Jump to content

TwoOfThree

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by TwoOfThree

  1. I am running a clean boot and my computer seems to be running appropriately at first glance. I assume this just covers up whatever existing problem is happening on my laptop, though.
  2. If I removed all Chrome synced data, does that mean I have to wipe my google drive? All of my honeymoon photos are on google photos and that's a problem.
  3. Sorry for the late reply, working nights in the hospital. So I am having a lot of trouble with the Chrome uninstall as my computer seems to have declined even more. Programs are hanging or not loading all together, such as Windows Settings, msconfig, and Microsoft browsers. I Loaded task manager to see if anything was hogging resources and noticed "Antimalware Service Executable" which yields the error "Unable to terminate process." This laptop seems to be getting worse by the hour.
  4. It seems like I have improved function with the browsers, but they are painfully slow to load anything, and often time out. This is a pretty high end laptop, which I have had for 8 months. These issues are definitely new.
  5. Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017 Ran by Vincent (13-06-2017 12:40:50) Run:1 Running from C:\Users\Vincent\Desktop Loaded Profiles: Vincent (Available Profiles: defaultuser0 & Vincent) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [KMCONFIG] => "C:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe C:\Program Files (x86)\5-button mouse\StartAutorun.exe C:\Program Files (x86)\5-button mouse CMD: ipconfig /flushdns Hosts: EmptyTemp: end ***************** Processes closed successfully. Error: Restore point can only be created in normal mode. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG => value removed successfully C:\Program Files (x86)\5-button mouse\StartAutorun.exe => moved successfully C:\Program Files (x86)\5-button mouse => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 237796072 B Java, Flash, Steam htmlcache => 708186166 B Windows/system/drivers => 48245514 B Edge => 31170339 B Chrome => 819095346 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 593354 B defaultuser0 => 587916 B Vincent => 1510690815 B RecycleBin => 0 B EmptyTemp: => 3.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:41:05 ==== Malwarebytes, AdwCleaner, and Sophos all scanned 100% clean; no logs to report.
  6. Slight problem: I can't download the Fanbar Recovery Scan Tool, as the download link yields the same error as I described above. I am able to load your link for techspot.com, and proceed to their download link, but my luck ends there. Nevermind -- I was able to load Windows 10 in safe mode and connect a cable to the router to make this work. For what it's worth, being in safe mode fixes all of the issues I am having. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017 Ran by Vincent (administrator) on DESKTOP-GEPMLNF (13-06-2017 00:54:56) Running from C:\Users\Vincent\Desktop Loaded Profiles: Vincent (Available Profiles: defaultuser0 & Vincent) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-11] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16681728 2016-07-09] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-06-15] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [KMCONFIG] => "C:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Spotify Web Helper] => C:\Users\Vincent\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-10] (Spotify Ltd) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Spotify] => C:\Users\Vincent\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-10] (Spotify Ltd) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Google Update] => C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Google Photos Backup] => C:\Users\Vincent\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Discord] => C:\Users\Vincent\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [225816 2017-02-21] (BlueStack Systems, Inc.) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\RunOnce: [Uninstall C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2016-09-21] ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-09-21] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-01] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Vincent\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 Tcpip\..\Interfaces\{39e72cb0-1a18-4847-b4fa-0fae867f9027}: [DhcpNameServer] 209.18.47.62 209.18.47.61 Tcpip\..\Interfaces\{f89429e8-8856-4443-84d5-b6f39a4f8d63}: [DhcpNameServer] 209.18.47.62 209.18.47.61 Internet Explorer: ================== BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-12] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-12] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin HKU\S-1-5-21-806150311-2739313462-2939826123-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin HKU\S-1-5-21-806150311-2739313462-2939826123-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms} CHR DefaultSearchKeyword: Default -> {searchTerms} CHR Profile: C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default [2017-06-13] CHR Extension: (Google Slides) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-28] CHR Extension: (BetterTTV) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21] CHR Extension: (Google Docs) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28] CHR Extension: (Google Drive) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28] CHR Extension: (YouTube) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28] CHR Extension: (Adblock Plus) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21] CHR Extension: (Google Sheets) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-28] CHR Extension: (Google Docs Offline) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-28] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-05-23] CHR Extension: (Ghostery) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-06-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28] CHR Extension: (Chrome Media Router) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318200 2015-07-21] (Windows (R) Win 7 DDK provider) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-23] () S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-21] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-21] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-21] (BlueStack Systems, Inc.