Each time I attempt to run any sort of anti-malware or anti-virus program a popup comes up and says "The requested resources is in use."
Here's the FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Steven Chea (administrator) on DESKTOP-376LSG8 (27-03-2017 18:53:05)
Running from C:\Users\Steven Chea\Desktop
Loaded Profiles: Steven Chea (Available Profiles: Steven Chea)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
() C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\System32\tprdpw32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(MessengerForDesktop.com) C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\Messenger for Desktop.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe
(MessengerForDesktop.com) C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\Messenger for Desktop.exe
(MessengerForDesktop.com) C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\Messenger for Desktop.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [system_jconsole.jar] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe -jar "C:\ProgramData\Comms\jconsole.jar" <===== ATTENTION
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Discord] => C:\Users\Steven Chea\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Battle.net] => D:\Battle.net\Battle.net Launcher.exe [3122152 2016-06-21] (Blizzard Entertainment)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Chromium] => "c:\users\steven chea\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Run: [Messenger for Desktop] => "C:\Users\Steven Chea\AppData\Local\messengerfordesktop\Update.exe" --processStart "Messenger for Desktop.exe" --process-start-args "--os-startup"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [Uninstall C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\RunOnce: [Uninstall C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Policies\Explorer: [NoLogOff] 0
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25458291-2691-444c-a0f4-0b07fcde5fce}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237247464282812&GUID=E3526273-580E-4536-B026-F28CFCF320A5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131237247464287473&GUID=E3526273-580E-4536-B026-F28CFCF320A5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198 [2017-03-27]
FF Extension: (uBlock Origin) - C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198\Extensions\[email protected] [2017-03-13]
FF Extension: (Site Deployment Checker) - C:\Users\Steven Chea\AppData\Roaming\Mozilla\Firefox\Profiles\wb0rlmuo.default-1485481941198\features\{5f753591-0e63-432a-977f-95663773aa70}\[email protected] [2017-03-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [2015-09-22] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default [2017-03-27]
CHR Extension: (Google Slides) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-09]
CHR Extension: (Google Docs) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09]
CHR Extension: (Google Drive) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Google Sheets) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-09]
CHR Extension: (FBDown Video Downloader) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-28]
CHR Extension: (AdBlock) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Gmail) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Steven Chea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-08-09] (EasyAntiCheat Ltd)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-08] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-08] (Electronic Arts)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Steven Chea\AppData\Local\microlabs\ct.exe [852480 2017-03-27] (Google Inc.) [File not signed] <==== ATTENTION
S2 Dataup; C:\Users\STEVEN~1\AppData\Local\NTUSER~1\dataup\dataup.exe [X] <==== ATTENTION
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [76576 2017-03-27] () [File not signed] <==== ATTENTION
S3 GunBod; C:\WINDOWS\system32\gunbod64.sys [84384 2017-02-28] ()
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
S3 LADF_BakerCOnly; C:\WINDOWS\system32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\WINDOWS\system32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-10] (Realtek )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [171664 2016-07-14] (Ray Hinchliffe)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-02] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-10-03] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 DiagTrack; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-27 18:53 - 2017-03-27 18:53 - 00019639 _____ C:\Users\Steven Chea\Desktop\FRST.txt
2017-03-27 18:52 - 2017-03-27 18:53 - 00000000 ____D C:\FRST
2017-03-27 18:52 - 2017-03-27 18:52 - 02424832 _____ (Farbar) C:\Users\Steven Chea\Desktop\FRST64.exe
2017-03-27 18:43 - 2017-03-27 18:43 - 11581544 _____ (SurfRight B.V.) C:\Users\Steven Chea\Downloads\HitmanPro_x64.exe
2017-03-27 18:40 - 2017-03-27 18:27 - 05765792 _____ (Zemana Ltd. ) C:\Users\Steven Chea\Desktop\Zemana.AntiMalware.Setup.exe
