Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I cannot open/run any anti-malware programs

malware rootkit

  • Please log in to reply

#1
stevenlchea

stevenlchea

    New Member

  • Member
  • Pip
  • 8 posts

Each time I attempt to run any sort of anti-malware or anti-virus program a popup comes up and says "The requested resources is in use."

 

Here's the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Steven Chea (administrator) on DESKTOP-376LSG8 (27-03-2017 18:53:05)
Running from C:\Users\Steven Chea\Desktop
Loaded Profiles: Steven Chea (Available Profiles: Steven Chea)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\System32\tprdpw32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(MessengerForDesktop.com) C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\Messenger for Desktop.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe
(MessengerForDesktop.com) C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\Messenger for Desktop.exe
(MessengerForDesktop.com) C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\Messenger for Desktop.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [system_jconsole.jar] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe -jar "C:\ProgramData\Comms\jconsole.jar" <===== ATTENTION
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Discord] => C:\Users\Steven Chea\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [3122152 2016-06-21] (Blizzard Entertainment)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Chromium] => "c:\users\steven chea\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Messenger for Desktop] => "C:\Users\Steven Chea\AppData\Local\messengerfordesktop\Update.exe" --processStart "Messenger for Desktop.exe" --process-start-args "--os-startup"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [Uninstall C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [Uninstall C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Policies\Explorer: [NoLogOff] 0
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25458291-2691-444c-a0f4-0b07fcde5fce}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237247464282812&GUID=E3526273-580E-4536-B026-F28CFCF320A5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237247464287473&GUID=E3526273-580E-4536-B026-F28CFCF320A5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198 [2017-03-27]
FF Extension: (uBlock Origin) - C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198\Extensions\[email protected] [2017-03-13]
FF Extension: (Site Deployment Checker) - C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198\features\{5f753591-0e63-432a-977f-95663773aa70}\[email protected] [2017-03-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [2015-09-22] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default [2017-03-27]
CHR Extension: (Google Slides) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-09]
CHR Extension: (Google Docs) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09]
CHR Extension: (Google Drive) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Google Sheets) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-09]
CHR Extension: (FBDown Video Downloader) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-28]
CHR Extension: (AdBlock) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Gmail) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-08-09] (EasyAntiCheat Ltd)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-08] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-08] (Electronic Arts)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Steven Chea\AppData\Local\microlabs\ct.exe [852480 2017-03-27] (Google Inc.) [File not signed] <==== ATTENTION
S2 Dataup; C:\Users\STEVEN~1\AppData\Local\NTUSER~1\dataup\dataup.exe [X] <==== ATTENTION
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [76576 2017-03-27] () [File not signed] <==== ATTENTION
S3 GunBod; C:\WINDOWS\system32\gunbod64.sys [84384 2017-02-28] ()
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
S3 LADF_BakerCOnly; C:\WINDOWS\system32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\WINDOWS\system32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-10] (Realtek                                            )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [171664 2016-07-14] (Ray Hinchliffe)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-02] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-10-03] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 DiagTrack; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 18:53 - 2017-03-27 18:53 - 00019639 _____ C:\Users\Steven Chea\Desktop\FRST.txt
2017-03-27 18:52 - 2017-03-27 18:53 - 00000000 ____D C:\FRST
2017-03-27 18:52 - 2017-03-27 18:52 - 02424832 _____ (Farbar) C:\Users\Steven Chea\Desktop\FRST64.exe
2017-03-27 18:43 - 2017-03-27 18:43 - 11581544 _____ (SurfRight B.V.) C:\Users\Steven Chea\Downloads\HitmanPro_x64.exe
2017-03-27 18:40 - 2017-03-27 18:27 - 05765792 _____ (Zemana Ltd. ) C:\Users\Steven Chea\Desktop\Zemana.AntiMalware.Setup.exe
2017-03-27 18:39 - 2017-03-27 18:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Steven Chea\Desktop\explorer.exe
2017-03-27 17:21 - 2017-03-27 17:25 - 00000002 _____ C:\Users\Steven Chea\Desktop\Rkill.txt
2017-03-27 17:18 - 2017-03-27 17:18 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2017-03-27 17:18 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2017-03-27 17:18 - 2005-07-14 12:31 - 00032256 ___SH C:\WINDOWS\SysWOW64\AVSredirect.dll
