07 15:14:54 —-D—- C:Program Files (x86)Common Files
2016-02-05 18:59:07 —-D—- C:WINDOWSModemLogs
2016-02-03 22:01:17 —-A—- C:WINDOWSSysWOW64FlashPlayerApp.exe
2016-02-03 16:01:50 —-D—- C:UsersGeorge WoodsAppDataRoamingvlc
2016-01-30 12:34:07 —-RD—- C:WINDOWSPurchaseDialog
2016-01-30 12:34:07 —-RD—- C:WINDOWSImmersiveControlPanel
2016-01-30 12:34:07 —-D—- C:WINDOWSSysWOW64migration
2016-01-30 12:34:07 —-D—- C:WINDOWSAppPatch
2016-01-27 17:56:46 —-D—- C:ProgramDataPackage Cache
2016-01-23 13:25:34 —-D—- C:WINDOWSLiveKernelReports
2016-01-16 20:56:47 —-D—- C:WINDOWSLogs
2016-01-16 20:26:36 —-SD—- C:ProgramDataMicrosoft
2016-01-14 19:23:34 —-D—- C:UsersGeorge WoodsAppDataRoamingThe Creative Assembly
2016-01-14 09:29:39 —-HD—- C:Program Files (x86)InstallShield Installation Information
2016-01-14 09:29:35 —-D—- C:Program Files (x86)ASUS
2016-01-12 18:16:59 —-D—- C:ProgramDataSkype
2016-01-12 07:41:10 —-A—- C:WINDOWSSysWOW64nvspcap.dll
2016-01-12 07:41:09 —-A—- C:WINDOWSSysWOW64nvspbridge.dll
2016-01-09 09:12:27 —-D—- C:UsersGeorge WoodsAppDataRoamingOpera Software
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpwsockx.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnsvr.exe
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnlobby.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnhupnp.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnhpast.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnet.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnathlp.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpnaddr.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dpmodemx.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dplayx.dll
2016-01-08 18:32:19 —-A—- C:WINDOWSSysWOW64dplaysvr.exe
2016-01-02 23:04:44 —-D—- C:UsersGeorge WoodsAppDataRoamingAndy
2015-12-22 03:30:18 —-D—- C:WINDOWSProvisioning
2015-12-21 13:19:32 —-D—- C:WINDOWSdebug
2015-12-21 13:03:05 —-D—- C:WINDOWSappcompat
2015-12-20 14:41:56 —-D—- C:WINDOWSSysWOW64Dism
2015-12-20 14:41:56 —-D—- C:Program Files (x86)Internet Explorer
2015-12-20 04:10:15 —-RD—- C:WINDOWSDevicesFlow
2015-12-20 03:53:54 —-RD—- C:WINDOWSPrintDialog
2015-12-20 03:53:53 —-RD—- C:WINDOWSMiracastView
2015-12-20 03:53:12 —-D—- C:WINDOWSSoftwareDistribution
2015-12-20 03:52:53 —-D—- C:WINDOWSRegistration
2015-12-20 03:51:47 —-D—- C:WINDOWSTasks
2015-12-20 03:50:04 —-D—- C:WINDOWSSysWOW64Atheros_L1e
2015-12-20 03:50:03 —-RSD—- C:WINDOWSFonts
2015-12-20 03:50:03 —-D—- C:WINDOWSShellNew
2015-12-20 03:50:03 —-D—- C:WINDOWSru
2015-12-20 03:50:03 —-D—- C:WINDOWSen
2015-12-20 03:50:03 —-AD—- C:ProgramDataregid.1991-06.com.microsoft
2015-12-20 03:48:18 —-D—- C:WINDOWSSysWOW64xlive
2015-12-20 03:48:17 —-D—- C:WINDOWSSysWOW64GroupPolicy
2015-12-20 03:48:08 —-D—- C:WINDOWSOCR
2015-12-20 03:48:06 —-D—- C:WINDOWSInputMethod
2015-12-20 03:48:05 —-D—- C:WINDOWSADFS
2015-12-20 03:48:03 —-RD—- C:Users
2015-12-20 03:48:03 —-D—- C:ProgramDataUSOPrivate
2015-12-20 03:48:00 —-AD—- C:Program Files (x86)Microsoft.NET
2015-12-20 03:48:00 —-AD—- C:Program Files (x86)Common FilesMicrosoft Shared
2015-12-20 03:46:09 —-D—- C:WINDOWSHelp
2015-12-20 03:44:27 —-D—- C:WINDOWSServiceProfiles
2015-12-18 09:10:58 —-A—- C:WINDOWSSysWOW64nvaudcap32v.dll
2015-12-09 18:03:51 —-D—- C:ProgramDataMicrosoft Help
2015-11-26 20:03:48 —-D—- C:UsersGeorge WoodsAppDataRoamingAdobe
2015-11-25 20:21:39 —-D—- C:ProgramDataAdobe
2015-11-25 08:38:58 —-SHD—- C:System Volume Information
2015-11-22 17:31:25 —-AD—- C:Program Files (x86)Adobe
2015-11-22 17:30:30 —-AD—- C:Program Files (x86)Common FilesAdobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:WINDOWSSysWOW64driversaswRvrt.sys []
R0 aswVmm;avast! VM Monitor; C:WINDOWSSysWOW64driversaswVmm.sys []
R0 iaStorA;iaStorA; C:WINDOWSSystem32driversiaStorA.sys []
R0 ngvss;ngvss; C:WINDOWSSysWOW64driversngvss.sys []
R1 aswRdr;aswRdr; C:WINDOWSsystem32driversaswRdr2.sys []
R1 aswSnx;aswSnx; C:WINDOWSsystem32driversaswSnx.sys []
R1 aswSP;aswSP; C:WINDOWSsystem32driversaswSP.sys []
R1 ATKWMIACPIIO;ATKWMIACPI Driver; ??C:Program Files (x86)ASUSATK PackageATK WMIACPIatkwmiacpi64.sys [2013-07-02 19768]
R1 FileCrypt;@%systemroot%system32driversfilecrypt.sys,-100; C:WINDOWSsystem32driversfilecrypt.sys []
R1 GpuEnergyDrv;@%SystemRoot%system32driversgpuenergydrv.sys,-100; C:WINDOWSSystem32driversgpuenergydrv.sys []
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; ??C:WindowsSysWOW64driversHWiNFO64A.SYS [2015-06-04 26528]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; ??C:Program Files (x86)UltraISOdriversISODrv64.sys [2013-11-21 115448]
R2 ASMMAP64;ASMMAP64; ??C:Program Files (x86)ASUSATK PackageATKGFNEXASMMAP64.sys [2009-07-02 15416]
R2 aswHwid;avast! HardwareID; C:WINDOWSsystem32driversaswHwid.sys []
R2 aswMonFlt;aswMonFlt; C:WINDOWSsystem32driversaswMonFlt.sys []
R2 aswStm;aswStm; C:WINDOWSsystem32driversaswStm.sys []
R2 MMCSS;@%systemroot%system32driversmmcss.sys,-100; C:WINDOWSsystem32driversmmcss.sys []
R2 plctrl;plctrl; ??C:Program FilesASUSP4Gplctrl.sys [2014-02-12 14136]
R2 SSPORT;SSPORT; ??C:Windowssystem32DriversSSPORT.sys []
R2 storqosflt;@%SystemRoot%System32driversstorqosflt.sys,-101; C:WINDOWSsystem32driversstorqosflt.sys []
R3 AiCharger;ASUS Charger Driver; C:WINDOWSsystem32DRIVERSAiCharger.sys []
R3 ATP;@oem2.inf,%PS2.DeviceDesc%;ASUS Input Device; C:WINDOWSSystem32driversAsusTP.sys []
R3 bcbtums;@oem86.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:WINDOWSsystem32driversbcbtums.sys []
R3 BCM43XX;@oem42.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:WINDOWSsystem32DRIVERSbcmwl63a.sys []
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:WINDOWSsystem32driversBthA2DP.sys []
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:WINDOWSSystem32driversBthEnum.sys []
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:WINDOWSsystem32DRIVERSBthHfAud.sys []