2017-03-27 18:39 - 2017-03-27 18:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Steven Chea\Desktop\explorer.exe
2017-03-27 17:21 - 2017-03-27 17:25 - 00000002 _____ C:\Users\Steven Chea\Desktop\Rkill.txt
2017-03-27 17:18 - 2017-03-27 17:18 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2017-03-27 17:18 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2017-03-27 17:18 - 2005-07-14 12:31 - 00032256 ___SH C:\WINDOWS\SysWOW64\AVSredirect.dll
2017-03-27 17:18 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2017-03-27 17:18 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2017-03-27 17:15 - 2017-03-27 18:49 - 00000000 ____D C:\WINDOWS\pss
2017-03-27 17:05 - 2017-03-27 17:05 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\llssoft
2017-03-27 17:04 - 2017-03-27 17:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Steven Chea\Desktop\rkill.com
2017-03-27 16:59 - 2017-03-27 16:59 - 00539476 _____ C:\WINDOWS\Minidump\032717-6140-01.dmp
2017-03-27 16:58 - 2017-03-27 17:05 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\ntuserlitelist
2017-03-27 16:58 - 2017-03-27 16:58 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-27 16:58 - 2017-03-27 16:58 - 00076576 ____N C:\WINDOWS\system32\Drivers\ndistpr64.sys
2017-03-27 16:58 - 2017-03-27 16:58 - 00003588 _____ C:\WINDOWS\System32\Tasks\GEN_Interval
2017-03-27 16:58 - 2017-03-27 16:58 - 00003256 _____ C:\WINDOWS\System32\Tasks\GEN
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\Steven Chea\Documents\eRightSoft
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\c
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\microlabs
2017-03-27 16:58 - 2017-03-27 16:58 - 00000000 ____D C:\ProgramData\dbg
2017-03-27 16:58 - 2016-05-05 12:23 - 00556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2017-03-27 16:58 - 2016-05-05 12:23 - 00000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2017-03-27 16:58 - 2016-05-05 12:22 - 10766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2017-03-27 16:58 - 2016-05-05 12:22 - 01699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2017-03-27 16:58 - 2016-05-05 12:22 - 00188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2017-03-27 16:58 - 2016-05-05 12:22 - 00160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2017-03-27 16:58 - 2004-10-10 08:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2017-03-27 16:58 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2017-03-27 16:58 - 2004-04-05 09:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-03-27 16:58 - 2004-04-05 09:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-03-27 16:51 - 2017-03-27 16:51 - 02078763 _____ C:\Users\Steven Chea\Downloads\mplayerc_20081210.zip
2017-03-27 16:51 - 2017-03-27 16:51 - 01268904 _____ ( ) C:\Users\Steven Chea\Downloads\Media_Player_Classic.exe
2017-03-27 16:51 - 2017-03-27 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Media Player Classic
2017-03-27 16:51 - 2008-12-10 17:14 - 04411392 _____ (Gabest) C:\Users\Steven Chea\Downloads\mplayerc.exe
2017-03-25 16:31 - 2017-03-25 16:31 - 00021504 ___SH C:\Users\Steven Chea\Desktop\Thumbs.db
2017-03-25 02:43 - 2017-03-25 02:44 - 00541023 _____ C:\Users\Steven Chea\Downloads\JB.mp4
2017-03-24 22:56 - 2017-03-24 22:58 - 00000000 ____D C:\Users\Steven Chea\Desktop\ACCT 2331
2017-03-24 22:56 - 2017-03-24 22:56 - 00651036 _____ C:\Users\Steven Chea\Desktop\ACCT-2331.rar
2017-03-24 22:00 - 2017-03-25 03:18 - 00093184 ___SH C:\Users\Steven Chea\Downloads\Thumbs.db
2017-03-24 21:50 - 2017-03-24 22:10 - 282352375 _____ C:\Users\Steven Chea\Downloads\Kanojo_x_Kanojo_x_Kanojo_01_[RAW][UNCEN][DVDrip][Galan_rus_raw][BB7FDD0D].mp4
2017-03-24 21:28 - 2017-03-25 03:40 - 2312535121 _____ C:\Users\Steven Chea\Desktop\[HH] Kanojo x Kanojo x Kanojo - Marathon [BD] [466C8281].mp4
2017-03-22 23:56 - 2017-03-24 20:44 - 00000000 ____D C:\Users\Steven Chea\Desktop\KMSpico 10.1.9 Portable
2017-03-22 21:21 - 2015-08-22 09:46 - 70712928 _____ C:\Users\Steven Chea\Desktop\1133957757SocPsych9.pdf
2017-03-21 12:35 - 2017-03-21 12:36 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\PAYDAY 2
2017-03-20 16:02 - 2017-03-21 02:57 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\EloBuddy
2017-03-20 16:02 - 2017-03-20 16:03 - 00000000 ____D C:\Program Files (x86)\EloBuddy
2017-03-20 16:02 - 2017-03-20 16:02 - 00001115 _____ C:\Users\Public\Desktop\EloBuddy.lnk
2017-03-20 16:02 - 2017-03-20 16:02 - 00000046 _____ C:\Users\Public\Desktop\Visit EloBuddy Website.url
2017-03-20 16:02 - 2017-03-20 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-03-20 16:02 - 2017-03-20 16:02 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-03-20 16:01 - 2017-03-20 16:01 - 03203248 _____ ( ) C:\Users\Steven Chea\Downloads\EloBuddy-Setup.exe
2017-03-17 20:54 - 2017-03-17 20:54 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-17 20:54 - 2017-03-17 20:54 - 00000000 ____D C:\WINDOWS\Panther
2017-03-15 18:38 - 2017-03-27 16:59 - 732555841 _____ C:\WINDOWS\MEMORY.DMP