2017-03-27 17:18 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2017-03-27 17:18 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2017-03-27 17:15 - 2017-03-27 18:49 - 00000000 ____D C:\WINDOWS\pss
2017-03-27 17:05 - 2017-03-27 17:05 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\llssoft
2017-03-27 17:04 - 2017-03-27 17:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steven Chea\Desktop\rkill.com
2017-03-27 16:59 - 2017-03-27 16:59 - 00539476 _____ C:\WINDOWS\Minidump\032717-6140-01.dmp
2017-03-27 16:58 - 2017-03-27 17:05 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\ntuserlitelist
2017-03-27 16:58 - 2017-03-27 16:58 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-27 16:58 - 2017-03-27 16:58 - 00076576 ____N C:\WINDOWS\system32\Drivers\ndistpr64.sys
2017-03-27 16:58 - 2017-03-27 16:58 - 00003588 _____ C:\WINDOWS\System32\Tasks\GEN_Interval
2017-03-27 16:58 - 2017-03-27 16:58 - 00003256 _____ C:\WINDOWS\System32\Tasks\GEN
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\Steven Chea\Documents\eRightSoft
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\c
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\microlabs
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\ProgramData\dbg
2017-03-27 16:58 - 2016-05-05 12:23 - 00556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2017-03-27 16:58 - 2016-05-05 12:22 - 10766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2017-03-27 16:58 - 2016-05-05 12:22 - 01699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2017-03-27 16:58 - 2016-05-05 12:22 - 00188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2017-03-27 16:58 - 2016-05-05 12:22 - 00160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2017-03-27 16:58 - 2004-10-10 08:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2017-03-27 16:58 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2017-03-27 16:58 - 2004-04-05 09:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-03-27 16:58 - 2004-04-05 09:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-03-27 16:51 - 2017-03-27 16:51 - 02078763 _____ C:\Users\Steven Chea\Downloads\mplayerc_20081210.zip
2017-03-27 16:51 - 2017-03-27 16:51 - 01268904 _____ ( ) C:\Users\Steven Chea\Downloads\Media_Player_Classic.exe
2017-03-27 16:51 - 2017-03-27 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Media Player Classic
2017-03-27 16:51 - 2008-12-10 17:14 - 04411392 _____ (Gabest) C:\Users\Steven Chea\Downloads\mplayerc.exe
2017-03-25 16:31 - 2017-03-25 16:31 - 00021504 ___SH C:\Users\Steven Chea\Desktop\Thumbs.db
2017-03-25 02:43 - 2017-03-25 02:44 - 00541023 _____ C:\Users\Steven Chea\Downloads\JB.mp4
2017-03-24 22:56 - 2017-03-24 22:58 - 00000000 ____D C:\Users\Steven Chea\Desktop\ACCT 2331
2017-03-24 22:56 - 2017-03-24 22:56 - 00651036 _____ C:\Users\Steven Chea\Desktop\ACCT-2331.rar
2017-03-24 22:00 - 2017-03-25 03:18 - 00093184 ___SH C:\Users\Steven Chea\Downloads\Thumbs.db
2017-03-24 21:50 - 2017-03-24 22:10 - 282352375 _____ C:\Users\Steven Chea\Downloads\Kanojo_x_Kanojo_x_Kanojo_01_[RAW][UNCEN][DVDrip][Galan_rus_raw][BB7FDD0D].mp4
2017-03-24 21:28 - 2017-03-25 03:40 - 2312535121 _____ C:\Users\Steven Chea\Desktop\[HH] Kanojo x Kanojo x Kanojo - Marathon [BD] [466C8281].mp4
2017-03-22 23:56 - 2017-03-24 20:44 - 00000000 ____D C:\Users\Steven Chea\Desktop\KMSpico 10.1.9 Portable
2017-03-22 21:21 - 2015-08-22 09:46 - 70712928 _____ C:\Users\Steven Chea\Desktop\1133957757SocPsych9.pdf
2017-03-21 12:35 - 2017-03-21 12:36 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\PAYDAY 2
2017-03-20 16:02 - 2017-03-21 02:57 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\EloBuddy
2017-03-20 16:02 - 2017-03-20 16:03 - 00000000 ____D C:\Program Files (x86)\EloBuddy
2017-03-20 16:02 - 2017-03-20 16:02 - 00001115 _____ C:\Users\Public\Desktop\EloBuddy.lnk
2017-03-20 16:02 - 2017-03-20 16:02 - 00000046 _____ C:\Users\Public\Desktop\Visit EloBuddy Website.url
2017-03-20 16:02 - 2017-03-20 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-03-20 16:02 - 2017-03-20 16:02 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-03-20 16:01 - 2017-03-20 16:01 - 03203248 _____ ( ) C:\Users\Steven Chea\Downloads\EloBuddy-Setup.exe
2017-03-17 20:54 - 2017-03-17 20:54 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-17 20:54 - 2017-03-17 20:54 - 00000000 ____D C:\WINDOWS\Panther
2017-03-15 18:38 - 2017-03-27 16:59 - 732555841 _____ C:\WINDOWS\MEMORY.DMP
2017-03-15 18:38 - 2017-03-15 18:38 - 00262076 _____ C:\WINDOWS\Minidump\031517-5625-01.dmp
2017-03-13 22:44 - 2017-02-01 00:41 - 00046462 _____ C:\Users\Steven Chea\Desktop\Hwarang.E14.170131.720p-540p-450p-XViD-WITH-iPOP-BarosG-LIMO-NEXT-CHAOSrel [VIU Version].srt
2017-03-13 22:31 - 2017-01-31 04:05 - 00045622 _____ C:\Users\Steven Chea\Desktop\Hwarang.E13.170130.720p-540p-450p-XViD-WITH-iPOP-BarosG-LIMO-NEXT-CHAOSrel [Viki Version].srt
2017-03-13 12:23 - 2017-03-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 4
2017-03-13 12:23 - 2017-03-13 12:23 - 00000000 ____D C:\Program Files (x86)\tamasoftware
2017-03-12 03:14 - 2017-03-12 03:33 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\mkvtoolnix
2017-03-12 03:13 - 2017-03-12 03:13 - 19251378 _____ (Moritz Bunkus) C:\Users\Steven Chea\Downloads\mkvtoolnix-32bit-8.2.0-setup.exe
2017-03-12 03:13 - 2017-03-12 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2017-03-12 03:13 - 2017-03-12 03:13 - 00000000 ____D C:\Program Files (x86)\MKVToolNix
2017-03-12 02:10 - 2017-03-12 03:21 - 00000000 ____D C:\Goblin