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:WINDOWSSystem32driversBthLEEnum.sys []
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:WINDOWSSystem32driversbthpan.sys []
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:WINDOWSSystem32driversBTHUSB.sys []
R3 HIDSwitch;@oem61.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:WINDOWSSystem32driversAsHIDSwitch64.sys []
R3 huawei_enumerator;huawei_enumerator; C:WINDOWSSystem32driversew_jubusenum.sys []
R3 igfx;igfx; C:WINDOWSsystem32DRIVERSigdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRTKVHD64.sys []
R3 iwdbus;@oem35.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:WINDOWSSystem32driversiwdbus.sys []
R3 kbfiltr;@oem27.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:WINDOWSSystem32driverskbfiltr.sys []
R3 L1C;@oem62.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:WINDOWSSystem32driversL1C63x64.sys []
R3 MBAMProtector;MBAMProtector; ??C:WINDOWSsystem32driversmbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversMBAMSwissArmy.sys []
R3 MBAMWebAccessControl;MBAMWebAccessControl; ??C:WINDOWSsystem32driversmwac.sys []
R3 MEIx64;@oem99.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:WINDOWSsystem32DRIVERSTeeDriverx64.sys []
R3 nvlddmkm;nvlddmkm; C:WINDOWSsystem32DRIVERSnvlddmkm.sys []
R3 NvStreamKms;NvStreamKms; ??C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [2016-01-12 26560]
R3 nvvad_WaveExtensible;@oem1.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:WINDOWSsystem32driversnvvad64v.sys []
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:WINDOWSSystem32driversrfcomm.sys []
S0 LSI_SAS2i;LSI_SAS2i; C:WINDOWSSystem32driverslsi_sas2i.sys []
S0 LSI_SAS3i;LSI_SAS3i; C:WINDOWSSystem32driverslsi_sas3i.sys []
S0 percsas2i;percsas2i; C:WINDOWSSystem32driverspercsas2i.sys []
S0 percsas3i;percsas3i; C:WINDOWSSystem32driverspercsas3i.sys []
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:WINDOWSSystem32driversstorufs.sys []
S3 ATSZIO;ATSZIO; ??C:Program Files (x86)ASUSHomeCIOATSZIO64.sys [2013-04-26 20280]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:WINDOWSSystem32driversbcmfn.sys []
S3 BtHidBus;BtHidBus; C:WINDOWSSystem32DriversBtHidBus.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:WINDOWSSystem32driversBTHport.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:WINDOWSSystem32DriversbtnetBus.sys []
S3 btwampfl;@oem86.inf,%btwampfl.ServiceName%;btwampfl; C:WINDOWSsystem32DRIVERSbtwampfl.sys []
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:WINDOWSSystem32driversbuttonconverter.sys []
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:WINDOWSSystem32driverscapimg.sys []
S3 ETD;@oem13.inf,%PS2DeviceDesc%;ELAN Input Device; C:WINDOWSsystem32DRIVERSETD.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:WINDOWSsystem32DRIVERSew_hwusbdev.sys []
S3 ew_usbenumfilter;@oem67.inf,%busupper.SVCDESC%;huawei_CompositeFilter; C:WINDOWSSystem32driversew_usbenumfilter.sys []
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:WINDOWSSystem32driversgenericusbfn.sys []
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:WINDOWSSystem32drivershidinterrupt.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:WINDOWSsystem32DRIVERSewusbmdm.sys []
S3 hwusb_cdcacm;hwusb_cdcacm; C:WINDOWSsystem32DRIVERSew_cdcacm.sys []
S3 hwusb_wwanecm;hwusb_wwanecm; C:WINDOWSSystem32driversew_wwanecm.sys []
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:WINDOWSSystem32driversiai2c.sys []
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:WINDOWSSystem32driversiaLPSS2i_I2C.sys []
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:WINDOWSSystem32driversibbus.sys []
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:WINDOWSsystem32driversintelaud.sys []
S3 IntcDAud;@oem33.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:WINDOWSsystem32DRIVERSIntcDAud.sys []
S3 IoQos;@%SystemRoot%system32driversioqos.sys,-100; C:WINDOWSsystem32driversioqos.sys []
S3 IvtAudioBusSrv;IvtAudioBusSrv; C:WINDOWSSystem32DriversIvtBtBus.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:WINDOWSSystem32DriversIvtBtBus.sys []
S3 IvtPanBusSrv;IvtPanBusSrv; C:WINDOWSSystem32DriversbtnetBus.sys []
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:WINDOWSSystem32driversmlx4_bus.sys []
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:WINDOWSSystem32driversndfltr.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfdx64.sys []
S3 ReFSv1;ReFSv1; C:WINDOWSSysWOW64driversReFSv1.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.Lingvo.Desktop.15.0;ABBYY Lingvo x5 Licencing Service; C:Program Files (x86)Common FilesABBYYLingvo15.0LicensingNetworkLicenseServer.exe [2011-05-17 816904]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2015-12-14 82128]
R2 ASLDRService;ASLDR Service; C:Program Files (x86)ASUSATK PackageATK HotkeyAsLdrSrv.exe [2014-03-26 115512]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [2011-11-21 96896]
R2 avast! Antivirus;Avast Antivirus; D:PROGRAMSAvast Internet SecurityAvastSvc.exe [2016-02-07 237096]
R2 BcmBtRSupport;@oem86.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:WINDOWSsystem32BtwRSupportService.exe []
R2 CoreMessagingRegistrar;@%SystemRoot%system32coremessaging.dll,-1; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
R2 DiagTrack;@%SystemRoot%system32diagtrack.dll,-3001; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [2016-01-12 1163200]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:ProgramDataDatacardServiceHWDeviceService64.exe [2014-01-15 351824]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:WINDOWSsystem32igfxCUIService.exe []
R2 Intel(R) ME Service;Intel(R) ME Service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [2013-10-23 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [2013-10-23 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [2013-10-23 390616]