2017-03-15 18:38 - 2017-03-15 18:38 - 00262076 _____ C:\WINDOWS\Minidump\031517-5625-01.dmp
2017-03-13 22:44 - 2017-02-01 00:41 - 00046462 _____ C:\Users\Steven Chea\Desktop\Hwarang.E14.170131.720p-540p-450p-XViD-WITH-iPOP-BarosG-LIMO-NEXT-CHAOSrel [VIU Version].srt
2017-03-13 22:31 - 2017-01-31 04:05 - 00045622 _____ C:\Users\Steven Chea\Desktop\Hwarang.E13.170130.720p-540p-450p-XViD-WITH-iPOP-BarosG-LIMO-NEXT-CHAOSrel [Viki Version].srt
2017-03-13 12:23 - 2017-03-13 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 4
2017-03-13 12:23 - 2017-03-13 12:23 - 00000000 ____D C:\Program Files (x86)\tamasoftware
2017-03-12 03:14 - 2017-03-12 03:33 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\mkvtoolnix
2017-03-12 03:13 - 2017-03-12 03:13 - 19251378 _____ (Moritz Bunkus) C:\Users\Steven Chea\Downloads\mkvtoolnix-32bit-8.2.0-setup.exe
2017-03-12 03:13 - 2017-03-12 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2017-03-12 03:13 - 2017-03-12 03:13 - 00000000 ____D C:\Program Files (x86)\MKVToolNix
2017-03-12 02:10 - 2017-03-12 03:21 - 00000000 ____D C:\Goblin
2017-03-09 02:39 - 2017-03-09 02:42 - 640371107 _____ C:\Users\Steven Chea\Desktop\Black_Friday_Dark_Dawn_2012_mp4.mp4
2017-02-28 19:34 - 2017-02-28 19:34 - 00084384 _____ C:\WINDOWS\system32\gunbod64.sys
2017-02-28 19:34 - 2017-02-28 19:34 - 00037792 _____ C:\WINDOWS\system32\gunsken64.sys
2017-02-28 19:30 - 2017-02-28 19:30 - 00000126 _____ C:\Users\Steven Chea\AppData\Roaming\Microsoft\Windows\Start Menu\GunboundIS.url
2017-02-28 19:25 - 2017-02-28 19:29 - 624835784 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\GunBound_GIS_S3_151120_Ver1132.exe
2017-02-28 19:24 - 2017-02-28 19:24 - 02660366 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\NyxLauncher_Global_Softnyx_160419_Ver597(1).exe
2017-02-28 19:23 - 2017-02-28 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame
2017-02-28 19:23 - 2017-02-28 19:23 - 00000000 ____D C:\Game
2017-02-28 19:22 - 2017-02-28 19:22 - 02660366 _____ (Softnyx co.,ltd. ) C:\Users\Steven Chea\Downloads\NyxLauncher_Global_Softnyx_160419_Ver597.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-27 18:52 - 2016-09-22 17:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-27 18:51 - 2016-11-15 20:56 - 00000000 ____D C:\Users\Steven Chea\AppData\LocalLow\Mozilla
2017-03-27 18:50 - 2016-10-09 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Messenger for Desktop
2017-03-27 18:50 - 2016-09-22 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-27 18:50 - 2016-09-22 17:31 - 00000000 ____D C:\Users\Steven Chea
2017-03-27 18:50 - 2016-05-25 19:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-27 18:49 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-27 18:44 - 2016-05-25 18:57 - 05013836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-27 18:41 - 2017-02-05 13:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-27 18:17 - 2016-12-21 22:45 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-27 18:06 - 2016-09-22 17:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-27 17:22 - 2016-05-25 19:37 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\vlc
2017-03-27 17:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-03-27 17:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-27 16:59 - 2017-02-22 11:58 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-27 16:58 - 2017-01-11 12:17 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-27 16:57 - 2016-05-25 19:11 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\CrashDumps
2017-03-27 14:27 - 2016-06-20 21:22 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\uTorrent
2017-03-27 10:43 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-27 00:13 - 2016-12-16 19:40 - 10264576 _____ C:\Users\Steven Chea\Desktop\WestVision.accdb
2017-03-26 13:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-24 22:58 - 2016-05-25 18:52 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Packages
2017-03-20 16:02 - 2016-09-22 20:23 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-20 16:02 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-20 16:02 - 2016-05-25 18:58 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-17 20:54 - 2016-09-22 17:41 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2017-03-17 20:54 - 2016-09-22 17:41 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-03-15 19:54 - 2016-09-22 17:41 - 00004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 19:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-15 19:54 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-15 19:16 - 2016-12-27 02:35 - 01966080 _____ C:\Users\Steven Chea\Desktop\ThisIsWhyImBroke.accdb
2017-03-14 20:54 - 2016-12-26 13:02 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-14 19:52 - 2016-05-27 23:19 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\Skype
2017-03-12 14:03 - 2016-10-09 16:51 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\messengerfordesktop
2017-03-12 14:03 - 2016-05-25 19:18 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\SquirrelTemp