2017-03-09 02:39 - 2017-03-09 02:42 - 640371107 _____ C:\Users\Steven Chea\Desktop\Black_Friday_Dark_Dawn_2012_mp4.mp4
2017-02-28 19:34 - 2017-02-28 19:34 - 00084384 _____ C:\WINDOWS\system32\gunbod64.sys
2017-02-28 19:34 - 2017-02-28 19:34 - 00037792 _____ C:\WINDOWS\system32\gunsken64.sys
2017-02-28 19:30 - 2017-02-28 19:30 - 00000126 _____ C:\Users\Steven Chea\AppData\Roaming\Microsoft\Windows\Start Menu\GunboundIS.url
2017-02-28 19:25 - 2017-02-28 19:29 - 624835784 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\GunBound_GIS_S3_151120_Ver1132.exe
2017-02-28 19:24 - 2017-02-28 19:24 - 02660366 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\NyxLauncher_Global_Softnyx_160419_Ver597(1).exe
2017-02-28 19:23 - 2017-02-28 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame
2017-02-28 19:23 - 2017-02-28 19:23 - 00000000 ____D C:\Game
2017-02-28 19:22 - 2017-02-28 19:22 - 02660366 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\NyxLauncher_Global_Softnyx_160419_Ver597.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-27 18:52 - 2016-09-22 17:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-27 18:51 - 2016-11-15 20:56 - 00000000 ____D C:\Users\Steven Chea\AppData\LocalLow\Mozilla
2017-03-27 18:50 - 2016-10-09 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Messenger for Desktop
2017-03-27 18:50 - 2016-09-22 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-27 18:50 - 2016-09-22 17:31 - 00000000 ____D C:\Users\Steven Chea
2017-03-27 18:50 - 2016-05-25 19:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-27 18:49 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-27 18:44 - 2016-05-25 18:57 - 05013836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-27 18:41 - 2017-02-05 13:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-27 18:17 - 2016-12-21 22:45 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-27 18:06 - 2016-09-22 17:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-27 17:22 - 2016-05-25 19:37 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\vlc
2017-03-27 17:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-03-27 17:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-27 16:59 - 2017-02-22 11:58 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-27 16:58 - 2017-01-11 12:17 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-27 16:57 - 2016-05-25 19:11 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\CrashDumps
2017-03-27 14:27 - 2016-06-20 21:22 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\uTorrent
2017-03-27 10:43 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-27 00:13 - 2016-12-16 19:40 - 10264576 _____ C:\Users\Steven Chea\Desktop\WestVision.accdb
2017-03-26 13:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-24 22:58 - 2016-05-25 18:52 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Packages
2017-03-20 16:02 - 2016-09-22 20:23 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-20 16:02 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-20 16:02 - 2016-05-25 18:58 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-17 20:54 - 2016-09-22 17:41 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2017-03-17 20:54 - 2016-09-22 17:41 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-03-15 19:54 - 2016-09-22 17:41 - 00004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 19:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-15 19:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-15 19:16 - 2016-12-27 02:35 - 01966080 _____ C:\Users\Steven Chea\Desktop\ThisIsWhyImBroke.accdb
2017-03-14 20:54 - 2016-12-26 13:02 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-14 19:52 - 2016-05-27 23:19 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Skype
2017-03-12 14:03 - 2016-10-09 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\messengerfordesktop
2017-03-12 14:03 - 2016-05-25 19:18 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\SquirrelTemp
2017-03-12 00:21 - 2017-01-22 01:38 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-12-19 20:56 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-12 00:21 - 2016-11-03 19:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-12 00:21 - 2016-05-25 19:02 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\NVIDIA Corporation
2017-03-09 13:00 - 2017-01-17 16:51 - 00000000 ___HD C:\Users\Steven Chea\Desktop\temp
2017-03-09 12:50 - 2016-06-08 16:44 - 00000000 ____D C:\Users\Steven Chea\Desktop\Cali vacay
2017-03-09 12:45 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-09 12:43 - 2016-12-07 14:50 - 00000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite
2017-03-09 12:43 - 2016-09-16 20:51 - 00000000 ____D C:\Program Files (x86)\PdaNet for iPhone
2017-03-09 12:43 - 2016-07-12 18:47 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Razer
2017-03-09 12:43 - 2016-06-11 14:48 - 00000000 ____D C:\ProgramData\Razer
2017-03-09 12:43 - 2016-06-11 14:48 - 00000000 ____D C:\Program Files (x86)\Razer
2017-03-09 12:43 - 2016-05-25 18:54 - 00000000 ___RD C:\Users\Steven Chea\OneDrive
2017-03-08 13:56 - 2016-08-08 21:13 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\.minecraft
2017-03-07 15:33 - 2016-09-12 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-06 15:41 - 2016-08-08 21:13 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-03-01 13:25 - 2016-12-07 14:53 - 00000000 ____D C:\Users\Steven Chea\Desktop\New folder
2017-03-01 03:51 - 2016-05-27 17:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Adobe