R2 MBAMScheduler;MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [2015-10-05 1513784]
R2 MBAMService;MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [2015-10-05 1135416]
R2 NvNetworkService;NVIDIA Network Service; C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [2016-01-12 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [2016-01-12 4812736]
R2 nvsvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvvsvc.exe []
R2 OneSyncSvc_32530;Sync Host_32530; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
R2 SamsungUPDUtilSvc;Samsung UPD Utility Service; C:WindowsSysWOW64SecUPDUtilSvc.exe [2014-11-26 118576]
R2 SmsRouter;@%SystemRoot%System32SmsRouterSvc.dll,-10001; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
R3 AvastVBoxSvc;AvastVBox COM Service; D:PROGRAMSAvast Internet SecurityngvboxAvastVBoxSVC.exe [2016-02-07 5570120]
R3 BthHFSrv;@%SystemRoot%System32BthHFSrv.dll,-103; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
R3 cphs;Intel(R) Content Protection HECI Service; C:WINDOWSSysWow64IntelCpHeciSvc.exe [2015-07-18 283024]
R3 FontCache3.0.0.0;@%SystemRoot%system32PresentationHost.exe,-3309; C:WINDOWSMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe [2015-10-24 43696]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe [2016-01-12 6308288]
R3 PimIndexMaintenanceSvc_32530;Contact Data_32530; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
R3 StateRepository;@%SystemRoot%system32windows.staterepository.dll,-1; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
R3 Steam Client Service;Steam Client Service; C:Program Files (x86)Common FilesSteamSteamService.exe [2016-02-05 835152]
S2 Connect Manager. RunOuc;Connect Manager. OUC; C:Program Files (x86)Connect ManagerUpdateDogouc.exe [2013-10-26 651856]
S2 dmwappushservice;@%SystemRoot%system32dmwappushsvc.dll,-200; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 DoSvc;@%systemroot%system32dosvc.dll,-100; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 MapsBroker;@%SystemRoot%System32moshost.dll,-100; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S2 MessagingService;@%SystemRoot%system32MessagingService.dll,-100; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 MessagingService_32530;MessagingService_32530; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 MessagingService_7233ead;MessagingService_7233ead; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 MessagingService_847a197;MessagingService_847a197; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 OneSyncSvc;@%SystemRoot%system32APHostRes.dll,-10002; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 OneSyncSvc_7233ead;Sync Host_7233ead; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 OneSyncSvc_847a197;Sync Host_847a197; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S2 SkypeUpdate;Skype Updater; C:Program Files (x86)SkypeUpdaterUpdater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2016-02-10 269504]
S3 AJRouter;@%SystemRoot%system32AJRouter.dll,-2; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 ClipSVC;@%SystemRoot%system32ClipSVC.dll,-103; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 DcpSvc;@%SystemRoot%system32dcpsvc.dll,-3001; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 DevQueryBroker;@%SystemRoot%system32DevQueryBroker.dll,-100; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%system32DiagSvcsDiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:WINDOWSsystem32DiagSvcsDiagnosticsHub.StandardCollector.Service.exe []
S3 DmEnrollmentSvc;@%systemroot%system32Windows.Internal.Management.dll,-100; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 DsSvc;@%SystemRoot%system32dssvc.dll,-10003; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 embeddedmode;@%SystemRoot%system32embeddedmodesvc.dll,-200; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 icssvc;@%SystemRoot%System32tetheringservice.dll,-4097; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:Program FilesInteliCLS ClientSocketHeciServer.exe [2013-09-02 827392]
S3 LicenseManager;@%SystemRoot%system32licensemanagersvc.dll,-200; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 NBService;NBService; C:Program Files (x86)NeroNero 7Nero BackItUpNBService.exe [2006-11-10 774144]
S3 NetSetupSvc;@%SystemRoot%system32NetSetupSvc.dll,-3; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 NgcCtnrSvc;@%SystemRoot%System32NgcCtnrSvc.dll,-1; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 NgcSvc;@%SystemRoot%System32ngcsvc.dll,-100; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 ose64;Office 64 Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2014-01-23 178760]
S3 PhoneSvc;@%SystemRoot%system32PhoneserviceRes.dll,-10000; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 PimIndexMaintenanceSvc;@%SystemRoot%system32UserDataAccessRes.dll,-15001; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 PimIndexMaintenanceSvc_7233ead;Contact Data_7233ead; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 PimIndexMaintenanceSvc_847a197;Contact Data_847a197; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 RetailDemo;@%SystemRoot%System32RDXService.dll,-256; C:WINDOWSSystem32svchost.exe [2015-10-30 37256]
S3 SensorDataService;@%SystemRoot%system32SensorDataService.exe,-101; C:WINDOWSSystem32SensorDataService.exe []
S3 SensorService;@%SystemRoot%System32sensorservice.dll,-1000; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]
S3 SwitchBoard;SwitchBoard; C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
S4 AOHelpService;AOHelpService; C:Program Files (x86)ASUSHomeCIOAOHelpService.exe [2015-09-28 28240]
S4 CDPSvc;@%SystemRoot%system32cdpsvc.dll,-100; C:WINDOWSsystem32svchost.exe [2015-10-30 37256]