2017-03-12 00:21 - 2017-01-22 01:38 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-12-19 20:56 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-12 00:21 - 2016-11-03 19:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-11-03 19:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-12 00:21 - 2016-09-22 17:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-12 00:21 - 2016-05-25 19:02 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\NVIDIA Corporation
2017-03-09 13:00 - 2017-01-17 16:51 - 00000000 ___HD C:\Users\Steven Chea\Desktop\temp
2017-03-09 12:50 - 2016-06-08 16:44 - 00000000 ____D C:\Users\Steven Chea\Desktop\Cali vacay
2017-03-09 12:45 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-09 12:43 - 2016-12-07 14:50 - 00000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite
2017-03-09 12:43 - 2016-09-16 20:51 - 00000000 ____D C:\Program Files (x86)\PdaNet for iPhone
2017-03-09 12:43 - 2016-07-12 18:47 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Razer
2017-03-09 12:43 - 2016-06-11 14:48 - 00000000 ____D C:\ProgramData\Razer
2017-03-09 12:43 - 2016-06-11 14:48 - 00000000 ____D C:\Program Files (x86)\Razer
2017-03-09 12:43 - 2016-05-25 18:54 - 00000000 ___RD C:\Users\Steven Chea\OneDrive
2017-03-08 13:56 - 2016-08-08 21:13 - 00000000 ____D C:\Users\Steven Chea\AppData\Roaming\.minecraft
2017-03-07 15:33 - 2016-09-12 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-06 15:41 - 2016-08-08 21:13 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-03-01 13:25 - 2016-12-07 14:53 - 00000000 ____D C:\Users\Steven Chea\Desktop\New folder
2017-03-01 03:51 - 2016-05-27 17:58 - 00000000 ____D C:\Users\Steven Chea\AppData\Local\Adobe
==================== Files in the root of some directories =======
2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSDevID.fig
2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSIdAndPort.fig
2017-01-24 13:54 - 2017-01-24 13:54 - 0000000 _____ () C:\Users\Steven Chea\AppData\Roaming\RSIpAndPort.fig
2016-09-12 17:53 - 2016-09-12 17:53 - 0000046 _____ () C:\Users\Steven Chea\AppData\Roaming\WB.CFG
2016-05-28 23:00 - 2016-12-22 01:58 - 0007612 _____ () C:\Users\Steven Chea\AppData\Local\Resmon.ResmonCfg
2016-12-29 20:31 - 2016-12-29 20:31 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-19 20:56 - 2017-01-22 01:38 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-19 20:56 - 2017-01-21 02:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-24 13:54 - 2017-01-24 13:54 - 0000281 _____ () C:\ProgramData\RSUserCfg.ini
Some files in TEMP:
====================
2017-03-27 18:17 - 2016-11-11 05:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Steven Chea\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-22 18:35
==================== End of FRST.txt ============================
And Here's the Addition one
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Steven Chea (27-03-2017 18:53:48)
Running from C:\Users\Steven Chea\Desktop
Windows 10 Enterprise Version 1607 (X64) (2016-09-22 22:42:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3213071017-1671608743-4279427535-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3213071017-1671608743-4279427535-503 - Limited - Disabled)
Guest (S-1-5-21-3213071017-1671608743-4279427535-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3213071017-1671608743-4279427535-1003 - Limited - Enabled)
Steven Chea (S-1-5-21-3213071017-1671608743-4279427535-1001 - Administrator - Enabled) => C:\Users\Steven Chea
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
µTorrent (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version: - Hyper Hippo Games)
AdVenture Communist (HKLM\...\Steam App 462930) (Version: - Hyper Hippo Games)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project)
BitTorrent (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version: - Softnyx co.,ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
IntelliJ IDEA 2016.2.3 (HKLM-x32\...\IntelliJ IDEA 2016.2.3) (Version: 162.1812.17 - JetBrains s.r.o.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Lorex_Stratus_Client1 (HKLM-x32\...\{4332B198-445E-4D5C-80D3-D2ABE451EC68}) (Version: 1.1.1186.0 - Lorex)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Messenger for Desktop (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\messengerfordesktop) (Version: 2.0.6 - MessengerForDesktop.com)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MKVToolNix 8.2.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 8.2.0 - Moritz Bunkus)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Firefox 52.0.1 (x86 en-US) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version: - Softnyx co.,ltd.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version: - TamaSoftware)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.0 - SteelSeries ApS)
SwytShop version 1.0 (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\SwytShop_Pkg2_is1) (Version: 1.0 - SwytShop)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters).