==================== Files in the root of some directories =======

2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSDevID.fig
2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSIdAndPort.fig
2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSIpAndPort.fig
2016-09-12 17:53 - 2016-09-12 17:53 - 0000046 _____ () C:\Users\Steven Chea\AppData\Roaming\WB.CFG
2016-05-28 23:00 - 2016-12-22 01:58 - 0007612 _____ () C:\Users\Steven Chea\AppData\Local\Resmon.ResmonCfg
2016-12-29 20:31 - 2016-12-29 20:31 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-19 20:56 - 2017-01-22 01:38 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-19 20:56 - 2017-01-21 02:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-24 13:54 - 2017-01-24 13:54 - 0000281 _____ () C:\ProgramData\RSUserCfg.ini

Some files in TEMP:
====================
2017-03-27 18:17 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Steven Chea\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-22 18:35

==================== End of FRST.txt ============================

 

And Here's the Addition one

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Steven Chea (27-03-2017 18:53:48)
Running from C:\Users\Steven Chea\Desktop
Windows 10 Enterprise Version 1607 (X64) (2016-09-22 22:42:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3213071017-1671608743-4279427535-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3213071017-1671608743-4279427535-503 - Limited - Disabled)
Guest (S-1-5-21-3213071017-1671608743-4279427535-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3213071017-1671608743-4279427535-1003 - Limited - Enabled)
Steven Chea (S-1-5-21-3213071017-1671608743-4279427535-1001 - Administrator - Enabled) => C:\Users\Steven Chea

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
µTorrent (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AdVenture Communist (HKLM\...\Steam App 462930) (Version:  - Hyper Hippo Games)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project)
BitTorrent (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - Playsaurus)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version:  - Softnyx co.,ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IntelliJ IDEA 2016.2.3 (HKLM-x32\...\IntelliJ IDEA 2016.2.3) (Version: 162.1812.17 - JetBrains s.r.o.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Lorex_Stratus_Client1 (HKLM-x32\...\{4332B198-445E-4D5C-80D3-D2ABE451EC68}) (Version: 1.1.1186.0 - Lorex)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Messenger for Desktop (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\messengerfordesktop) (Version: 2.0.6 - MessengerForDesktop.com)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MKVToolNix 8.2.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 8.2.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Firefox 52.0.1 (x86 en-US) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version:  - Softnyx co.,ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version:  - TamaSoftware)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.0 - SteelSeries ApS)
SwytShop version 1.0 (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\SwytShop_Pkg2_is1) (Version: 1.0 - SwytShop)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters).

