Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Zach (04-02-2017 01:39:39)
Running from C:\Users\Zach\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-23 00:54:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-546699372-1971405435-3590954436-500 - Administrator - Disabled)
Guest (S-1-5-21-546699372-1971405435-3590954436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-546699372-1971405435-3590954436-1003 - Limited - Enabled)
Zach (S-1-5-21-546699372-1971405435-3590954436-1000 - Administrator - Enabled) => C:\Users\Zach
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\uTorrent) (Version: 3.3.2.30416 - BitTorrent Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01 - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Crysis (HKLM-x32\...\Steam App 17300) (Version: - Crytek)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Messiah of Might & Magic Single Player (HKLM-x32\...\Steam App 2100) (Version: - Arkane Studios)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
EVGA PrecisionX 16 (HKLM-x32\...\{2BFBCBE1-DD93-45C9-8997-FC1D1CDE47D1}) (Version: 5.3.6 - EVGA Corporation)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\Google Chrome SxS) (Version: 58.0.2999.0 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - IO Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.1.53.0 (HKLM\...\PROSetDX) (Version: 16.1.53.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Metro: Last Light Redux (HKLM-x32\...\Metro: Last Light Redux_is1) (Version: - Deep Silver)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Middle Earth Shadow of Mordor (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0015}) (Version: 6.0 - Black Box)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6363 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version: - Looking Glass Studios)
Thief 2 HD Mod 0.9.5 (HKLM-x32\...\Thief2) (Version: - )
Thief Gold HD Mod 0.9.1 (HKLM-x32\...\ThiefGold) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2EBCDAA2-7980-4D10-8CBC-C9C0CDB44C77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {6136C361-D6AD-4B93-B4D8-DA491E946557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-30] (Adobe Systems Incorporated)
Task: {6A563846-A265-4F0C-83F4-CB3EB9B39C2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-546699372-1971405435-3590954436-1000UA => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {77B04F1D-D384-426B-8AD2-5EB09E7554E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-546699372-1971405435-3590954436-1000Core => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {9785E307-0471-47F0-920B-BFA688CE1D9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {D9940CC0-1B19-4464-953B-27C24C66A1A7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-10-22 20:05 - 2015-06-16 22:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-22 17:10 - 2011-05-23 01:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 45069312 _____ () D:\GalaxyClient\libcef.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00566272 _____ () D:\GalaxyClient\PocoUtil.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00515072 _____ () D:\GalaxyClient\PocoXML.dll
2015-07-26 18:33 - 2015-07-08 08:59 - 00139776 _____ () D:\GalaxyClient\expat.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 01785344 _____ () D:\GalaxyClient\PocoFoundation.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00412672 _____ () D:\GalaxyClient\pcre.dll
2015-07-26 18:33 - 2015-07-08 09:00 - 00094208 _____ () D:\GalaxyClient\zlib.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00414208 _____ () D:\GalaxyClient\PocoJSON.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 01202176 _____ () D:\GalaxyClient\PocoNet.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 02579456 _____ () D:\GalaxyClient\PocoData.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00476672 _____ () D:\GalaxyClient\PocoDataSQLite.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00666624 _____ () D:\GalaxyClient\sqlite.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00340480 _____ () D:\GalaxyClient\PocoZip.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00332288 _____ () D:\GalaxyClient\PocoNetSSL.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00172032 _____ () D:\GalaxyClient\PocoCrypto.dll
2015-07-26 18:33 - 2015-07-08 09:00 - 00107520 _____ () D:\GalaxyClient\ZLIB1.dll
2015-07-26 21:28 - 2015-06-17 01:10 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-04 01:23 - 2017-02-04 01:23 - 00098816 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32api.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00110080 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pywintypes27.dll
2017-02-04 01:23 - 2017-02-04 01:23 - 00364544 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pythoncom27.dll
2017-02-04 01:23 - 2017-02-04 01:23 - 00320512 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32com.shell.shell.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00914432 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_hashlib.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 01176576 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._core_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00806400 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._gdi_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00816128 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._windows_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 01067008 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._controls_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00733184 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._misc_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00682496 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pysqlite2._sqlite.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00088064 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_ctypes.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00686080 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\unicodedata.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00119808 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32file.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00108544 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32security.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00007168 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\hashobjs_ext.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00017920 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\thumbnails_ext.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00088064 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\usb_ext.