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {122A5D81-4E2B-4785-89DF-3E454576D771} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {23F6575D-2708-47C0-B463-266E9A405D0D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {2E64F86F-77C0-41FB-B5B4-572591DE6990} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {32751414-50AC-43F6-85EE-D71FA283C1D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.)
Task: {335608E1-40C5-4BE4-8043-236516818E76} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {379E31C2-0592-4048-AA5D-8AE220E22223} - System32\Tasks\GEN => C:\Users\Steven Chea\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] ( ) <==== ATTENTION
Task: {416BEF49-D756-471C-88EE-C31594EA5878} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {4E01FE42-330E-46F8-BFDA-61230C23290C} - System32\Tasks\{3949E003-6536-4E65-B875-DD31F067164E} => pcalua.exe -a D:\Bung\ILLUSION\RapeLay\StartUpRP.exe -d D:\Bung\ILLUSION\RapeLay
Task: {55C594C5-BDEF-4E94-B63D-9B311743206A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {5A0A5640-2028-4184-9910-9B6B2E97DF38} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {5C5D6F08-AA8A-4D43-93EC-1D6936737974} - System32\Tasks\{640B233F-9C9B-4416-90BA-E6398540217C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {76749205-4724-4C76-8C70-8834699E9A9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
Task: {7C3194DB-50AB-4EF1-878D-5924C8AB92E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation)
Task: {7CF16ABC-2FC3-4731-B75F-AD5A47033DDB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {852BAB62-D28F-4957-98B5-CDB08D4B8249} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {9577D723-BF59-4979-889F-9ABEE5924546} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {C8520048-713F-415C-9963-7D767CCCE751} - System32\Tasks\GEN_Interval => C:\Users\Steven Chea\AppData\Local\Programs\GEN\GEN.exe [2017-02-11] ( ) <==== ATTENTION
Task: {CC21F69A-4B91-48B4-836B-FC836DBC6628} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {E2F42FAB-74E3-45CE-BFB3-7907DDE25EDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.)