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {122A5D81-4E2B-4785-89DF-3E454576D771} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {23F6575D-2708-47C0-B463-266E9A405D0D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {2E64F86F-77C0-41FB-B5B4-572591DE6990} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {32751414-50AC-43F6-85EE-D71FA283C1D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.)
Task: {335608E1-40C5-4BE4-8043-236516818E76} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {379E31C2-0592-4048-AA5D-8AE220E22223} - System32\Tasks\GEN => C:\Users\Steven Chea\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] (                                                            ) <==== ATTENTION
Task: {416BEF49-D756-471C-88EE-C31594EA5878} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {4E01FE42-330E-46F8-BFDA-61230C23290C} - System32\Tasks\{3949E003-6536-4E65-B875-DD31F067164E} => pcalua.exe -a D:\Bung\ILLUSION\RapeLay\StartUpRP.exe -d D:\Bung\ILLUSION\RapeLay
Task: {55C594C5-BDEF-4E94-B63D-9B311743206A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {5A0A5640-2028-4184-9910-9B6B2E97DF38} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {5C5D6F08-AA8A-4D43-93EC-1D6936737974} - System32\Tasks\{640B233F-9C9B-4416-90BA-E6398540217C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {76749205-4724-4C76-8C70-8834699E9A9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
Task: {7C3194DB-50AB-4EF1-878D-5924C8AB92E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
Task: {7CF16ABC-2FC3-4731-B75F-AD5A47033DDB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {852BAB62-D28F-4957-98B5-CDB08D4B8249} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {9577D723-BF59-4979-889F-9ABEE5924546} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {C8520048-713F-415C-9963-7D767CCCE751} - System32\Tasks\GEN_Interval => C:\Users\Steven Chea\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] (                                                            ) <==== ATTENTION
Task: {CC21F69A-4B91-48B4-836B-FC836DBC6628} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {E2F42FAB-74E3-45CE-BFB3-7907DDE25EDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.)
Task: {E4EA66ED-45E3-4A49-9D9A-B9799DE82FB6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {EEAA1517-82A5-4FDE-93F9-51EC7F84ED6A} - System32\Tasks\{5FF79B4A-7AEE-4C93-B706-D4EE57448267} => Firefox.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {F6FB1DC5-EB18-4478-A501-34C8C51E2892} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-06 16:24 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
2016-09-22 17:30 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 20:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-03 19:11 - 2017-01-29 08:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 17:42 - 2016-05-17 17:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-27 16:58 - 2017-03-27 16:58 - 00833024 ____N () C:\windows\system32\tprdpw32.exe
2017-01-19 12:31 - 2017-01-19 12:31 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-09-22 20:27 - 2016-09-22 20:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 12:17 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-23 16:06 - 2017-01-23 16:06 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 16:06 - 2017-01-23 16:06 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 16:06 - 2017-01-23 16:06 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 20:36 - 2016-12-14 20:36 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 13:23 - 2015-03-12 13:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 13:23 - 2015-03-12 13:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-01-26 16:25 - 2017-01-26 16:25 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-01-26 16:25 - 2017-01-26 16:25 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-01-23 16:06 - 2017-01-23 16:06 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-11 12:17 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 12:17 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 12:17 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 12:17 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 12:17 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-14 17:32 - 2016-12-08 15:26 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-07-06 16:24 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-05-25 19:14 - 2017-03-09 19:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-05-25 19:14 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-05-25 19:14 - 2017-03-22 19:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-05-25 19:14 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-05-25 19:14 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-05-25 19:14 - 2017-03-22 19:52 - 00839456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-25 19:14 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-12 14:03 - 2017-03-12 14:03 - 01943040 _____ () C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\ffmpeg.dll
2017-03-27 18:50 - 2017-03-27 18:50 - 00402944 _____ () \\?\C:\Users\Steven Chea\AppData\Local\Temp\8368.tmp.node
2017-03-27 18:50 - 2017-03-27 18:50 - 00402944 _____ () \\?\C:\Users\Steven Chea\AppData\Local\Temp\91EF.tmp.node
2016-12-12 22:25 - 2017-01-30 16:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-11-03 19:54 - 2017-02-23 09:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-03 19:54 - 2017-02-23 09:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2017-03-27 18:26 - 00002643 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com

