Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Steven Chea (28-03-2017 15:47:57) Running from C:\Users\Steven Chea\Desktop Windows 10 Enterprise Version 1607 (X64) (2016-09-22 22:42:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3213071017-1671608743-4279427535-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3213071017-1671608743-4279427535-503 - Limited - Disabled) Guest (S-1-5-21-3213071017-1671608743-4279427535-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3213071017-1671608743-4279427535-1003 - Limited - Enabled) Steven Chea (S-1-5-21-3213071017-1671608743-4279427535-1001 - Administrator - Enabled) => C:\Users\Steven Chea ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) µTorrent (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) AdVenture Capitalist (HKLM\...\Steam App 346900) (Version: - Hyper Hippo Games) AdVenture Communist (HKLM\...\Steam App 462930) (Version: - Hyper Hippo Games) Ansel (Version: 375.70 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts) Bitcoin Core (64-bit) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Bitcoin Core (64-bit)) (Version: 0.12.1 - Bitcoin Core project) BitTorrent (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine) Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Discord (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Epic Games Launcher (HKLM-x32\...\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}) (Version: 1.1.78.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version: - Softnyx co.,ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) IntelliJ IDEA 2016.2.3 (HKLM-x32\...\IntelliJ IDEA 2016.2.3) (Version: 162.1812.17 - JetBrains s.r.o.) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.) Lorex_Stratus_Client1 (HKLM-x32\...\{4332B198-445E-4D5C-80D3-D2ABE451EC68}) (Version: 1.1.1186.0 - Lorex) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Messenger for Desktop (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\messengerfordesktop) (Version: 2.0.6 - MessengerForDesktop.com) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation) Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MKVToolNix 8.2.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 8.2.0 - Moritz Bunkus) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Firefox 52.0.1 (x86 en-US) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation) NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation) NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version: - Softnyx co.,ltd.) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project) Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC) PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Pepakura Designer 4 (HKLM-x32\...\pepakura_designer4en) (Version: - TamaSoftware) Python 3.5.2 (32-bit) (HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation) Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation) Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse) Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus) SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine 3.8.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.0 - SteelSeries ApS) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters). CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters). CustomCLSID: HKU\S-1-5-21-3213071017-1671608743-4279427535-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Steven Chea\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No (the data entry has 5 more characters). ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {122A5D81-4E2B-4785-89DF-3E454576D771} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated) Task: {23F6575D-2708-47C0-B463-266E9A405D0D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation) Task: {2E64F86F-77C0-41FB-B5B4-572591DE6990} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated) Task: {32751414-50AC-43F6-85EE-D71FA283C1D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.) Task: {335608E1-40C5-4BE4-8043-236516818E76} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation) Task: {416BEF49-D756-471C-88EE-C31594EA5878} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation) Task: {55C594C5-BDEF-4E94-B63D-9B311743206A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation) Task: {5A0A5640-2028-4184-9910-9B6B2E97DF38} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation) Task: {5C5D6F08-AA8A-4D43-93EC-1D6936737974} - \{640B233F-9C9B-4416-90BA-E6398540217C} -> No File <==== ATTENTION Task: {76749205-4724-4C76-8C70-8834699E9A9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation) Task: {7C3194DB-50AB-4EF1-878D-5924C8AB92E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation) Task: {7CF16ABC-2FC3-4731-B75F-AD5A47033DDB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation) Task: {852BAB62-D28F-4957-98B5-CDB08D4B8249} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {9577D723-BF59-4979-889F-9ABEE5924546} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {CC21F69A-4B91-48B4-836B-FC836DBC6628} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation) Task: {E2F42FAB-74E3-45CE-BFB3-7907DDE25EDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-09] (Google Inc.) Task: {E4EA66ED-45E3-4A49-9D9A-B9799DE82FB6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation) Task: {EEAA1517-82A5-4FDE-93F9-51EC7F84ED6A} - \{5FF79B4A-7AEE-4C93-B706-D4EE57448267} -> No File <==== ATTENTION Task: {F6FB1DC5-EB18-4478-A501-34C8C51E2892} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-13 20:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-03 