Task: {E4EA66ED-45E3-4A49-9D9A-B9799DE82FB6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {EEAA1517-82A5-4FDE-93F9-51EC7F84ED6A} - System32\Tasks\{5FF79B4A-7AEE-4C93-B706-D4EE57448267} => Firefox.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {F6FB1DC5-EB18-4478-A501-34C8C51E2892} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-06 16:24 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
2016-09-22 17:30 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 20:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-03 19:11 - 2017-01-29 08:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 17:42 - 2016-05-17 17:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-27 16:58 - 2017-03-27 16:58 - 00833024 ____N () C:\windows\system32\tprdpw32.exe
2017-01-19 12:31 - 2017-01-19 12:31 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.7.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-09-22 20:27 - 2016-09-22 20:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 12:17 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-23 16:06 - 2017-01-23 16:06 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 16:06 - 2017-01-23 16:06 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 16:06 - 2017-01-23 16:06 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 20:36 - 2016-12-14 20:36 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 13:23 - 2015-03-12 13:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 02:23 - 2014-09-18 02:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 13:23 - 2015-03-12 13:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-01-26 16:25 - 2017-01-26 16:25 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-01-26 16:25 - 2017-01-26 16:25 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-01-23 16:06 - 2017-01-23 16:06 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-11 12:17 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 12:17 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 12:17 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 12:17 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 12:17 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-14 17:32 - 2016-12-08 15:26 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-07-06 16:24 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-03 19:54 - 2017-02-23 13:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-05-25 19:14 - 2017-03-09 19:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-05-25 19:14 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-05-25 19:14 - 2017-03-22 19:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-05-25 19:14 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-05-25 19:14 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-05-25 19:14 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-05-25 19:14 - 2017-03-22 19:52 - 00839456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-25 19:14 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-12 14:03 - 2017-03-12 14:03 - 01943040 _____ () C:\Users\Steven Chea\AppData\Local\messengerfordesktop\app-2.0.6\ffmpeg.dll
2017-03-27 18:50 - 2017-03-27 18:50 - 00402944 _____ () \\?\C:\Users\Steven Chea\AppData\Local\Temp\8368.tmp.node
2017-03-27 18:50 - 2017-03-27 18:50 - 00402944 _____ () \\?\C:\Users\Steven Chea\AppData\Local\Temp\91EF.tmp.node
2016-12-12 22:25 - 2017-01-30 16:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-11-03 19:54 - 2017-02-23 09:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-03 19:54 - 2017-02-23 09:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-03 19:54 - 2017-02-23 09:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 06:04 - 2017-03-27 18:26 - 00002643 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com
There are 6 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven Chea\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Chromium"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E2827BA6-5608-4CE7-8FF5-0D040527045C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{096CBF3F-B30A-4A96-8FCD-D02667AC8E2C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{A9F288CE-FEE1-460A-A2EE-273DA7F6EB12}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{3893BDCE-5F64-4A5A-8C58-2280E3302605}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{C54FF3C6-5422-43D7-86DF-48BD70206B68}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{F4F3B520-BB8F-457B-B88E-7BAC773749E6}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{0BA51AD7-8566-4C35-BC0B-619AAF2AA0EF}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe
FirewallRules: [TCP Query User{BB1C2A68-CAA4-4DC0-9935-64E58CB0AECD}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe
FirewallRules: [UDP Query User{1801B3A7-48E0-467C-84D0-BA7EF0A55603}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe
FirewallRules: [TCP Query User{69D90257-BACB-4899-ADCD-9C7F9877CC6D}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe
FirewallRules: [UDP Query User{8EFB3C65-EF9D-4007-BBCA-6E27C2FCBD7E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E870EA73-66F0-4686-BF87-4085CA62C71A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1623250F-34C9-4E6F-9D64-19F947483741}] => (Allow) LPort=1900
FirewallRules: [{6C13A237-C73A-428D-8E1A-FA681A3594CA}] => (Allow) LPort=2869
FirewallRules: [{DC50FB57-1230-4F73-919D-FE70647EBDFF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D513EB1E-4B49-4BF8-BAC8-CDDF545796C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DC848CC-A61F-49A9-928A-A7D78ECE10AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A9AA1E97-22A9-4049-B507-D85DB7C418CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44DF1CDC-CAB1-449C-A625-D124902EDB5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{5A871F99-9115-49A9-B60E-090FEDE4D4F3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9D58D47B-4908-45C4-BC52-DCBDCF72DDB1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{48CADFBA-6A7F-448A-B676-A94783B0488A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{B4AF18DD-AACE-472F-B6F0-496B07CFFD6A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{B916BA28-B0EE-4B46-AA72-34EB58277A91}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{BB353E42-6B5F-40D3-8C0B-A2D0C833F772}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [UDP Query