There are 6 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven Chea\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E2827BA6-5608-4CE7-8FF5-0D040527045C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{096CBF3F-B30A-4A96-8FCD-D02667AC8E2C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{A9F288CE-FEE1-460A-A2EE-273DA7F6EB12}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{3893BDCE-5F64-4A5A-8C58-2280E3302605}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{C54FF3C6-5422-43D7-86DF-48BD70206B68}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{F4F3B520-BB8F-457B-B88E-7BAC773749E6}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{0BA51AD7-8566-4C35-BC0B-619AAF2AA0EF}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe
FirewallRules: [TCP Query User{BB1C2A68-CAA4-4DC0-9935-64E58CB0AECD}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe
FirewallRules: [UDP Query User{1801B3A7-48E0-467C-84D0-BA7EF0A55603}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe
FirewallRules: [TCP Query User{69D90257-BACB-4899-ADCD-9C7F9877CC6D}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe
FirewallRules: [UDP Query User{8EFB3C65-EF9D-4007-BBCA-6E27C2FCBD7E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E870EA73-66F0-4686-BF87-4085CA62C71A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1623250F-34C9-4E6F-9D64-19F947483741}] => (Allow) LPort=1900
FirewallRules: [{6C13A237-C73A-428D-8E1A-FA681A3594CA}] => (Allow) LPort=2869
FirewallRules: [{DC50FB57-1230-4F73-919D-FE70647EBDFF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D513EB1E-4B49-4BF8-BAC8-CDDF545796C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DC848CC-A61F-49A9-928A-A7D78ECE10AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A9AA1E97-22A9-4049-B507-D85DB7C418CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44DF1CDC-CAB1-449C-A625-D124902EDB5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{5A871F99-9115-49A9-B60E-090FEDE4D4F3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9D58D47B-4908-45C4-BC52-DCBDCF72DDB1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{48CADFBA-6A7F-448A-B676-A94783B0488A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{B4AF18DD-AACE-472F-B6F0-496B07CFFD6A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{B916BA28-B0EE-4B46-AA72-34EB58277A91}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{BB353E42-6B5F-40D3-8C0B-A2D0C833F772}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [UDP Query User{398828E1-A0BC-4CB9-A971-D12416A76A8D}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{028CFAB7-6847-459C-94A0-45779B79BDF1}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{295ADED1-5CBD-47C2-9A72-8C4309AC9303}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{56C0D475-9F71-4CFC-8516-D2BFF5E28E99}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7CEF4964-FF09-48A9-B688-784AB1585760}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8ABA9023-61BC-482B-A12D-E7ACABB71E81}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CC71256-D0E5-4075-830B-F096140AF7AA}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{523110FD-CD3B-4D76-9AB0-1A07E1DFEEB0}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3F2876D-7D92-4306-B23C-4621F9BCAC6A}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAAD2A81-AACC-44F9-85A8-F6A10B644BA7}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBF26463-9B73-4A8A-9959-F596BB3B7A07}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE96B3AD-D06A-454D-A0CE-A2A0B29CFF6F}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9784E7B5-82AB-4019-91FE-833CC36346DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3553408-00C9-47BE-8B3A-CC2DFB9B545E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E8BD3BC1-BC51-4A6E-AD2C-6BE6511A375E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{158ABC15-C86E-4B02-A373-8A935AFAE9F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E91882D2-405E-414C-8CA0-A80E8130CF26}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B8B7168E-3F64-4C8D-B703-C7767A945ADC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B670DC40-6B03-43D9-B8EF-15B2C0E137C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5FDB6E31-3040-4692-A985-E95BCC346901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{667553CB-DBE0-4C63-AD94-D2174A71EA79}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{71E5654D-712D-451D-8B6B-EEE0F990B5B0}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{9262B26E-2F40-44C5-B647-3848F552393C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED4A1EF2-EFA9-491C-87CC-2F3445B1AA32}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0503AA7C-71D5-4E09-B41B-1D03B8B78212}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5F27E00D-D886-46FB-80DE-01A5FD5EE22F}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F2FFEAA4-FFC2-42AA-A13F-1A162BD615F3}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B22F88C-10C0-4216-8A3F-707BC9C32C75}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ED2CAA0A-81C7-4033-A2E7-1A6964FC2D43}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{3C387E98-8A27-49BF-95B5-FC9C9953C98F}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{2388E632-808C-486A-9A12-BDA368706E6C}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{2F578165-B712-427E-8E79-E7DA92D18591}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{07EB1274-7DAD-4B0D-9B39-3FAFFF70E0E6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{7FFECC2A-3474-4FF6-B996-062AE1D78763}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D5C12554-0CFB-4B74-815D-373DC901CDC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{55D3F417-AB3A-49EE-9A95-79F5E758EA36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{00F3F7EA-4A57-4F83-8425-83D3551EE18C}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{DBB840B9-E2B9-4DC0-B469-C954A276FE02}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{63B6EF19-E14A-4C75-AF5E-CA787D253905}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{EC0C0FD2-DC5D-4BE3-8E4C-34BAA33D1C27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7E62D573-2726-41A0-A5FC-6BA1EC6BED4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B41D81E3-370C-4DC7-A3F2-3D857A468D16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D73DB824-8CAD-4593-AAD1-1A480C0F9588}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7EF4B51-5247-4224-816C-DCD3D6648BA1}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{F38E0B0C-2C73-4137-9B79-869DED666ACF}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{582B2818-0874-4679-A1BA-4312EB5C7455}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1B5F70E0-E63E-4AEE-B354-D86A01718780}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7E654802-043E-44DB-9FBF-2D43692D9394}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{7ECD1444-5AF1-465A-84FD-A9AA4853D07F}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{925DA4AB-C9BD-4FC6-B9F8-8131B44F1465}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{E12809FA-DF91-446F-A90A-7DE995A18229}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{734A862B-09AE-4BB5-AB7B-E92ADFAA4DFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7E8898F6-E9E0-45C9-BEE1-7E5429AB4E01}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A3CF8D6A-1D39-4F88-B4A5-A4E0A9DFD771}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{02870414-A4DA-4842-90F2-0152EB3004C7}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{14FE8F25-491D-406A-A4E0-D9EE73DA13A0}C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{0B84408B-010B-43A3-ABC8-7579400EA0EE}C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [TCP Query User{37BC56BB-54B2-4CE1-BE0E-D0A6B34F5BC3}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [UDP Query User{DFC9853B-7FD7-44FC-9483-93C309043F03}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [{91BF44C4-6384-4965-A0A3-FE6636AB044A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9A5A168B-2D64-4087-8FDC-3994845D1726}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{30682B61-4798-4ECE-B1C6-27CB083D2D29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{67B129AA-C939-4257-893F-E1F788901EA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D8DECE73-E226-4344-B310-A79956E5778E}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{C96FDABE-3712-45E1-B521-FDBB8B67ABD4}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{0DD4FF85-59D3-4189-A125-126423893F63}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{553F9086-3569-47E0-A968-BC0A888F9E59}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{27BF2B40-BF5B-40C1-8261-8A9876109292}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6E379A04-C4EA-4D8A-8C36-91FFF1846E91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{4B01E1B9-B89A-4528-AC08-8C2A8190FD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{FB0D1242-9D16-447E-84B9-7BE1CC97A776}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DC76EDD8-A1BA-431A-932F-B85302973CF5}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C3DDC967-2EB2-46E9-A836-716B717B39DC}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{180FF96E-646D-41D2-B0BE-2996E217E184}C:\game\softnyxgame\nyxlauncheris\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncheris\full_downloader.exe
FirewallRules: [UDP Query User{76AE66FC-9688-403C-82E1-5B6EA2909EE8}C:\game\softnyxgame\nyxlauncheris\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncheris\full_downloader.exe
FirewallRules: [TCP Query User{1BD28D4D-56FD-4CD2-B0C7-51B3C576C713}C:\game\softnyxgame\gunboundis\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundis\gunbound.gme
FirewallRules: [UDP Query User{173453BB-C533-46F2-875F-2A4757E8AD1F}C:\game\softnyxgame\gunboundis\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundis\gunbound.gme
FirewallRules: [{27AE6497-FBD6-4567-8A8B-FF02B0C5C424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{65996790-B3E6-4717-B11C-3BE92EDB6594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe

==================== Restore Points =========================

09-03-2017 12:42:47 Removed Razer Synapse.
18-03-2017 20:06:11 Scheduled Checkpoint
20-03-2017 16:02:04 Microsoft Build Tools 2015

==================== Faulty Device Manager Devices =============

Name: Logitech Gaming Virtual Keyboard
Description: Logitech Gaming Virtual Keyboard
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: LGVirHid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Logitech Gaming Virtual Mouse
Description: Logitech Gaming Virtual Mouse
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: LGVirHid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2017 06:41:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/27/2017 06:38:07 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unexpected exception thrown from the provider:
 System.Exception: This service cannot be started in Safe Mode

This service cannot be started in Safe Mode

   at Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName)
   at Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName)
   at Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList)
   at Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages()
Stack:
   at System.Environment.FailFast(System.String)
   at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (03/27/2017 06:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.206, time stamp: 0x57dacea5
Exception code: 0xc0000005
Fault offset: 0x00000000000160d3
Faulting process id: 0xd30
Faulting application start time: 0x01d2a752f785b54f
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\system32\wbem\NetEventPacketCapture.dll
Report Id: e5a4fc27-79b5-4685-8fc9-29fdd6507844
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2017 06:00:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/27/2017 05:46:25 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2017 05:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.Getstarted_4.4.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/27/2017 05:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/27/2017 05:01:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Steven Chea\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2017 05:01:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2017 04:57:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sam__9286_il5df78.exe, version: 0.0.0.0, time stamp: 0x58d4e4e7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0368c073
Faulting process id: 0x1ddc
Faulting application start time: 0x01d2a7451a7d7b2f
Faulting application path: C:\Users\STEVEN~1\AppData\Local\Temp\is-6E063.tmp\sam__9286_il5df78.exe
Faulting module path: unknown
Report Id: f4283153-39c6-4d8f-85aa-84aa37252bdb
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/27/2017 06:52:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/27/2017 06:52:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect.