19:54 - 2017-02-23 13:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-11-03 19:54 - 2017-02-23 13:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-07-06 16:24 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe 2016-09-22 17:30 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-13 20:01 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-03 19:11 - 2017-01-29 08:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-05-17 17:42 - 2016-05-17 17:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-01-11 12:17 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 12:17 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 12:17 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 12:17 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 12:17 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-22 20:27 - 2016-09-22 20:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 12:17 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2014-09-18 02:23 - 2014-09-18 02:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2015-03-12 13:23 - 2015-03-12 13:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2014-09-18 02:23 - 2014-09-18 02:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2015-03-12 13:23 - 2015-03-12 13:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2016-11-14 17:32 - 2016-12-08 15:26 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2016-11-03 19:54 - 2017-02-23 13:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-11-03 19:54 - 2017-02-23 13:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-11-03 19:54 - 2017-02-23 13:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VSS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\w32time => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WUAUSERV => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 06:04 - 2017-03-27 18:26 - 00002643 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 choice.microsoft.com 0.0.0.0 choice.microsoft.com.nstac.net 0.0.0.0 df.telemetry.microsoft.com 0.0.0.0 oca.telemetry.microsoft.com 0.0.0.0 oca.telemetry.microsoft.com.nsatc.net 0.0.0.0 redir.metaservices.microsoft.com 0.0.0.0 reports.wes.df.telemetry.microsoft.com 0.0.0.0 services.wes.df.telemetry.microsoft.com 0.0.0.0 settings-sandbox.data.microsoft.com 0.0.0.0 settings-win.data.microsoft.com 0.0.0.0 sqm.df.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 0.0.0.0 telecommand.telemetry.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 0.0.0.0 telemetry.appex.bing.net 0.0.0.0 telemetry.microsoft.com 0.0.0.0 telemetry.urs.microsoft.com 0.0.0.0 vortex-sandbox.data.microsoft.com 0.0.0.0 vortex-win.data.microsoft.com 0.0.0.0 vortex.data.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 0.0.0.0 watson.ppe.telemetry.microsoft.com 0.0.0.0 wes.df.telemetry.microsoft.com 0.0.0.0 vortex-bn2.metron.live.com.nsatc.net 0.0.0.0 vortex-cy2.metron.live.com.nsatc.net 0.0.0.0 watson.live.com 0.0.0.0 watson.microsoft.com 0.0.0.0 feedback.search.microsoft.com There are 6 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven Chea\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Battle.net" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-3213071017-1671608743-4279427535-1001\...\StartupApproved\Run: => "Chromium" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{E2827BA6-5608-4CE7-8FF5-0D040527045C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [TCP Query User{096CBF3F-B30A-4A96-8FCD-D02667AC8E2C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{A9F288CE-FEE1-460A-A2EE-273DA7F6EB12}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{3893BDCE-5F64-4A5A-8C58-2280E3302605}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{C54FF3C6-5422-43D7-86DF-48BD70206B68}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe FirewallRules: [TCP Query User{F4F3B520-BB8F-457B-B88E-7BAC773749E6}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe FirewallRules: [UDP Query User{0BA51AD7-8566-4C35-BC0B-619AAF2AA0EF}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe FirewallRules: [TCP Query User{BB1C2A68-CAA4-4DC0-9935-64E58CB0AECD}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\bin\idea.exe FirewallRules: [UDP Query User{1801B3A7-48E0-467C-84D0-BA7EF0A55603}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe FirewallRules: [TCP Query User{69D90257-BACB-4899-ADCD-9C7F9877CC6D}C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2.3\jre\jre\bin\java.exe FirewallRules: [UDP Query User{8EFB3C65-EF9D-4007-BBCA-6E27C2FCBD7E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{E870EA73-66F0-4686-BF87-4085CA62C71A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{1623250F-34C9-4E6F-9D64-19F947483741}] => (Allow) LPort=1900 FirewallRules: [{6C13A237-C73A-428D-8E1A-FA681A3594CA}] => (Allow) LPort=2869 FirewallRules: [{DC50FB57-1230-4F73-919D-FE70647EBDFF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D513EB1E-4B49-4BF8-BAC8-CDDF545796C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5DC848CC-A61F-49A9-928A-A7D78ECE10AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A9AA1E97-22A9-4049-B507-D85DB7C418CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{44DF1CDC-CAB1-449C-A625-D124902EDB5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{5A871F99-9115-49A9-B60E-090FEDE4D4F3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{9D58D47B-4908-45C4-BC52-DCBDCF72DDB1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{48CADFBA-6A7F-448A-B676-A94783B0488A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe FirewallRules: [{B4AF18DD-AACE-472F-B6F0-496B07CFFD6A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe FirewallRules: [{B916BA28-B0EE-4B46-AA72-34EB58277A91}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{BB353E42-6B5F-40D3-8C0B-A2D0C833F772}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [UDP Query User{398828E1-A0BC-4CB9-A971-D12416A76A8D}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [TCP Query User{028CFAB7-6847-459C-94A0-45779B79BDF1}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [{295ADED1-5CBD-47C2-9A72-8C4309AC9303}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{56C0D475-9F71-4CFC-8516-D2BFF5E28E99}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{7CEF4964-FF09-48A9-B688-784AB1585760}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8ABA9023-61BC-482B-A12D-E7ACABB71E81}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6CC71256-D0E5-4075-830B-F096140AF7AA}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{523110FD-CD3B-4D76-9AB0-1A07E1DFEEB0}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D3F2876D-7D92-4306-B23C-4621F9BCAC6A}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EAAD2A81-AACC-44F9-85A8-F6A10B644BA7}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FBF26463-9B73-4A8A-9959-F596BB3B7A07}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EE96B3AD-D06A-454D-A0CE-A2A0B29CFF6F}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9784E7B5-82AB-4019-91FE-833CC36346DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F3553408-00C9-47BE-8B3A-CC2DFB9B545E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E8BD3BC1-BC51-4A6E-AD2C-6BE6511A375E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{158ABC15-C86E-4B02-A373-8A935AFAE9F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{E91882D2-405E-414C-8CA0-A80E8130CF26}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{B8B7168E-3F64-4C8D-B703-C7767A945ADC}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{B670DC40-6B03-43D9-B8EF-15B2C0E137C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{5FDB6E31-3040-4692-A985-E95BCC346901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{667553CB-DBE0-4C63-AD94-D2174A71EA79}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{71E5654D-712D-451D-8B6B-EEE0F990B5B0}D:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) D:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [{9262B26E-2F40-44C5-B647-3848F552393C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{ED4A1EF2-EFA9-491C-87CC-2F3445B1AA32}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{0503AA7C-71D5-4E09-B41B-1D03B8B78212}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{5F27E00D-D886-46FB-80DE-01A5FD5EE22F}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{F2FFEAA4-FFC2-42AA-A13F-1A162BD615F3}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{5B22F88C-10C0-4216-8A3F-707BC9C32C75}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{ED2CAA0A-81C7-4033-A2E7-1A6964FC2D43}] => (Allow) C:\Users\Steven Chea\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{3C387E98-8A27-49BF-95B5-FC9C9953C98F}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{2388E632-808C-486A-9A12-BDA368706E6C}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{2F578165-B712-427E-8E79-E7DA92D18591}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{07EB1274-7DAD-4B0D-9B39-3FAFFF70E0E6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{7FFECC2A-3474-4FF6-B996-062AE1D78763}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{D5C12554-0CFB-4B74-815D-373DC901CDC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{55D3F417-AB3A-49EE-9A95-79F5E758EA36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [TCP Query User{00F3F7EA-4A57-4F83-8425-83D3551EE18C}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [UDP Query User{DBB840B9-E2B9-4DC0-B469-C954A276FE02}C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe FirewallRules: [{63B6EF19-E14A-4C75-AF5E-CA787D253905}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{EC0C0FD2-DC5D-4BE3-8E4C-34BAA33D1C27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{7E62D573-2726-41A0-A5FC-6BA1EC6BED4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{B41D81E3-370C-4DC7-A3F2-3D857A468D16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D73DB824-8CAD-4593-AAD1-1A480C0F9588}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D7EF4B51-5247-4224-816C-DCD3D6648BA1}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{F38E0B0C-2C73-4137-9B79-869DED666ACF}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{582B2818-0874-4679-A1BA-4312EB5C7455}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1B5F70E0-E63E-4AEE-B354-D86A01718780}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7E654802-043E-44DB-9FBF-2D43692D9394}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe FirewallRules: [{7ECD1444-5AF1-465A-84FD-A9AA4853D07F}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe FirewallRules: [{925DA4AB-C9BD-4FC6-B9F8-8131B44F1465}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe FirewallRules: [{E12809FA-DF91-446F-A90A-7DE995A18229}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe FirewallRules: [{734A862B-09AE-4BB5-AB7B-E92ADFAA4DFC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7E8898F6-E9E0-45C9-BEE1-7E5429AB4E01}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{A3CF8D6A-1D39-4F88-B4A5-A4E0A9DFD771}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{02870414-A4DA-4842-90F2-0152EB3004C7}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\insurgency2\insurgency.exe