---

EOF

---

[egor_ea]

log.txt
Logfile of random’s system information tool 1.10 (written by random/random)
Run by George Woods at 2016-02-16 22:23:52
Microsoft Windows 10 Home Single Language
System drive C: has 32 GB (27%) free of 121 GB
Total RAM: 12171 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:59 PM, on 2/16/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:Program Files (x86)ASUSSplendidACMON.exe
C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe
C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe
C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
C:ProgramDataDatacardServiceDCSHelper.exe
C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
C:UsersGeorge WoodsAppDataLocalMicrosoftOneDriveOneDrive.exe
D:PROGRAMSSteamSteam.exe
D:PROGRAMSAvast Internet Securityavastui.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
D:PROGRAMSSteambinsteamwebhelper.exe
C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplication46.0.2490.6475crash_service.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:Program FilesWindowsAppsMicrosoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbweSkypeHost.exe
C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe
C:UsersGeorge WoodsDownloadsRSIT.exe
C:Program Files (x86)trend microGeorge Woods.exe

R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 — HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 125.80.0.75:80
R0 — HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 — BHO: avast! Online Security — {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} — D:PROGRAMSAvast Internet SecurityaswWebRepIE.dll
O2 — BHO: Microsoft SkyDrive Pro Browser Helper — {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} — C:PROGRA~2MICROS~1Office15GROOVEEX.DLL
O2 — BHO: (no name) — {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} — (no file)
O4 — HKLM..Run: [ASUSPRP] «C:Program Files (x86)ASUSAPRPAPRP.EXE»
O4 — HKLM..Run: [AvastUI.exe] «D:PROGRAMSAvast Internet SecurityAvastUI.exe» /nogui
O4 — HKLM..Run: [Lingvo Launcher] «C:Program Files (x86)ABBYY Lingvo x5LvAgent.exe» /STARTUP
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program Files (x86)Common FilesJavaJava Updatejusched.exe»
O4 — HKLM..Run: [BlueStacks Agent] C:Program Files (x86)BlueStacksHD-Agent.exe
O4 — HKLM..Run: [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O4 — HKLM..Run: [AdobeCS6ServiceManager] «C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe» -launchedbylogin
O4 — HKCU..Run: [OneDrive] «C:UsersGeorge WoodsAppDataLocalMicrosoftOneDriveOneDrive.exe» /background
O4 — HKCU..Run: [Steam] «D:PROGRAMSSteamsteam.exe» -silent
O4 — HKCU..RunOnce: [Application Restart #0] C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe —flag-switches-begin —enable-cousteau —disable-cousteau —flag-switches-end —disable-client-side-phishing-detection —profile-info —disable-permissions-bubbles —external-app-path=»C:Windowsexplorer.exe» —restore-last-session
O4 — HKCU..RunOnce: [Uninstall C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1amd64] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q «C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1amd64»
O4 — HKCU..RunOnce: [Uninstall C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1] C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q «C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1»
O4 — HKUSS-1-5-19..Run: [OneDriveSetup] C:WindowsSysWOW64OneDriveSetup.exe /thfirstsetup (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [OneDriveSetup] C:WindowsSysWOW64OneDriveSetup.exe /thfirstsetup (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: E&xport to Microsoft Excel — res://D:PROGRAMSMicrosoft Word SoftwareOffice15EXCEL.EXE/3000
O11 — Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 — Trusted Zone: http://*.hola.org
O17 — HKLMSystemCCSServicesTcpip..{0a0087b5-2999-488c-9db5-266d955ee6fe}: NameServer = 185.37.37.37,185.37.39.39
O17 — HKLMSystemCCSServicesTcpip..{10990345-8abf-49c2-9c0c-1bb2b638cf17}: NameServer = 213.87.0.1 213.87.1.1
O17 — HKLMSystemCCSServicesTcpip..{da63c43c-7dd5-4850-af09-eb338e48efa7}: NameServer = 213.87.0.1 213.87.1.1
O17 — HKLMSystemCS1ServicesTcpip..{0a0087b5-2999-488c-9db5-266d955ee6fe}: NameServer = 185.37.37.37,185.37.39.39
O18 — Protocol: osf — {D924BDC6-C83A-4BD5-90D0-095128A113D1} — C:Program Files (x86)Microsoft OfficeOffice15MSOSB.DLL
O18 — Protocol: tbauth — {14654CA6-5711-491D-B89A-58E571679951} — C:WindowsSysWOW64tbauth.dll
O18 — Protocol: windows.tbauth — {14654CA6-5711-491D-B89A-58E571679951} — C:WindowsSysWOW64tbauth.dll
O18 — Protocol: wlpg — {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} — C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 — Filter hijack: text/xml — {807583E5-5146-11D5-A672-00B0D022E945} — C:Program Files (x86)Common FilesMicrosoft SharedOFFICE15MSOXMLMF.DLL
O23 — Service: ABBYY Lingvo x5 Licencing Service (ABBYY.Licensing.Lingvo.Desktop.15.0) — ABBYY — C:Program Files (x86)Common FilesABBYYLingvo15.0LicensingNetworkLicenseServer.exe
O23 — Service: Adobe Acrobat Update Service (AdobeARMservice) — Adobe Systems Incorporated — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 — Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) — Adobe Systems Incorporated — C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 — Service: @%SystemRoot%system32Alg.exe,-112 (ALG) — Unknown owner — C:WINDOWSSystem32alg.exe (file missing)
O23 — Service: ASLDR Service (ASLDRService) — ASUSTek Computer Inc. — C:Program Files (x86)ASUSATK PackageATK HotkeyAsLdrSrv.exe
O23 — Service: ATKGFNEX Service (ATKGFNEXSrv) — ASUS — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
O23 — Service: Avast Antivirus (avast! Antivirus) — AVAST Software — D:PROGRAMSAvast Internet SecurityAvastSvc.exe
O23 — Service: AvastVBox COM Service (AvastVBoxSvc) — Avast Software — D:PROGRAMSAvast Internet SecurityngvboxAvastVBoxSVC.exe
O23 — Service: @oem86.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) — Unknown owner — C:WINDOWSsystem32BtwRSupportService.exe (file missing)
O23 — Service: Connect Manager. OUC (Connect Manager. RunOuc) — Unknown owner — C:Program Files (x86)Connect ManagerUpdateDogouc.exe
O23 — Service: Intel(R) Content Protection HECI Service (cphs) — Intel Corporation — C:WINDOWSSysWow64IntelCpHeciSvc.exe
O23 — Service: @%SystemRoot%system32DiagSvcsDiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) — Unknown owner — C:WINDOWSsystem32DiagSvcsDiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 — Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) — Unknown owner — C:WINDOWSSystem32lsass.exe (file missing)
O23 — Service: @%systemroot%system32fxsresm.dll,-118 (Fax) — Unknown owner — C:WINDOWSsystem32fxssvc.exe (file missing)
O23 — Service: NVIDIA GeForce Experience Service (GfExperienceService) — NVIDIA Corporation — C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe
O23 — Service: HWDeviceService64.exe — Unknown owner — C:ProgramDataDatacardServiceHWDeviceService64.exe
O23 — Service: @%SystemRoot%system32ieetwcollectorres.dll,-1000 (IEEtwCollectorService) — Unknown owner — C:WINDOWSsystem32IEEtwCollector.exe (file missing)
O23 — Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) — Unknown owner — C:WINDOWSsystem32igfxCUIService.exe (file missing)
O23 — Service: Intel(R) Capability Licensing Service TCP IP Interface — Intel(R) Corporation — C:Program FilesInteliCLS ClientSocketHeciServer.exe
O23 — Service: Intel(R) ME Service — Intel Corporation — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
O23 — Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) — Intel Corporation — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
O23 — Service: @keyiso.dll,-100 (KeyIso) — Unknown owner — C:WINDOWSsystem32lsass.exe (file missing)
O23 — Service: Intel(R) Management and Security Application Local Management Service (LMS) — Intel Corporation — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
O23 — Service: MBAMScheduler — Malwarebytes — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
O23 — Service: MBAMService — Malwarebytes — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
O23 — Service: @comres.dll,-2797 (MSDTC) — Unknown owner — C:WINDOWSSystem32msdtc.exe (file missing)
O23 — Service: NBService — Nero AG — C:Program Files (x86)NeroNero 7Nero BackItUpNBService.exe
O23 — Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) — Unknown owner — C:WINDOWSsystem32lsass.exe (file missing)
O23 — Service: NVIDIA Network Service (NvNetworkService) — NVIDIA Corporation — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
O23 — Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) — NVIDIA Corporation — C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
O23 — Service: NVIDIA Streamer Service (NvStreamSvc) — NVIDIA Corporation — C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — Unknown owner — C:WINDOWSsystem32nvvsvc.exe (file missing)
O23 — Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) — Unknown owner — C:WINDOWSsystem32locator.exe (file missing)
O23 — Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) — Unknown owner — C:WINDOWSsystem32lsass.exe (file missing)
O23 — Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) — Unknown owner — C:WindowsSysWOW64SecUPDUtilSvc.exe
O23 — Service: @%SystemRoot%system32SensorDataService.exe,-101 (SensorDataService) — Unknown owner — C:WINDOWSSystem32SensorDataService.exe (file missing)
O23 — Service: Skype Updater (SkypeUpdate) — Skype Technologies — C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 — Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) — Unknown owner — C:WINDOWSSystem32snmptrap.exe (file missing)
O23 — Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) — Unknown owner — C:WINDOWSSystem32spoolsv.exe (file missing)
O23 — Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) — Unknown owner — C:WINDOWSsystem32sppsvc.exe (file missing)
O23 — Service: Steam Client Service — Valve Corporation — C:Program Files (x86)Common FilesSteamSteamService.exe
O23 — Service: SwitchBoard — Adobe Systems Incorporated — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
O23 — Service: @%SystemRoot%system32TieringEngineService.exe,-702 (TieringEngineService) — Unknown owner — C:WINDOWSsystem32TieringEngineService.exe (file missing)
O23 — Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) — Unknown owner — C:WINDOWSsystem32UI0Detect.exe (file missing)
O23 — Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) — Unknown owner — C:WINDOWSsystem32lsass.exe (file missing)
O23 — Service: @%SystemRoot%system32vds.exe,-100 (vds) — Unknown owner — C:WINDOWSSystem32vds.exe (file missing)
O23 — Service: @%systemroot%system32vssvc.exe,-102 (VSS) — Unknown owner — C:WINDOWSsystem32vssvc.exe (file missing)
O23 — Service: @%systemroot%system32wbengine.exe,-104 (wbengine) — Unknown owner — C:WINDOWSsystem32wbengine.exe (file missing)
O23 — Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-320 (WdNisSvc) — Unknown owner — C:Program Files (x86)Windows DefenderNisSrv.exe (file missing)
O23 — Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-310 (WinDefend) — Unknown owner — C:Program Files (x86)Windows DefenderMsMpEng.exe (file missing)
O23 — Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) — Unknown owner — C:WINDOWSsystem32wbemWmiApSrv.exe (file missing)
O23 — Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