Error: (03/27/2017 06:50:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/27/2017 06:49:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 06:49:55 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/27/2017 06:49:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/27/2017 06:49:45 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/27/2017 06:49:44 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/27/2017 06:45:38 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/27/2017 06:45:30 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2017-03-27 17:27:00.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.684
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.681
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-27 17:27:00.665
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-08 13:35:33.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-08 13:35:07.862
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8090.14 MB
Available physical RAM: 5594.75 MB
Total Virtual: 9370.14 MB
Available Virtual: 6505.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.03 GB) (Free:48.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Games) (Fixed) (Total:111.79 GB) (Free:50.71 GB) NTFS
Drive e: () (Fixed) (Total:465.75 GB) (Free:54.4 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FC14FC0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0C707888)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E0FA6720)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

OK.  This is an ugly one.  We may have to boot from a USB or CD in order to kill it but let's try just going to Safe Mode:

 

First download the attached fixlist to the same folder where FRST lives:  (Your desktop)

 

Attached File  fixlist.txt   9.94KB   65 downloads

 

Second Download Process Explorer:

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
Look for any of these processes:
tprdpw32.exe
ct.exe
dataup.exe
ndistpr64.sys
 
 
If you find one then right click on it and Suspend
 
Close Process Explorer

 

Now boot into Safe Mode:

 

http://www.digitalci...mode-windows-10

 

Log in with your usual login.

 

Run Process Explorer as before and this time create a log:

 

 
File, Save As, Save.  Note the file name.  (It should be on your desktop)
 

 

Right click on FRST and Run As Admin.

 

Press the Fix button.  

 

FRST will find the fixlist and then create a fixlog.  It will reboot as part of the process.

 

You can go back in to regular mode.

 

Post the fixlog and the process Explorer log you created while in safe mode.

 

Run FRST again with Addition.txt checked and post both logs.

 

Run Process Explorer again and post the new log.

 

 


  • 0

#3
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here are the logs

Attached Files


  • 0

#4
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Last night i was able to use TRON to give me access to rkill and from that I was able to launch malwarebytes and do a complete scan. It got rid of a decent amount, just following through to make sure everything is gone.


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

I don't see it active in the Process Explorer log.

 

Can you run another FRST scan with addition.txt checked and post both logs?


  • 0

#6
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here you go

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

I think you got it.  I don't see any sign of it in the logs.

 

What is TRON?

 

 You might want to Delete All but the latest System Restore point:

See:

Delete All But the Most Recent Restore Point

on

https://www.groovypo...aim-disk-space/

 

Have you considered installing an antivirus other than Windows Defender?  The free Avast works well:

 

Click on Download then choose the free version.
 
 
Download, Save, and right click and Run As Administrator.
 
 
It usually wants a reboot.  (Uncheck any optional software and stick with the free version not the demo)
Run a boot-time scan with Avast.  It takes like 6 hours so I usually let it run at night.
 
 
Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 

  • 0

#8
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

mmm TRON is basically an all in one tool

https://www.reddit.c...and_definition/

 

there's a subreddit just for it


  • 0

#9
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

here's the report

Attached Files


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Avast just found the one file that AdwCleaner had removed.  It should have found more of the stuff we have already removed but apparently this is a new infection that is not well known.  I just saw the first one a couple of weeks ago.

 

Thanks for the TRON link I will look into it.

 

 

If there are no other problems then:

Time to clean up:
 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
(You should remove Java 8 Update 111 as it is obsolete )
 
 
 
Ron

  • 0

#11
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks!


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Just found out that MBAM can now remove this virus.  Wouldn't hurt to run it to see if it finds anything we missed:

 

Do you have the free version of malwarebytes installed, if so please run it now, if not please follow along
 

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

     
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

Also I have a few notes on setting up Avast:

 Have you registered with them?  They just want an email address and they don't spam you.  To register, open Avast (either by click on the icon by the clock) or by All Programs , Avast Software, Avast Free AntiVirus) Then Setings (the gear), Registration.
 
Stick with Avast for a while and see how you like it.  
 
They have  started using their info popup to try and get you to upgrade so I go into Settings, General, Popups and change the first two to 1 second.
 
I don't like their Browser Cleanup so I turn it off:
Settings, Tools, Browser Cleanup (click on the white space to the right of On.)

  • 0

#13
stevenlchea

stevenlchea

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I usually don't have an anti-virus or anti-malware program installed, because i mainly use this machine for gaming. My little cousin was on it and installed a bunch of things, after uninstall much of what he installed, that's when i realized that i wasnt able to run MBAM or any other relating programs


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

OK but see if MBAM will run and if it finds anything.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, rootkit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP