Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by Ryan (2016-07-06 06:18:05) Running from C:\Users\Ryan\Desktop Windows 10 Home Version 1511 (X64) (2015-12-18 08:54:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4145517564-965246637-432244123-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4145517564-965246637-432244123-503 - Limited - Disabled) Guest (S-1-5-21-4145517564-965246637-432244123-501 - Limited - Disabled) Ryan (S-1-5-21-4145517564-965246637-432244123-1001 - Administrator - Enabled) => C:\Users\Ryan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov) 7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-4145517564-965246637-432244123-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS) ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.1 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.29 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS) Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC) BitTorrent (HKU\S-1-5-21-4145517564-965246637-432244123-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.) Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.) ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.) EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.) EPSON WF-2660 Series Printer Uninstall (HKLM\...\EPSON WF-2660 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION) FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation) iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.) Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog) LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden LeapFrog Tag Junior Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62613.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62613.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Navy Field 2 : Conqueror of the Ocean (HKLM-x32\...\Steam App 338540) (Version: - SDEnterNet) NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21260 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.96.5684 - Electronic Arts) SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION) SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts) Spotify (HKU\S-1-5-21-4145517564-965246637-432244123-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.20.60.1020 - Electronic Arts Inc.) Total War Battles: KINGDOM (HKLM-x32\...\Steam App 300080) (Version: - Creative Assembly) Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly) Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation) Windows Driver Package - ASUS (ATP) Mouse (10/30/2014 1.0.0.230) (HKLM\...\52EDDD14D2DC9D32A2EA2720C02CBB9E354F8DE2) (Version: 10/30/2014 1.0.0.230 - ASUS) Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS) Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4145517564-965246637-432244123-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ryan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10000A93-1652-43EC-A226-E06FA1C6639C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {1161EA67-91EB-431B-A947-2A733AF4936C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-05] (Google Inc.) Task: {28964A49-39E1-4E3E-9B93-D98E679564E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {2DB0FE7B-EC79-4278-94D7-BAFE8316DDB8} - System32\Tasks\EPSON WF-2660 Series Update {687E0129-DC55-4F67-96FF-99E5A30ADFD4} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {30196D9E-C9F5-4146-83CD-E46BCFE781A9} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-11-05] (ASUS) Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.) Task: {35BFCFA3-07D4-4FE4-A05C-66761E4846A2} - System32\Tasks\EPSON WF-2660 Series Update {D4D95767-7953-4B04-BCE8-81B9CF713467} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {3887709A-311D-4F8A-A892-7BB8E44079D3} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor) Task: {393E9F84-73D2-418A-B491-7D2EBC879EE7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation) Task: {3DADDC5E-F47E-481C-87E1-5D3BA79756A0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek) Task: {42464140-F501-4A02-B424-A9C37CD1F5C5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-16] (Microsoft Corporation) Task: {4DC71EDA-894A-4A37-8537-AFC0438A5474} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation) Task: {777DA30A-C3EF-40E8-BD4D-ABA78962E39C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-05] (Google Inc.) Task: {7B506F3C-FBE6-469C-AA53-4E94382C28B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation) Task: {AE0ECE24-0550-4622-A3E2-FD1BDB3E1112} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.) Task: {B4F8D832-A786-47D0-8E6F-8A7AD0CF0DA8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-12-17] (ASUSTek Computer Inc.) Task: {EB61370F-031E-44C1-AD3F-2843CA47F6CA} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor) Task: {ECBBBB7E-BEB4-4736-80E6-135EE98D8F47} - System32\Tasks\EPSON WF-2660 Series Update {4B3071C1-DE89-4A55-B9B3-C81F377FA3AE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {F5B9E446-5E3F-4071-B4A1-B592123F6956} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated) Task: {FD89F90D-B8C4-4B63-9884-030D1D6C6EBB} - System32\Tasks\EPSON WF-2660 Series Update {09E8CE61-0B4A-4C54-B8C2-9CA04909B29A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.lnk -> C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmjkmjkepdijhoojdojkdfohbdgmmhki\Google Keep - notes and lists.ico () -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-18 04:45 - 2016-06-02 23:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-04-16 12:13 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-16 12:13 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-04-16 12:13 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-04-16 12:13 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-04-16 12:13 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-04-16 12:13 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-04-16 12:13 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-16 12:13 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-04-13 20:00 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-16 12:13 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-04-16 12:13 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-04-13 20:00 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-06-15 07:34 - 2016-06-15 07:34 - 00959168 _____ () C:\Users\Ryan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-16 09:26 - 2016-06-16 09:26 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-06-14 20:58 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-19 05:41 - 2016-04-19 05:41 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-18 16:56 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-11 16:56 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-18 00:35 - 2015-07-30 18:13 - 00405432 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-06-14 20:59 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-14 20:58 - 2016-05-27 23:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-06-14 20:59 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-14 20:59 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-08-20 01:14 - 2014-08-20 01:14 - 00063296 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe 2015-02-27 04:42 - 2013-05-15 18:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe 2016-04-29 21:31 - 2016-04-29 21:32 - 00051200 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2014-11-05 16:44 - 2014-11-05 16:44 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-11-05 16:44 - 2014-11-05 16:44 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2016-04-19 05:41 - 2016-04-19 05:41 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 05:41 - 2016-04-19 05:41 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-04-16 12:13 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2014-11-24 11:46 - 2014-11-24 11:46 - 00879104 _____ () D:\LeapFrog Connect\platforms\qwindows.dll 2014-09-03 15:03 - 2014-09-03 15:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-4145517564-965246637-432244123-1001\Software\Classes\.scr: AutoCADScriptFile => ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4145517564-965246637-432244123-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{2f793d5a-aef9-4338-8f5b-7d8b3e1f5feb}.jpg DNS Servers: 75.75.75.75 - 76.76.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKU\S-1-5-21-4145517564-965246637-432244123-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-4145517564-965246637-432244123-1001\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{25D705B5-B5EC-4473-9BD7-92E1FAF194AB}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{AA04731E-EFD6-4996-B465-32AFDFD4220F}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EBDC2BF6-45D5-48AA-85FD-5C45DD2D8064}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{A27EF31F-C05A-416E-97E6-BC72B3849C63}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{5E05501F-13B9-4C18-A617-AF1CC959A3D6}] => (Allow) D:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe FirewallRules: [{1540B258-3AE1-4D84-8720-95720991E2D4}] => (Allow) D:\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe FirewallRules: [UDP Query User{678B72C9-64D3-43C6-9591-16521F6933D0}D:\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\steam\steamapps\common\total war attila\attila.exe FirewallRules: [TCP Query User{F240E80D-0FE1-453F-B19E-A0DB459061B5}D:\steam\steamapps\common\total war attila\attila.exe] => (Allow) D:\steam\steamapps\common\total war attila\attila.exe FirewallRules: [{AB125A22-4D94-4215-AA8C-D43B0B41BB48}] => (Allow) D:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe FirewallRules: [{2588EC44-FBBB-4652-81E3-9BFC47307CD5}] => (Allow) D:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe FirewallRules: [{E3C5F066-0A1E-4CFE-8F6D-17A768BE08AC}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{4AD31766-C14D-4D0A-BFD8-30D59CFC69C9}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{2E29FC49-37E3-4880-A1F7-23779B6ED079}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{479D33DA-1C27-446E-85E7-8F09828C84EB}] => (Allow) D:\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe FirewallRules: [{BA30A196-3BB5-41C3-9CB0-59ACAACF72AF}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{D6F2305A-870E-4758-94AF-CD3BEF7BA811}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{564A4039-5CE5-402F-8AD0-C0C53DDC38B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{07FE999F-9CE2-487B-ABBF-0026FC86F5C6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{98781063-1DE1-43C0-8AAF-83796A03FEDD}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{2F0BC204-C278-43B3-A7EE-51C35C7761DD}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{1DBBE0B2-B2AF-4A2C-A2C4-0AEA8AB80576}] => (Allow) D:\Steam\bin\steamwebhelper.exe FirewallRules: [{26FA9203-5B64-4B62-B8F2-C4763F394D5C}] => (Allow) D:\Steam\bin\steamwebhelper.exe FirewallRules: [{4DA4B0AB-4BC9-47D2-A428-9FCAE2394437}] => (Allow) C:\Users\Ryan\Games\steamapps\common\Kerbal Space Program\KSP.exe FirewallRules: [{DEED3E6B-D25D-493E-8727-CD1A65D22983}] => (Allow) C:\Users\Ryan\Games\steamapps\common\Kerbal Space Program\KSP.exe FirewallRules: [{66FFFA2F-897E-4668-9B84-F6A22B6D815B}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{1F06F547-E988-495F-802C-BECABFFA6254}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{075F33F2-E5B1-40B7-ABE5-C94855FAF2BE}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe FirewallRules: [{4C42BD38-F5D6-467C-B543-5F042E73A199}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe FirewallRules: [{7BEA6908-FC07-4949-95DE-9A175FDE2BCB}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe FirewallRules: [{56BD4BFF-D159-4646-B12E-4FF70EC88DA8}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe FirewallRules: [{7436BB96-F6DB-47A0-82D5-9ABA4A0B52E5}] => (Allow) D:\Steam\steamapps\common\Navy Field 2 Conqueror of the Ocean\NF2_Launcher.exe FirewallRules: [{FB93EC93-71F4-4541-9D34-68C097762002}] => (Allow) D:\Steam\steamapps\common\Navy Field 2 Conqueror of the Ocean\NF2_Launcher.exe FirewallRules: [{87E1A49E-56E1-4460-863C-DED58CC8A603}] => (Allow) D:\Steam\steamapps\common\Total War Battles KINGDOM\TWB_Kingdom.exe FirewallRules: [{0CE89FA2-0346-4B36-B80F-B9C9F5875093}] => (Allow) D:\Steam\steamapps\common\Total War Battles KINGDOM\TWB_Kingdom.exe FirewallRules: [{B8EF9F1A-6362-4B07-A7F9-73408B47F25B}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{1584D2B8-7542-4CF4-BC66-4DFA4F683C94}] => (Allow) D:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{F9146EF0-9E81-488F-A043-3A9ADC29997D}] => (Allow) C:\Users\Ryan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{DDA6905C-7804-4DCE-8BF5-44B8CEB4F7FA}] => (Allow) C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{4656EAE7-7821-434B-A017-E9ED78596A69}] => (Allow) C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{93B11D1A-2077-4595-9D2B-5FD0D811CC1C}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{58EEF3DB-8CAF-4F5A-95FA-5E1BFB64A3AE}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe FirewallRules: [{CBE2F28F-A58B-4DC4-8AF1-EB86C36FF9BB}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{62B1FF01-7B83-4D17-BCC2-3B9EFDB5433D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{D24A5C3E-977B-4F2E-B95C-2CFE37D32720}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{20EA9053-645D-42A9-9D5C-FB10F570E6C3}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{5A1C4CC2-C433-4DE3-B146-BA11070167A5}] => (Allow) D:\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{06009AFC-82AB-4888-83C6-F7D185FFCA75}] => (Allow) D:\Steam\steamapps\common\FSX\fsx.exe FirewallRules: [{E7B46F98-5742-4DDC-B81A-E9C2B25FB02C}] => (Allow) D:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe FirewallRules: [{D687C27B-6601-45A5-86A8-9CEAF632B89D}] => (Allow) D:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe FirewallRules: [{81D3813E-8356-46C3-9376-EB608083ED22}] => (Allow) LPort=5556 FirewallRules: [{87C785C6-9B95-4EB1-B4FE-59EB0DF5F803}] => (Allow) LPort=5558 FirewallRules: [{F6C76B26-2D58-4768-A08D-165753704406}] => (Allow) D:\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{25810628-5275-4DF0-BCC7-03D5240E4604}] => (Allow) D:\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [TCP Query User{FE21B207-1045-4AE3-B0F9-94F5F4893A94}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{6F1239F6-E79B-45BD-A8C0-01F6B5C36A53}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{DEBF2145-F280-4C68-B483-CDCA47A116FF}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{DAD01242-21A5-48D8-B5D2-78682E8EE10F}C:\users\ryan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ryan\appdata\local\akamai\netsession_win.exe FirewallRules: [{A5DCC62B-4A92-4E46-906C-F30D86623479}] => (Allow) D:\LeapFrog Connect\LeapfrogConnect.exe FirewallRules: [{DE7D0785-A240-44A8-8BC7-30F433ECDB6B}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\Cities.exe FirewallRules: [{5DB3BFE5-5CC0-410A-80AA-80A694446746}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\Cities.exe FirewallRules: [TCP Query User{4127EFDD-E7E6-4D71-82D2-DA861CAE0301}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [UDP Query User{59A39E35-7703-4870-8BFC-6C7D97D0A66B}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [TCP Query User{4503EEA3-B4E0-4101-AC36-3D2AC05D5047}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [UDP Query