—
End of file — 15071 bytes

======Scheduled tasks folder======

C:WINDOWStasksAdobe Flash Player Updater.job — C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
C:WINDOWStasksASC8_SkipUac_George Woods.job — C:Program Files (x86)IObitAdvanced SystemCare 8ASC.exe /SkipUac
C:WINDOWStasksUninstaller_SkipUac_George_Woods.job — C:Program Files (x86)IObitIObit UninstallerIObitUninstaler.exe /UninstallExplorer
C:WINDOWStasksYandex.Browser update.job — C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe —background-update
C:WINDOWStasksОбновление Браузера Яндекс .job — C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe —background-update
C:WINDOWStasksОбновление Браузера Яндекс.job — C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe —background-update

=========Mozilla firefox=========

ProfilePath — C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.default

prefs.js — «browser.search.useDBForOrder» — true
prefs.js — «browser.startup.homepage» — «http://yandex.ru/?clid=2101081&#187;
prefs.js — «keyword.URL» — «http://yandex.ru/yandsearch&#187;

«wrc@avast.com»=D:PROGRAMSAvast Internet SecurityWebRepFF
«sp@avast.com»=D:PROGRAMSAvast Internet SecuritySafePriceFF

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@adobe.com/FlashPlayer]
«Description»=Adobe® Flash® Player 20.0.0.306 Plugin
«Path»=C:WINDOWSSysWOW64MacromedFlashNPSWF32_20_0_0_306.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@asus.com/npAOHelpAssistant]
«Description»=AOHelp3.0 Plugin
«Path»=C:Program Files (x86)ASUSHomeCIOpluginnpAOHelpAssistantx86.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
«Description»=Intel IPT WebApi plugin
«Path»=C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@intel-webapi.intel.com/Intel WebAPI updater]
«Description»=This plugin updates Intel WebAPI component
«Path»=C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPTnpIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@microsoft.com/SharePoint,version=14.0]
«Description»=Microsoft SharePoint Plug-in for Firefox
«Path»=C:PROGRA~2MICROS~1Office15NPSPWRAP.DLL

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@microsoft.com/WLPG,version=16.4.3528.0331]
«Description»=WLPG Install MIME type
«Path»=C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@t.garena.com/garenatalk]
«Description»=Garena Talk Plugin
«Path»=C:UsersGeorge WoodsDesktopGAMESGarena PlusbbtalkpluginsnpPluginnpGarenaTalkPlugin.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@videolan.org/vlc,version=2.1.5]
«Description»=VLC Multimedia Plugin
«Path»=D:PROGRAMSVLCnpvlc.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@videolan.org/vlc,version=2.2.0]
«Description»=VLC Multimedia Plugin
«Path»=D:PROGRAMSVLCnpvlc.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPlugins@videolan.org/vlc,version=2.2.1]
«Description»=VLC Multimedia Plugin
«Path»=D:PROGRAMSVLCnpvlc.dll

[HKEY_LOCAL_MACHINESOFTWAREMozillaPluginsAdobe Reader]
«Description»=Handles PDFs in-place in Firefox
«Path»=C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll

C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.defaultextensions
iobitascsurfingprotection@iobit.com

C:UsersGeorge WoodsAppDataRoamingMozillaFirefoxProfilesw5us908b.defaultsearchplugins
google-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security — D:PROGRAMSAvast Internet SecurityaswWebRepIE.dll [2016-02-07 678656]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper — C:PROGRA~2MICROS~1Office15GROOVEEX.DLL [2015-11-10 1731800]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«ASUSPRP»=C:Program Files (x86)ASUSAPRPAPRP.EXE [2013-12-17 3216032]
«AvastUI.exe»=D:PROGRAMSAvast Internet SecurityAvastUI.exe [2016-02-15 7139768]
«Lingvo Launcher»=C:Program Files (x86)ABBYY Lingvo x5LvAgent.exe [2011-05-26 639240]
«SunJavaUpdateSched»=C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [2015-10-06 597040]
«BlueStacks Agent»=C:Program Files (x86)BlueStacksHD-Agent.exe []
«SwitchBoard»=C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
«AdobeCS6ServiceManager»=C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«OneDrive»=C:UsersGeorge WoodsAppDataLocalMicrosoftOneDriveOneDrive.exe [2016-02-03 551112]
«Steam»=D:PROGRAMSSteamsteam.exe [2016-02-05 3014224]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«Application Restart #0″=C:UsersGeorge WoodsAppDataLocalYandexYandexBrowserApplicationbrowser.exe [2015-12-21 2026960]
«Uninstall C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1amd64″=C:WINDOWSsystem32cmd.exe [2015-10-30 202240]
«Uninstall C:UsersGeorge WoodsAppDataLocalMicrosoftOneDrive17.3.6281.1202_1″=C:WINDOWSsystem32cmd.exe [2015-10-30 202240]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAhcache.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCoreMessagingRegistrar]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaliai2c.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSpbCx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalStateRepository]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalTileDataModelSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaluefi.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalUserManager]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkAhcache.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkCoreMessagingRegistrar]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkSpbCx.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkStateRepository]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkTileDataModelSvc]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkuefi.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUserManager]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«DSCAutomationHostEnabled»=2
«SoftwareSASGeneration»=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=221

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32]
«midimapper»=midimap.dll
«msacm.imaadpcm»=imaadp32.acm
«msacm.l3acm»=C:WindowsSysWOW64l3codeca.acm
«msacm.msadpcm»=msadp32.acm
«msacm.msg711″=msg711.acm
«msacm.msgsm610″=msgsm32.acm
«vidc.cvid»=iccvid.dll
«vidc.i420″=iyuv_32.dll
«vidc.iyuv»=iyuv_32.dll
«vidc.mrle»=msrle32.dll
«vidc.msvc»=msvidc32.dll
«vidc.uyvy»=msyuv.dll
«vidc.yuy2″=msyuv.dll
«vidc.yvu9″=tsbyuv.dll
«vidc.yvyu»=msyuv.dll
«wavemapper»=msacm32.drv
«wave»=wdmaud.drv
«midi»=wdmaud.drv
«mixer»=wdmaud.drv
«aux»=wdmaud.drv
«vidc.VP60″=C:Windowssystem32vp6vfw.dll
«vidc.VP61″=C:Windowssystem32vp6vfw.dll
«vidc.dvsd»=pdvcodec.dll
«VIDC.FPS1″=frapsvid.dll
«wave1″=wdmaud.drv
«midi1″=wdmaud.drv
«mixer1″=wdmaud.drv