User{398828E1-A0BC-4CB9-A971-D12416A76A8D}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{028CFAB7-6847-459C-94A0-45779B79BDF1}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{295ADED1-5CBD-47C2-9A72-8C4309AC9303}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{56C0D475-9F71-4CFC-8516-D2BFF5E28E99}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7CEF4964-FF09-48A9-B688-784AB1585760}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8ABA9023-61BC-482B-A12D-E7ACABB71E81}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CC71256-D0E5-4075-830B-F096140AF7AA}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{523110FD-CD3B-4D76-9AB0-1A07E1DFEEB0}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3F2876D-7D92-4306-B23C-4621F9BCAC6A}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAAD2A81-AACC-44F9-85A8-F6A10B644BA7}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBF26463-9B73-4A8A-9959-F596BB3B7A07}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE96B3AD-D06A-454D-A0CE-A2A0B29CFF6F}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9784E7B5-82AB-4019-91FE-833CC36346DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3553408-00C9-47BE-8B3A-CC2DFB9B545E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E8BD3BC1-BC51-4A6E-AD2C-6BE6511A375E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{158ABC15-C86E-4B02-A373-8A935AFAE9F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E91882D2-405E-414C-8CA0-A80E8130CF26}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{B8B7168E-3F64-4C8D-B703-C7767A945ADC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B670DC40-6B03-43D9-B8EF-15B2C0E137C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5FDB6E31-3040-4692-A985-E95BCC346901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{667553CB-DBE0-4C63-AD94-D2174A71EA79}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{71E5654D-712D-451D-8B6B-EEE0F990B5B0}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{9262B26E-2F40-44C5-B647-3848F552393C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED4A1EF2-EFA9-491C-87CC-2F3445B1AA32}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0503AA7C-71D5-4E09-B41B-1D03B8B78212}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5F27E00D-D886-46FB-80DE-01A5FD5EE22F}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F2FFEAA4-FFC2-42AA-A13F-1A162BD615F3}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5B22F88C-10C0-4216-8A3F-707BC9C32C75}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ED2CAA0A-81C7-4033-A2E7-1A6964FC2D43}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{3C387E98-8A27-49BF-95B5-FC9C9953C98F}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{2388E632-808C-486A-9A12-BDA368706E6C}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{2F578165-B712-427E-8E79-E7DA92D18591}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{07EB1274-7DAD-4B0D-9B39-3FAFFF70E0E6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{7FFECC2A-3474-4FF6-B996-062AE1D78763}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D5C12554-0CFB-4B74-815D-373DC901CDC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{55D3F417-AB3A-49EE-9A95-79F5E758EA36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{00F3F7EA-4A57-4F83-8425-83D3551EE18C}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{DBB840B9-E2B9-4DC0-B469-C954A276FE02}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{63B6EF19-E14A-4C75-AF5E-CA787D253905}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{EC0C0FD2-DC5D-4BE3-8E4C-34BAA33D1C27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7E62D573-2726-41A0-A5FC-6BA1EC6BED4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B41D81E3-370C-4DC7-A3F2-3D857A468D16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D73DB824-8CAD-4593-AAD1-1A480C0F9588}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7EF4B51-5247-4224-816C-DCD3D6648BA1}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{F38E0B0C-2C73-4137-9B79-869DED666ACF}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{582B2818-0874-4679-A1BA-4312EB5C7455}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1B5F70E0-E63E-4AEE-B354-D86A01718780}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7E654802-043E-44DB-9FBF-2D43692D9394}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{7ECD1444-5AF1-465A-84FD-A9AA4853D07F}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{925DA4AB-C9BD-4FC6-B9F8-8131B44F1465}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{E12809FA-DF91-446F-A90A-7DE995A18229}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{734A862B-09AE-4BB5-AB7B-E92ADFAA4DFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7E8898F6-E9E0-45C9-BEE1-7E5429AB4E01}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A3CF8D6A-1D39-4F88-B4A5-A4E0A9DFD771}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{02870414-A4DA-4842-90F2-0152EB3004C7}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{14FE8F25-491D-406A-A4E0-D9EE73DA13A0}C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{0B84408B-010B-43A3-ABC8-7579400EA0EE}C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [TCP Query User{37BC56BB-54B2-4CE1-BE0E-D0A6B34F5BC3}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [UDP Query User{DFC9853B-7FD7-44FC-9483-93C309043F03}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [{91BF44C4-6384-4965-A0A3-FE6636AB044A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9A5A168B-2D64-4087-8FDC-3994845D1726}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{30682B61-4798-4ECE-B1C6-27CB083D2D29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{67B129AA-C939-4257-893F-E1F788901EA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D8DECE73-E226-4344-B310-A79956E5778E}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{C96FDABE-3712-45E1-B521-FDBB8B67ABD4}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{0DD4FF85-59D3-4189-A125-126423893F63}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{553F9086-3569-47E0-A968-BC0A888F9E59}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{27BF2B40-BF5B-40C1-8261-8A9876109292}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6E379A04-C4EA-4D8A-8C36-91FFF1846E91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{4B01E1B9-B89A-4528-AC08-8C2A8190FD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe
FirewallRules: [{FB0D1242-9D16-447E-84B9-7BE1CC97A776}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DC76EDD8-A1BA-431A-932F-B85302973CF5}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C3DDC967-2EB2-46E9-A836-716B717B39DC}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{180FF96E-646D-41D2-B0BE-2996E217E184}C:\game\softnyxgame\nyxlauncheris\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncheris\full_downloader.exe
FirewallRules: [UDP Query User{76AE66FC-9688-403C-82E1-5B6EA2909EE8}C:\game\softnyxgame\nyxlauncheris\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncheris\full_downloader.exe
FirewallRules: [TCP Query User{1BD28D4D-56FD-4CD2-B0C7-51B3C576C713}C:\game\softnyxgame\gunboundis\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundis\gunbound.gme
FirewallRules: [UDP Query User{173453BB-C533-46F2-875F-2A4757E8AD1F}C:\game\softnyxgame\gunboundis\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundis\gunbound.gme
FirewallRules: [{27AE6497-FBD6-4567-8A8B-FF02B0C5C424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{65996790-B3E6-4717-B11C-3BE92EDB6594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
==================== Restore Points =========================
09-03-2017 12:42:47 Removed Razer Synapse.