User{800D8BEE-D5F0-4EF1-943D-E6DF05DAF19C}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [{67D198F0-EFB4-48B8-BA29-B6713FD326CA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{4C24752C-CB7D-4746-A9BA-DF72B1BA3772}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3BC9F113-6568-4C6C-9492-2B6E324DDED1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D429532F-129E-4926-852A-0613EDBD8FCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6181695B-7471-4E30-84E2-892AA9D5323E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{BD686DCB-E2AB-4A79-83BA-A88C447404C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{75743EFF-7038-44E8-B2DC-85CA221CD05F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{8027E660-9A28-4A01-8E33-0C02DFC694A7}] => (Allow) C:\Users\Ryan\Games\steamapps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{3AE30FF0-8315-47B6-A9DF-EF1D4C62B09F}] => (Allow) C:\Users\Ryan\Games\steamapps\common\Kerbal Space Program\KSP_x64.exe FirewallRules: [{ECFADA06-D798-4CAE-8FA3-4A0203D3B143}] => (Allow) D:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe FirewallRules: [{44710310-12F2-434B-B176-9B248424A6EF}] => (Allow) D:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe FirewallRules: [TCP Query User{9A8D988D-7845-4F38-9978-46AA9E600BB8}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{42373A39-FF1A-45DB-8CBF-84D2AC0D18BA}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{18F2F040-30F7-4333-9184-C31673A19006}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C49DAC5F-4915-43B5-9620-4A854A1B41B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8F30F24D-7511-475F-88CB-434BE70B9946}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E703D223-F934-4A78-AFBB-1928A538B1ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{06ECDC0D-050F-4E15-95F4-0688EDDFD68F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{03E5A264-8024-47F1-A9C2-2A3F413136EC}] => (Allow) D:\Music\iTunes.exe FirewallRules: [{892CCB87-FD03-44AC-B004-18638469DEEA}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [{06466D7D-DB44-4059-A846-CE7BEA206D92}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [TCP Query User{81EB81DB-ED81-418A-B0C7-3623F49B6006}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{87BFF8BD-ABAE-4795-8B6B-6DD246A8D4E8}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe FirewallRules: [{2C45CEF4-D9A2-4794-9740-9A48A27D8C96}] => (Allow) D:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe FirewallRules: [{09693160-FFE3-4D8F-A7AD-F961093D8A8E}] => (Allow) D:\Steam\steamapps\common\Total War Attila\launcher\launcher.exe FirewallRules: [{FD4136F3-C9E8-4A6F-801E-A9D9993C0830}] => (Allow) D:\Steam\steamapps\common\Banished\Application-steam-x64.exe FirewallRules: [{AC811C88-1E7E-4BB5-BBA5-F80C7C34B802}] => (Allow) D:\Steam\steamapps\common\Banished\Application-steam-x64.exe FirewallRules: [TCP Query User{ACAE66C3-110A-4B9E-A90C-5FB1F4DB796F}D:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\steam\steamapps\common\total war rome ii\rome2.exe FirewallRules: [UDP Query User{F7E8AA4F-8733-4FD1-AA13-993A355A210F}D:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) D:\steam\steamapps\common\total war rome ii\rome2.exe FirewallRules: [{748A43BC-DDC8-476A-B308-D58C29B4C59F}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{A59BC1D0-0B5F-45B3-8DF1-DD971B5A943F}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{26B765F3-77FE-4F89-90FB-A99848DACDA4}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{2E7E1699-9AC0-4671-AE3E-9E152F5C4D46}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{C2738A5A-77C4-4235-BF07-EF431458774C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/06/2016 06:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_2a5a6a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/06/2016 06:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_2a5a6a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/06/2016 06:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_2a5a6a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/06/2016 06:15:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_2a5a6a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/06/2016 06:15:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2016-07-06 06:18:07.290 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-06 06:18:07.279 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-06 06:14:58.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-06 06:14:58.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-06 06:13:06.122 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-06 06:13:06.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz Percentage of memory in use: 14% Total physical RAM: 16273.04 MB Available physical RAM: 13960.7 MB Total Virtual: 18705.04 MB Available Virtual: 16513.3 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:118.25 GB) (Free:43.97 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data1) (Fixed) (Total:465.75 GB) (Free:71.03 GB) NTFS Drive e: (Data2) (Fixed) (Total:465.76 GB) (Free:465.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 215D8324) Partition: GPT. ======================================================== Disk: 1 (Size: 119.2 GB) (Disk ID: AE6C2B34) Partition: GPT. ==================== End of Addition.txt ============================