[egor_ea]

info.txt
info.txt logfile of random’s system information tool 1.10 2016-02-16 22:24:01

======MBR======

0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000045F773FD000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

—>»C:Program Files (x86)WildTangent GamesGame Explorer Categories — genresUninstall.exe»
—>C:Program Files (x86)NeroNero 7nerouninstallUNNERO.exe /UNINSTALL
—>C:WindowsUNNeroBackItUp.exe /UNINSTALL
—>C:WindowsUNNeroMediaHome.exe /UNINSTALL
—>C:WindowsUNNeroShowTime.exe /UNINSTALL
—>C:WindowsUNNeroVision.exe /UNINSTALL
—>C:WindowsUNRecode.exe /UNINSTALL
—>MsiExec /X{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}
ABBYY Lingvo x5—>MsiExec.exe /I{A1500000-0000-0000-0000-074957833700}
Adobe Acrobat Reader DC—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
Adobe Flash Player 20 NPAPI—>C:WINDOWSSysWOW64MacromedFlashFlashUtil32_20_0_0_306_Plugin.exe -maintain plugin
Adobe Photoshop CS6—>C:Program Files (x86)Common FilesAdobeOOBEPDAppcorePDApp.exe —appletID=»DWA_UI» —appletVersion=»2.0″ —mode=»Uninstall» —mediaSignature=»{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}»
Adobe Refresh Manager—>MsiExec.exe /I{AC76BA86-0804-1033-1959-001824147215}
Age of Empires® III: Complete Collection—>»D:GAMESSteamsteam.exe» steam://uninstall/105450
ArtMoney SE v7.43.1—>»c:GamesArtMoneyUninstallunins000.exe»
ASUS Live Update—>MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
ASUS ROG Gaming Mouse—>C:Program Files (x86)InstallShield Installation Information{3B9E171F-A955-4834-B877-447C0A437260}setup.exe -runfromtemp -l0x0009 -removeonly
ASUS Screen Saver—>MsiExec.exe /I{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}
ASUS Smart Gesture—>MsiExec.exe /I{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
ASUS Splendid Video Enhancement Technology—>MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS USB Charger Plus—>MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}
ATK Package—>MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
Avast Free Antivirus—>D:PROGRAMSAvast Internet SecuritySetupInstup.exe /control_panel /instop:uninstall
Beeline Internet at Home—>C:Program Files (x86)Huawei E160GBeeline Internet at Homeuninst.exe
Black Ops 2 (Multiplayer)—>»D:GAMESBlack Ops 2 (Multiplayer)Uninstallunins000.exe»
Black Ops 2—>»D:GAMESBlack Ops 2Uninstallunins000.exe»
Call of Duty — Modern Warfare 2—>»C:UsersGeorge WoodsAppDataRoamingCall of Duty — Modern Warfare 2Uninstallunins000.exe»
Call of Duty — Modern Warfare 3—>»C:UsersGeorge WoodsAppDataRoamingCall of Duty — Modern Warfare 3Uninstallunins000.exe»
Call of Duty World at War ver. 1.7.1263—>»D:GAMESCall of Duty World at War (1)Uninstallunins000.exe»
Connect Manager—>C:Program Files (x86)Connect Manageruninst.exe
Cossacks II: Battle for Europe—>»D:GAMESSteamsteam.exe» steam://uninstall/4890
Cossacks II: Napoleonic Wars—>»D:GAMESSteamsteam.exe» steam://uninstall/115200
Cossacks II—>D:GAMESGSC Game WorldCossacks IIuninstall.exe
Counter-Strike: Global Offensive—>»D:GAMESSteamsteam.exe» steam://uninstall/730
Counter-Strike: Source—>»D:GAMESSteamsteam.exe» steam://uninstall/240
D3DX10—>MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Epic Games Launcher—>MsiExec.exe /X{A1C97AE7-FB6B-425F-B75B-7A16E1E5639D}
Fallout 4—>»E:Fallout 4unins000.exe»
Far Cry 4—>»C:UsersGeorge WoodsAppDataRoamingFar Cry 4Uninstallunins000.exe»
Fraps—>»C:Frapsuninstall.exe»
GestureWorks Gameplay—>»D:PROGRAMSSteam 2.0steam.exe» steam://uninstall/296610
Grand Theft Auto IV—>»C:UsersGeorge WoodsAppDataRoamingGrand Theft Auto IVUninstallunins000.exe»
Grand Theft Auto V v.1.0.333.1—>»D:GAMESGrand Theft Auto V (3)unins000.exe»
Hamster PDF Reader 2.0.0.20—>»C:Program Files (x86)Hamster SoftHamster PDF Readerunins000.exe»
HomeCIO—>»C:Program Files (x86)InstallShield Installation Information{7B990033-9455-4E99-A001-A4380FAB77B1}setup.exe» -runfromtemp -l0x0409 -removeonly
HomeCIO—>MsiExec.exe /I{7B990033-9455-4E99-A001-A4380FAB77B1}
Insurgency—>»D:GAMESSteamsteam.exe» steam://uninstall/222880
Intel(R) Management Engine Components—>C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUninstallsetup.exe -uninstall
Intel(R) Processor Graphics—>C:Program Files (x86)IntelIntel(R) Processor GraphicsUninstallsetup.exe -uninstall
jetAudio Basic—>»C:Program Files (x86)InstallShield Installation Information{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}setup.exe» -runfromtemp -l0x0409 -removeonly
Launcher Prerequisites (x64)—>»C:ProgramDataPackage Cache{c6c5a357-c7ca-4a5f-9789-3bb1af579253}LauncherPrereqSetup_x64.exe» /uninstall
LIMBO—>C:Program Files (x86)LIMBODesintalar.exe
Malwarebytes Anti-Malware version 2.2.0.1024—>»C:Program Files (x86)Malwarebytes Anti-Malwareunins000.exe»
Medal of Honor Airborne—>»C:UsersGeorge WoodsAppDataRoamingMedal of Honor AirborneUninstallunins000.exe»
Microsoft ASP.NET MVC 4 Runtime—>MsiExec.exe /X{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
Microsoft Games for Windows — LIVE Redistributable—>MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs—>MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]—>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.50727.4053 False—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.50727.42 False—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.51011 False—>MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.56336 False—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.57103 False—>MsiExec.exe /X{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.58299 False—>MsiExec.exe /X{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.59193 False—>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001—>MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022 False—>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022.0 False—>MsiExec.exe /X{DCB46B42-723F-350E-B18A-449BC6C21636}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.21022.218 False—>MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30411 False—>MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729 False—>MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.0 False—>MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17 False—>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4048 False—>MsiExec.exe /X{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148 False—>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148.0 False—>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.5570 False—>MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161—>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 Redistributable — x86 10.0.30319 False—>MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219—>MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030 False Eng—>»C:ProgramDataPackage Cache{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}vcredist_x64.exe» /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030—>»C:ProgramDataPackage Cache{a2199617-3609-410f-a8e8-e8806c73545b}vcredist_x64.exe» /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 False Eng—>»C:ProgramDataPackage Cache{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}vcredist_x86.exe» /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030—>»C:ProgramDataPackage Cache{f0080ca2-80ae-4958-b6eb-e8fa916d744a}vcredist_x86.exe» /uninstall
Microsoft Visual C++ 2012 x86 Additional Runtime — 11.0.50727 False—>MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Additional Runtime — 11.0.51106 False—>MsiExec.exe /X{6C772996-BFF3-3C8C-860B-B3D48FF05D65}
Microsoft Visual C++ 2012 x86 Additional Runtime — 11.0.60610 False—>MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E}
Microsoft Visual C++ 2012 x86 Additional Runtime — 11.0.61030—>MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime — 11.0.50727 False—>MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Microsoft Visual C++ 2012 x86 Minimum Runtime — 11.0.51106 False—>MsiExec.exe /X{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}
Microsoft Visual C++ 2012 x86 Minimum Runtime — 11.0.60610 False—>MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003}
Microsoft Visual C++ 2012 x86 Minimum Runtime — 11.0.61030—>MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.30501 False Eng—>»C:ProgramDataPackage Cache{050d4fc8-5d48-4b8f-8972-47c82c46020f}vcredist_x64.exe» /uninstall
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.30501—>»C:ProgramDataPackage Cache{1a63c099-febd-4eaf-83ad-a82ea4fdac49}vcredist_x64.exe» /uninstall
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.30501—>»C:ProgramDataPackage Cache{5c75eda4-d029-43bf-a70b-a73d380f52ee}vcredist_x64.exe» /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.30501 False Eng—>»C:ProgramDataPackage Cache{f65db027-aff3-4070-886a-0d87064aabb1}vcredist_x86.exe» /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.30501—>»C:ProgramDataPackage Cache{b55f7208-e02b-4828-ac78-59c73ddf5bc7}vcredist_x86.exe» /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime — 12.0.21005—>MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime — 12.0.21005—>MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft XNA Framework Redistributable 4.0 Refresh—>MsiExec.exe /I{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}
Microsoft_VC80_CRT_x86—>MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC90_CRT_x86—>MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Movie Maker—>MsiExec.exe /X{38F03569-A636-4CF3-BDDE-032C8C251304}
Movie Maker—>MsiExec.exe /X{DD67BE4B-7E62-4215-AFA3-F123A800A389}
Movie Maker—>MsiExec.exe /X{E668DD34-04FA-4A11-B07A-8CBA2119401B}
Mozilla Firefox 44.0 (x86 en-US)—>»C:Program Files (x86)Mozilla Firefoxuninstallhelper.exe»
MSVCRT—>MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110—>MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
Nero 7 Ultra Edition—>MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
NVIDIA PhysX (Legacy)—>MsiExec.exe /I{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}
Oxford Basic American Dictionary—>»D:PROGRAMSOxford Basic American Dictionaryuninstall.exe»
PDF Settings CS6—>MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
Photo Common—>MsiExec.exe /X{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}
Photo Gallery—>MsiExec.exe /X{07AAB66E-4718-422D-9218-4AFB3C922A71}
Photo Gallery—>MsiExec.exe /X{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver—>»C:Program Files (x86)InstallShield Installation Information{3108C217-BE83-42E4-AE9E-A56A2A92E549}setup.exe» -runfromtemp -removeonly
Realtek High Definition Audio Driver—>C:Program FilesRealtekAudioHDARtlUpd64.exe -r -m -nrg2709
Republic at War 1.1.5—>MsiExec.exe /I{1F3630F5-C636-49FF-9BF0-F9E2A221E60B}
Rockstar Games Social Club—>C:Program FilesRockstar GamesSocial ClubuninstallRGSCRedistributable.exe
S.T.A.L.K.E.R. — OGSE—>»D:GAMESS.T.A.L.K.E.R. — OGSEUninstallunins000.exe»
S.T.A.L.K.E.R. — STCoP Weapon Pack—>»D:GAMESS.T.A.L.K.E.R. — STCoP Weapon PackUninstallunins000.exe»
Samsung Easy Printer Manager—>C:Program Files (x86)SamsungEasy Printer Manageruninst.exe /app_ipn:»C:Program Files (x86)SamsungEasy Printer Manageruninstall.exe» /oem:Samsung /oem_ac:EPM /oem_aims:no
Samsung Easy Wireless Setup—>»C:Program Files (x86)SamsungSamsung Easy Wireless SetupSEInstallsetup.exe» /R
Samsung ML-2160 Series XPS (Windows 8)—>»C:Program Files (x86)SamsungSamsung ML-2160 Series XPS (Windows 8)SetupSetup.exe» /R
Samsung ML-2160 Series—>»C:Program Files (x86)SamsungSamsung ML-2160 SeriesSetupSetup.exe» /R
Samsung Printer Diagnostics—>»C:Program Files (x86)SamsungSamsung Printer DiagnosticsSEInstallsetup.exe» /R
Samsung Printer Live Update—>C:Program Files (x86)SamsungPrinterLiveUpdateInstalleruninstall.exe
Samsung Universal Print Driver 2—>»C:Program Files (x86)SamsungSamsung Universal Print Driver 2SEInstallSetup.exe» /R
Skype™ 7.18—>MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}
Star Wars — Battlefront II—>»D:GAMESSteamsteam.exe» steam://uninstall/6060
State of Decay 14.6.23.5340—>D:GAMESState of Decay (NS)Uninstall.exe
State of Decay YOSE — Day One Edition—>»C:UsersGeorge WoodsAppDataRoamingState of Decay YOSE — Day One EditionUninstallunins000.exe»
Steam—>D:GAMESSteamuninstall.exe
The Forest—>»D:GAMESSteamsteam.exe» steam://uninstall/242760
The Sims 4—>»D:GAMESThe Sims 4unins000.exe»
The Sims™ 4—>»C:Program Files (x86)Common FilesEAInstallerThe Sims 4Cleanup.exe» uninstall_game -autologging
The Walking Dead: Season Two—>»D:GAMESSteamsteam.exe» steam://uninstall/261030
The Walking Dead—>»D:GAMESSteamsteam.exe» steam://uninstall/207610
The Wolf Among Us—>»D:GAMESSteamsteam.exe» steam://uninstall/250320
Total War Attila—>»C:UsersGeorge WoodsAppDataRoamingTotal War AttilaUninstallunins000.exe»
Total War: ATTILA—>»D:PROGRAMSSteamsteam.exe» steam://uninstall/325610
UltraISO—>C:Program Files (x86)UltraISOUninstall.exe
UmmyVideoDownloader 1.4.0.4—>»C:UsersGeorge WoodsAppDataLocalUmmyVideoDownloaderunins000.exe»
Uplay—>C:Program Files (x86)UbisoftUbisoft Game LauncherUninstall.exe
VLC media player—>D:PROGRAMSVLCuninstall.exe
Windows Live Communications Platform—>MsiExec.exe /I{41C61308-6CFD-4D54-AB6A-7136ED08A18E}
Windows Live Essentials—>MsiExec.exe /I{66B5819D-DE70-42BE-B40F-978FBA12452E}
Windows Live Installer—>MsiExec.exe /I{659CB81C-B54E-4DF1-B618-F35777393A54}
Windows Live Photo Common—>MsiExec.exe /X{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}
Windows Live PIMT Platform—>MsiExec.exe /I{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}
Windows Live SOXE Definitions—>MsiExec.exe /I{D1893000-EA77-493C-8DDD-E262436E959B}
Windows Live SOXE—>MsiExec.exe /I{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}
Windows Live UX Platform Language Pack—>MsiExec.exe /I{6522F5F9-411B-4513-A75B-CEA00395F032}
Windows Live UX Platform Language Pack—>MsiExec.exe /I{BD28A8CC-45B5-4FDF-A3D9-AED39D594913}
Windows Live UX Platform—>MsiExec.exe /I{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}
WinFlash—>MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
Основные компоненты Windows Live—>C:Program Files (x86)Windows LiveInstallerwlarp.exe
Основные компоненты Windows Live—>MsiExec.exe /I{D177E45E-2BA3-42C1-8570-CCA2217B958C}
Фотоальбом—>MsiExec.exe /X{B27EB36C-9860-42FD-AA90-23648E49F15C}
Фотографии (общедоступная версия)—>MsiExec.exe /X{7D6C9057-7F50-4CAB-A557-A68A7932B48E}

======System event log======

Computer Name: George-PC
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:WINDOWSSystem32bcmihvsrv64.dll

Record Number: 103
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20151220004549.691914-000
Event Type: Warning
User: NT AUTHORITYSYSTEM

Computer Name: George-PC
Event Code: 7000
Message: The Intel(R) HD Graphics Control Panel Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 96
Source Name: Service Control Manager
Time Written: 20151220004548.469279-000
Event Type: Error
User:

Computer Name: George-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) HD Graphics Control Panel Service service to connect.
Record Number: 95
Source Name: Service Control Manager
Time Written: 20151220004548.469279-000
Event Type: Error
User:

Computer Name: George-PC
Event Code: 10317
Message: Miniport VirtualBox Host-Only Ethernet Adapter, {84E81F48-6AD3-49DC-A369-D328E98DB91B}, had event 76
Record Number: 66
Source Name: Microsoft-Windows-NDIS
Time Written: 20151220004510.435761-000
Event Type: Error
User: NT AUTHORITYSYSTEM

Computer Name: George-PC
Event Code: 7023
Message: The iphlpsvc service terminated with the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 46
Source Name: Service Control Manager
Time Written: 20151220004440.596067-000
Event Type: Error
User:

=====Application event log=====

Computer Name: George-PC
Event Code: 2002
Message: A warning has occured (SSAU process ID 3680 did not exit, Terminating. [1471]).
Record Number: 413127
Source Name: NvStreamSvc
Time Written: 20160131002453.480221-000
Event Type: Warning
User:

Computer Name: George-PC
Event Code: 2002
Message: A warning has occured (SSAU process ID 4000 did not exit, Terminating. [1471]).
Record Number: 413123
Source Name: NvStreamSvc
Time Written: 20160131002448.415126-000
Event Type: Warning
User:

Computer Name: George-PC
Event Code: 2002
Message: A warning has occured (SSAU process ID 7884 did not exit, Terminating. [1471]).
Record Number: 413119
Source Name: NvStreamSvc
Time Written: 20160131002443.344551-000
Event Type: Warning
User:

Computer Name: George-PC
Event Code: 2002
Message: A warning has occured (SSAU process ID 5948 did not exit, Terminating. [1471]).
Record Number: 413115
Source Name: NvStreamSvc
Time Written: 20160131002438.280455-000
Event Type: Warning
User:

Computer Name: George-PC
Event Code: 2002
Message: A warning has occured (SSAU process ID 6768 did not exit, Terminating. [1471]).
Record Number: 413111
Source Name: NvStreamSvc
Time Written: 20160131002433.214820-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: George-PC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: —
Account Domain: —
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: —
Account Domain: —
Logon ID: 0x0

Process Information:
New Process ID: 0x1d8
New Process Name: C:WindowsSystem32smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x174
Creator Process Name: C:WindowsSystem32smss.exe
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151220004424.830398-000
Event Type: Audit Success
User:

Computer Name: George-PC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: —
Account Domain: —
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: —
Account Domain: —
Logon ID: 0x0

Process Information:
New Process ID: 0x1cc
New Process Name: C:WindowsSystem32setupcl.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x174
Creator Process Name: C:WindowsSystem32smss.exe
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151220004418.140171-000
Event Type: Audit Success
User:

Computer Name: George-PC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: —
Account Domain: —
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: —
Account Domain: —
Logon ID: 0x0

Process Information:
New Process ID: 0x180
New Process Name: C:WindowsSystem32autochk.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x174
Creator Process Name: C:WindowsSystem32smss.exe
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151220004415.940836-000
Event Type: Audit Success
User:

Computer Name: George-PC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: —
Account Domain: —
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: —
Account Domain: —
Logon ID: 0x0

Process Information:
New Process ID: 0x174
New Process Name: C:WindowsSystem32smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x4
Creator Process Name:
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151220004415.917649-000
Event Type: Audit Success
User:

Computer Name: George-PC
Event Code: 4826
Message: Boot Configuration Data loaded.

Subject:
Security ID: S-1-5-18
Account Name: —
Account Domain: —
Logon ID: 0x3E7

General Settings:
Load Options: —
Advanced Options: No
Configuration Access Policy: Default
System Event Logging: No
Kernel Debugging: No
VSM Launch Type: Off

Signature Settings:
Test Signing: No
Flight Signing: No
Disable Integrity Checks: No

HyperVisor Settings:
HyperVisor Load Options: —
HyperVisor Launch Type: Off
HyperVisor Debugging: No
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151220004415.914406-000
Event Type: Audit Success
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«OS»=Windows_NT
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
«PROCESSOR_ARCHITECTURE»=AMD64
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«USERNAME»=SYSTEM
«windir»=%SystemRoot%
«NUMBER_OF_PROCESSORS»=8
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
«PROCESSOR_REVISION»=3c03
«FP_NO_HOST_CHECK»=NO
«Path»=C:ProgramDataOracleJavajavapath;C:Program Files (x86)NVIDIA CorporationPhysXCommon;C:Program FilesBroadcomBroadcom 802.11 Network Adapter;;C:Program Files (x86)InteliCLS Client;C:Program FilesInteliCLS Client;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;C:Program FilesIntelIntel(R) Management Engine ComponentsDAL;C:Program FilesIntelIntel(R) Management Engine ComponentsIPT;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDAL;C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIPT;C:Program FilesWIDCOMMBluetooth Software;C:Program FilesWIDCOMMBluetooth Softwaresyswow64;C:Program Files (x86)Windows LiveShared;C:Program Files (x86)SkypePhone
«PSModulePath»=%SystemRoot%system32WindowsPowerShellv1.0Modules

---

EOF

---

[Автор]

Сообщения