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00012800 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\common.time34.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00018432 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32event.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00167936 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32gui.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00046080 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_socket.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 01303552 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_ssl.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00128512 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_elementtree.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00127488 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pyexpat.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00038912 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32inet.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00036864 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_psutil_windows.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00524248 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\windows._lib_cacheinvalidation.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00011264 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32crypt.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00123392 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._wizard.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00077312 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._html2.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00027648 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_multiprocessing.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00020480 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_yappi.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00035840 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32process.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00078848 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._animate.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00024064 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32pipe.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00010240 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\select.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00025600 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32pdh.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00017408 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32profile.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00022528 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32ts.pyd
2015-07-26 18:33 - 2015-09-09 10:39 - 01643008 _____ () D:\GalaxyClient\libglesv2.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00074752 _____ () D:\GalaxyClient\libegl.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-06 19:45 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Zach\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 19:45 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Zach\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-546699372-1971405435-3590954436-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8D9DD04B-EAD9-4213-9B68-05283E938A5C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6CC0E9D4-1CB4-4F2D-9054-8C3C0C61C4C2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0BB50AAE-F2B0-4041-BCD0-0CD2A731EFCF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BEB21877-2C62-4815-94CE-5AB76EC84F2C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{464A6004-1351-48D4-9BB9-4A3209D4287D}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{38F75682-FC59-4357-99FC-B8662E7F44F8}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E458DB7C-EC28-47F2-9B18-B44EB878FABE}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A1C8698-65E4-4426-AE0B-4B963607CBA5}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4373F4C3-A158-427D-8E67-D6F3A8E62728}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5A6BE546-8223-4E53-945D-15DF3818F862}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{195E9BA1-D4EA-404D-8737-63E7509A0013}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91CA6AFA-70F9-465D-BBCE-BE3186AC2BBE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B0C82240-385F-49D6-81D9-D173BAF00581}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BA8FDEF4-7203-4A8D-BD8C-775371860AE4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CB0E1CBD-DC37-4628-8F34-BB0F71EC45F5}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{9DD29CC0-F5F2-4668-86E9-A4361FC059B6}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{4F54234B-1A69-4328-8CD0-7535A2044146}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{CD248312-F6D2-447F-988E-10511A0809C3}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{1F6050EA-41BF-4E60-90B2-29C858FD37A3}] => D:\SteamLibrary\SteamApps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{CDEBBDB8-D9AC-4682-B3E4-2B09B4B68143}] => D:\SteamLibrary\SteamApps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{381FAFFB-2CD5-430F-B17A-E3B81F182457}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{A5B27575-1A8C-44DC-81DD-303EAE3EC923}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{0676167C-7725-4865-8B4D-81F76CA4EEA6}] => D:\SteamLibrary\SteamApps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{C9D047E8-98A5-4542-9F3D-AFECE4356B6B}] => D:\SteamLibrary\SteamApps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{E8EF34D6-0294-46EE-ACA0-854C762611C5}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5E3985DD-B6F5-49CA-8CCA-1D36F3874CEF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17BC9D1C-115B-4EF1-B6B9-57BFB9228360}] => E:\SteamLibrary\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{3F5078D4-A324-4504-852C-C42C2BE35E9B}] => E:\SteamLibrary\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{661D94FF-8E32-4987-8A7D-150A1B12030E}] => E:\SteamLibrary\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{28610581-76D9-4EB7-85E3-A0BE77A87553}] => E:\SteamLibrary\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{D4588673-88A2-40DD-AAD5-DBE659CA7AA5}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0A6D2E4B-A3E0-427B-9DB9-3F9AE437B3C8}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E441EB05-98C6-4AF1-85D3-BDCC61985DFD}] => E:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B093DE8D-92EE-4D08-8BD1-958FA88E2AD4}] => E:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{2D9B59C4-03DA-4461-A1B6-56A8D13FC6B9}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{20F82547-1A25-47BA-8C23-84A37857A77E}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{30703479-70DD-4C54-8040-9A6A8CBEE2C6}] => D:\SteamLibrary\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{19342635-99E5-46D2-ADE2-CA972F8DD074}] => D:\SteamLibrary\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{EAA801A4-5AFD-4ABC-9771-9E8040F6F804}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{1F401940-0835-47A0-A5F8-B2CE2A666F4A}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{7BDBC1F0-8A8B-44D8-ABC1-AE0898B2F90B}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\configure.exe