18-03-2017 20:06:11 Scheduled Checkpoint
20-03-2017 16:02:04 Microsoft Build Tools 2015
==================== Faulty Device Manager Devices =============
Name: Logitech Gaming Virtual Keyboard
Description: Logitech Gaming Virtual Keyboard
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: LGVirHid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Gaming Virtual Mouse
Description: Logitech Gaming Virtual Mouse
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: LGVirHid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2017 06:41:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/27/2017 06:38:07 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unexpected exception thrown from the provider:
System.Exception: This service cannot be started in Safe Mode
This service cannot be started in Safe Mode
at Windows.Management.Deployment.PackageManager.FindPackagesForUser(String userSecurityId, String packageFamilyName)
at Microsoft.Uev.ManagedAgentWmi.WinRT.BaseHelpers.IsInstalled(String packageFamilyName)
at Microsoft.Uev.ManagedAgentWmi.WinRT.Windows8AppListWinRt.GetConfiguredList(Boolean isUserList)
at Microsoft.Uev.ManagedAgentWmi.MachineConfiguredWindows8App.EnumerateAppPackages()
Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)
Error: (03/27/2017 06:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: NetEventPacketCapture.dll, version: 10.0.14393.206, time stamp: 0x57dacea5
Exception code: 0xc0000005
Fault offset: 0x00000000000160d3
Faulting process id: 0xd30
Faulting application start time: 0x01d2a752f785b54f
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\system32\wbem\NetEventPacketCapture.dll
Report Id: e5a4fc27-79b5-4685-8fc9-29fdd6507844
Faulting package full name:
Faulting package-relative application ID:
Error: (03/27/2017 06:00:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/27/2017 05:46:25 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (03/27/2017 05:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.Getstarted_4.4.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/27/2017 05:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-376LSG8)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/27/2017 05:01:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Steven Chea\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/27/2017 05:01:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (03/27/2017 04:57:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sam__9286_il5df78.exe, version: 0.0.0.0, time stamp: 0x58d4e4e7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0368c073
Faulting process id: 0x1ddc
Faulting application start time: 0x01d2a7451a7d7b2f
Faulting application path: C:\Users\STEVEN~1\AppData\Local\Temp\is-6E063.tmp\sam__9286_il5df78.exe
Faulting module path: unknown
Report Id: f4283153-39c6-4d8f-85aa-84aa37252bdb
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/27/2017 06:52:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/27/2017 06:52:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect.
Error: (03/27/2017 06:50:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup service failed to start due to the following error:
The system cannot find the file specified.
Error: (03/27/2017 06:49:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/27/2017 06:49:55 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (03/27/2017 06:49:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (03/27/2017 06:49:45 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (03/27/2017 06:49:44 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/27/2017 06:45:38 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (03/27/2017 06:45:30 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-376LSG8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
CodeIntegrity:
===================================
Date: 2017-03-27 17:27:00.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.725
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.715
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.714
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunsken.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.684
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.668
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-27 17:27:00.665
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Game\SoftnyxGame\GunboundIS\avital\gunbod.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-08 13:35:33.302
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-02-08 13:35:07.862
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8090.14 MB
Available physical RAM: 5594.75 MB
Total Virtual: 9370.14 MB
Available Virtual: 6505.01 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.03 GB) (Free:48.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Games) (Fixed) (Total:111.79 GB) (Free:50.71 GB) NTFS
Drive e: () (Fixed) (Total:465.75 GB) (Free:54.4 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FC14FC0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0C707888)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E0FA6720)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
Sign In
Create Account