FirewallRules: [TCP Query User{14FE8F25-491D-406A-A4E0-D9EE73DA13A0}C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe FirewallRules: [UDP Query User{0B84408B-010B-43A3-ABC8-7579400EA0EE}C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\steven chea\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe FirewallRules: [TCP Query User{37BC56BB-54B2-4CE1-BE0E-D0A6B34F5BC3}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe FirewallRules: [UDP Query User{DFC9853B-7FD7-44FC-9483-93C309043F03}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe FirewallRules: [{91BF44C4-6384-4965-A0A3-FE6636AB044A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9A5A168B-2D64-4087-8FDC-3994845D1726}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{30682B61-4798-4ECE-B1C6-27CB083D2D29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{67B129AA-C939-4257-893F-E1F788901EA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D8DECE73-E226-4344-B310-A79956E5778E}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{C96FDABE-3712-45E1-B521-FDBB8B67ABD4}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{0DD4FF85-59D3-4189-A125-126423893F63}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{553F9086-3569-47E0-A968-BC0A888F9E59}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe FirewallRules: [{27BF2B40-BF5B-40C1-8261-8A9876109292}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6E379A04-C4EA-4D8A-8C36-91FFF1846E91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe FirewallRules: [{4B01E1B9-B89A-4528-AC08-8C2A8190FD60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Communist\adventure-communist.exe FirewallRules: [{FB0D1242-9D16-447E-84B9-7BE1CC97A776}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{DC76EDD8-A1BA-431A-932F-B85302973CF5}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{C3DDC967-2EB2-46E9-A836-716B717B39DC}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [TCP Query User{180FF96E-646D-41D2-B0BE-2996E217E184}C:\game\softnyxgame\nyxlauncheris\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncheris\full_downloader.exe FirewallRules: [UDP Query User{76AE66FC-9688-403C-82E1-5B6EA2909EE8}C:\game\softnyxgame\nyxlauncheris\full_downloader.exe] => (Allow) C:\game\softnyxgame\nyxlauncheris\full_downloader.exe FirewallRules: [TCP Query User{1BD28D4D-56FD-4CD2-B0C7-51B3C576C713}C:\game\softnyxgame\gunboundis\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundis\gunbound.gme FirewallRules: [UDP Query User{173453BB-C533-46F2-875F-2A4757E8AD1F}C:\game\softnyxgame\gunboundis\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundis\gunbound.gme FirewallRules: [{27AE6497-FBD6-4567-8A8B-FF02B0C5C424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{65996790-B3E6-4717-B11C-3BE92EDB6594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe ==================== Restore Points ========================= 27-03-2017 20:28:46 TRON v9.9.0: Pre-run checkpoint 27-03-2017 20:53:34 Malwarebytes Anti-Rootkit Restore Point 28-03-2017 14:01:18 TRON v10.0.2: Pre-run checkpoint ==================== Faulty Device Manager Devices ============= Name: Logitech Gaming Virtual Keyboard Description: Logitech Gaming Virtual Keyboard Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: LGVirHid Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: PCI Device Description: PCI Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Logitech Gaming Virtual Mouse Description: Logitech Gaming Virtual Mouse Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: LGVirHid Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Context: Windows Application Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (03/28/2017 03:46:08 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index. Context: Windows Application Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (03/28/2017 03:45:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchIndexer.exe, version: 7.0.14393.206, time stamp: 0x57daca21 Faulting module name: msvcrt.dll, version: 7.0.14393.0, time stamp: 0x57899b47 Exception code: 0xc0000005 Fault offset: 0x0000000000073f00 Faulting process id: 0x170c Faulting application start time: 0x01d2a7f458efce50 Faulting application path: C:\WINDOWS\system32\SearchIndexer.exe Faulting module path: C:\WINDOWS\System32\msvcrt.dll Report Id: eb55e80d-841a-467c-8c2e-c9f41ef04797 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/28/2017 03:46:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/28/2017 03:46:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (03/28/2017 03:46:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (03/28/2017 03:46:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with the following service-specific error: %%3221493760 Error: (03/28/2017 03:45:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (03/28/2017 02:48:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD FX(tm)-8350 Eight-Core Processor Percentage of memory in use: 34% Total physical RAM: 8090.14 MB Available physical RAM: 5307.12 MB Total Virtual: 9114.14 MB Available Virtual: 6090.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.03 GB) (Free:64.08 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Games) (Fixed) (Total:111.79 GB) (Free:50.71 GB) NTFS Drive e: () (Fixed) (Total:465.75 GB) (Free:48.45 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FC14FC0) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0C707888) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E0FA6720) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================