FirewallRules: [{6EB6AD52-E998-4C4D-AA95-6EC8ADE28DA9}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\configure.exe
FirewallRules: [{6B1B2DA1-2C0B-4E05-AF3A-C5481033DBD0}] => D:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F66A7465-7558-48D6-814C-21019F1C08A2}] => D:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F2D01E38-6394-4958-A2F0-4F63EB0E520C}] => D:\SteamLibrary\SteamApps\common\thief_2\thief2.exe
FirewallRules: [{2B8520A7-AD98-4D78-A6C7-0EE35C85D8C3}] => D:\SteamLibrary\SteamApps\common\thief_2\thief2.exe
FirewallRules: [{B8524361-4161-4DA3-B5CA-4A26BF35C760}] => D:\SteamLibrary\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{B8FB66E2-F1AE-478F-9511-FCA967F68A50}] => D:\SteamLibrary\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{845263D6-E69D-4BC9-9DE0-71164757E604}D:\java\bin\javaw.exe] => D:\java\bin\javaw.exe
FirewallRules: [UDP Query User{B8692AE5-8BDC-4F87-BAA2-C90546B662C2}D:\java\bin\javaw.exe] => D:\java\bin\javaw.exe
FirewallRules: [{F02042E3-4ABB-4964-B848-23391EEF82AC}] => D:\SteamLibrary\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{07DFE7E5-BE37-4605-85E0-CAB3725C0F3E}] => D:\SteamLibrary\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{E0C86C04-EEF9-4E95-9589-ECD816BFC916}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89ADA8AE-E84F-4E69-A533-0EA85875F0D9}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EAF2D0E-F4AF-44BD-82C1-77D8EC10D6F9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{495DB2BF-5A30-4A09-9CCC-1F54593FA772}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF39566C-3713-4FD9-A0E5-F625E16D9D92}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F2D76F5B-A2DF-494B-B210-37A68B53E1F5}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{25A2408A-A906-435F-9F99-E75273262ADE}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{3E087D8E-BC5E-42EE-8472-A3D1F2C7F52F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0DD4C8F-CD09-48DC-B24D-D31F1AF8B6CF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBBF27B5-E7E9-48BC-9E0F-E3958FCF442C}] => C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2F369571-34D5-4E21-976C-9FE8A778947A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86439B-AC62-4D6D-8BAA-64816A0A3C9D}] => LPort=2869
FirewallRules: [{ACB92C97-F758-413D-8F9A-7F035A051CFA}] => LPort=1900
FirewallRules: [{69FEE45A-B407-4A59-B434-5D4B28D1307C}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F73D0EA-5BD5-4479-8784-6AB992962DA8}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{08CB8902-E086-48C6-82D1-33E85F627080}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{36A8AE22-7D7E-464A-A69B-CCA82A679FBF}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2017 01:29:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/04/2017 01:29:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/04/2017 01:26:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/04/2017 01:26:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/04/2017 01:23:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2017 08:02:08 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000007F
Disk type: 3
Error: (02/03/2017 08:02:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a94a1
Faulting module name: mpengine.dll, version: 1.1.13407.0, time stamp: 0x5866e27c
Exception code: 0xc0000006
Fault offset: 0x00000000002c58bf
Faulting process id: 0x46bc
Faulting application start time: 0x01d27e9b733fea9c
Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C392BFB-BF5A-41D7-A640-DA2B00988713}\mpengine.dll
Report Id: b1f03d53-ea8e-11e6-8179-14dae9c684ce
Error: (02/03/2017 08:01:32 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000007F
Disk type: 3
Error: (02/03/2017 08:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a94a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x000000000ce9a195
Faulting process id: 0x2bc
Faulting application start time: 0x01d27c46d43822f0
Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: unknown
Report Id: 9ca83c2d-ea8e-11e6-8179-14dae9c684ce
Error: (02/02/2017 10:39:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17535
System errors:
=============
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 116.72.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.12706.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.235.1929.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13407.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.235.1929.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13407.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.235.1929.0
Update Source: Microsoft Update Server
Update Stage: Search
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13407.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (02/04/2017 01:23:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:02:43 PM on 2/3/2017 was unexpected.
Error: (02/03/2017 08:02:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
MBAMSwissArmy is not a valid Win32 application.
Error: (02/03/2017 08:02:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s).
Error: (02/03/2017 08:02:08 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000006
Resource:
Error: (02/03/2017 08:01:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
Error: (02/03/2017 08:01:30 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000006
Resource: file:C:\Windows\SysWOW64\drmv2clt.dll
==================== Memory info ===========================
Processor: Intel® Core i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16288.37 MB
Available physical RAM: 13440.88 MB
Total Virtual: 32574.92 MB
Available Virtual: 29723.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:0.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1545.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8B1FACCE)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FB1AD951)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================