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation) S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-11] (NVIDIA Corporation) S2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-26] (Insyde Software Corp.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation) S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [445440 2015-08-12] (Rivet Networks) [File not signed] S2 KMWDSERVICE; C:\Program Files (x86)\5-button mouse\KMWDSrv.exe [201216 2009-10-08] (UASSOFT.COM) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-04-12] (NVIDIA Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-11] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-11] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-11] (NVIDIA Corporation) S2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [30208 2016-08-09] (CLEVO CO.) [File not signed] S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [254568 2016-08-17] (Synaptics Incorporated) S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-12-01] (Intel(R) Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-17] (Insyde Corporation) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [117296 2015-07-30] (Rivet Networks, LLC.) S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-21] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-21] (Bluestack System Inc. ) S3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM) S3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM) R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-26] (Insyde Software Corp.) R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-26] (Insyde Software Corp.) S2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation) R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.) S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2016-01-20] (CSR plc.) S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-12] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-12] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-13] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-13] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-06-13] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation) S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvcvwu.inf_amd64_398c0a0c4281e441\nvlddmkm.sys [14841784 2017-04-17] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-11] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-08-11] (NVIDIA Corporation) S3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2340240 2015-08-05] (Qualcomm Atheros, Inc.) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [777944 2016-05-20] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [63592 2016-08-17] (Synaptics Incorporated) S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-13 00:54 - 2017-06-13 00:55 - 00018542 _____ C:\Users\Vincent\Desktop\FRST.txt 2017-06-13 00:54 - 2017-06-13 00:54 - 00000000 ____D C:\FRST 2017-06-13 00:53 - 2017-06-13 00:54 - 02438656 _____ (Farbar) C:\Users\Vincent\Desktop\FRST64.exe 2017-06-12 11:01 - 2017-06-12 11:01 - 00000000 ___HD C:\$SysReset 2017-06-12 02:52 - 2017-06-12 02:52 - 00000000 ____D C:\Users\Vincent\AppData\Local\TempOfficeC2RCFBC0E19-604D-43F0-9DB5-9F45A784594C 2017-06-12 02:15 - 2017-06-13 00:49 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-06-12 02:15 - 2017-06-13 00:49 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-12 02:15 - 2017-06-13 00:30 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-12 02:15 - 2017-06-12 11:08 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-12 02:15 - 2017-06-12 02:15 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-12 02:15 - 2017-06-12 02:15 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-12 02:15 - 2017-06-12 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-12 02:15 - 2017-06-12 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-12 02:15 - 2017-06-12 02:15 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-12 02:15 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-06-12 02:14 - 2017-06-12 02:14 - 64232976 _____ (Malwarebytes ) C:\Users\Vincent\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-12 02:09 - 2017-06-12 02:09 - 00000000 ____D C:\Users\Vincent\Documents\FeedbackHub 2017-06-12 02:03 - 2017-06-13 00:49 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-12 02:03 - 2017-06-12 11:03 - 00000000 ____D C:\Windows\pss 2017-06-11 16:03 - 2017-06-12 11:27 - 00000027 _____ C:\Users\Vincent\Desktop\router.txt 2017-06-11 15:47 - 2017-06-11 15:47 - 00545580 _____ C:\Windows\Minidump\061117-9468-01.dmp 2017-06-07 12:19 - 2017-06-07 12:19 - 00000000 ____D C:\Users\Vincent\AppData\Local\RSG 2017-06-06 12:19 - 2017-06-06 12:19 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\OpenOffice 2017-06-06 12:17 - 2017-06-06 12:17 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2017-06-06 12:17 - 2017-06-06 12:17 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2017-06-06 12:13 - 2017-06-06 12:16 - 140852175 _____ C:\Users\Vincent\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe 2017-05-25 10:45 - 2017-05-25 10:45 - 32169784 _____ C:\Users\Vincent\Downloads\EQ_setup.exe 2017-05-25 10:45 - 2017-05-25 10:45 - 00002502 _____ C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk 2017-05-25 10:45 - 2017-05-25 10:45 - 00000000 ____D C:\Users\Public\Daybreak Game Company 2017-05-23 14:46 - 2017-05-23 14:50 - 00000000 ____D C:\Users\Vincent\AppData\LocalLow\Daybreak Game Company 2017-05-23 14:46 - 2017-05-23 14:46 - 00000000 ____D C:\Users\Vincent\AppData\Local\SCE 2017-05-23 14:46 - 2017-05-23 14:46 - 00000000 ____D C:\Users\Vincent\AppData\Local\Daybreak Game Company ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-13 00:53 - 2016-08-12 16:29 - 01918008 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-13 00:51 - 2016-08-12 16:21 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-06-13 00:48 - 2016-09-28 21:44 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-13 00:48 - 2016-09-28 21:06 - 00000000 ____D C:\Users\Vincent 2017-06-13 00:48 - 2016-08-12 16:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-13 00:48 - 2016-07-16 02:04 - 00524288 _____ C:\Windows\system32\config\BBI 2017-06-13 00:32 - 2016-11-13 09:00 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C86DDE3-DF9A-4411-A7DA-8FF838D21EFC} 2017-06-12 11:08 - 2016-09-21 14:20 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-12 02:09 - 2016-09-28 21:09 - 00000000 ____D C:\Users\Vincent\AppData\Local\CrashDumps 2017-06-12 02:08 - 2016-08-12 16:21 - 00359024 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-11 15:47 - 2017-03-13 15:31 - 1182835478 _____ C:\Windows\MEMORY.DMP 2017-06-11 15:47 - 2017-03-13 15:31 - 00000000 ____D C:\Windows\Minidump 2017-06-11 15:47 - 2017-01-29 15:58 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\discord 2017-06-11 15:47 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-06-09 12:28 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-06-09 12:28 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-06-09 12:25 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness 2017-06-08 12:17 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-07 12:19 - 2016-09-21 14:16 - 00000000 ____D C:\ProgramData\Package Cache 2017-06-06 13:44 - 2016-09-29 12:32 - 00000000 ____D C:\Users\Vincent\Desktop\Misc 2017-05-31 00:54 - 2016-09-28 23:10 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-05-27 01:20 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-05-27 01:19 - 2016-11-30 14:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-05-26 03:43 - 2017-01-10 16:17 - 00000000 ____D C:\Users\Vincent\AppData\Local\Battle.net 2017-05-24 12:54 - 2017-01-10 16:19 - 00000000 ____D C:\Program Files (x86)\Overwatch 2017-05-23 02:16 - 2016-09-29 12:03 - 00000000 ____D C:\Windows\system32\MRT 2017-05-23 02:15 - 2016-09-29 12:03 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-05-20 02:51 - 2017-01-10 16:15 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-05-18 02:46 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\NDF 2017-05-16 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache 2017-05-16 13:08 - 2016-09-28 21:39 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-14 08:50 - 2016-11-29 22:10 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\uTorrent ==================== Files in the root of some directories ======= 2017-02-24 10:50 - 2016-11-23 09:37 - 0000570 _____ () C:\Users\Vincent\AppData\Local\TroubleshooterConfig.json ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-08 02:17 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017 Ran by Vincent (13-06-2017 00:55:11) Running from C:\Users\Vincent\Desktop Windows 10 Home Version 1607 (X64) (2016-09-29 01:05:59) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-806150311-2739313462-2939826123-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-806150311-2739313462-2939826123-503 - Limited - Disabled) defaultuser0 (S-1-5-21-806150311-2739313462-2939826123-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-806150311-2739313462-2939826123-501 - Limited - Disabled) Vincent (S-1-5-21-806150311-2739313462-2939826123-1001 - Administrator - Enabled) => C:\Users\Vincent ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) 5-button Mouse Driver (HKLM-x32\...\InstallShield_{7B926DFB-431E-449F-B829-E45D928BCA55}) (Version: 6.1 - Author) 5-button Mouse Driver (x32 Version: 6.1 - Author) Hidden adbLink version 2.07 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 2.07 - jocala.com) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.) Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - ) Ansel (Version: 381.78 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.100.6363 - BlueStack Systems, Inc.) Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version: - Torn Banner Studios) Cities: Skylines (HKLM\...\Steam App 255710) (Version: - Colossal Order Ltd.) Control Center 5.0001.0.81 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.81 - ) Control Center 5.0001.0.81 (x32 Version: 5.0001.0.81 - Default Company Name) Hidden Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Discord (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) EverQuest (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\DG0-EverQuest) (Version: - Sony Online Entertainment) EverQuest (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\DGC-EverQuest) (Version: 1.0.3.192 - Daybreak Game Company) EVERSPACE™ (HKLM\...\Steam App 396750) (Version: - ROCKFISH Games) Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook) FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version: - Subset Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Photos Backup (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation) Intel(R) Chipset Device Software (x32 Version: 10.1.1.32 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation) Killer Bandwidth Control Filter Driver (Version: 1.1.55.1538 - Rivet Networks) Hidden Killer E240x Drivers (Version: 1.1.55.1538 - Rivet Networks) Hidden Killer Network Manager (Version: 1.1.55.1538 - Rivet Networks) Hidden Killer Performance Suite (HKLM-x32\...\{08D44959-ACAB-4F54-834D-E7DFE855F519}) (Version: 1.1.55.1538 - Rivet Networks) Killer Wireless-AC 1535 Drivers (Version: 1.1.55.1538 - Rivet Networks) Hidden Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8067.2115 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 381.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.78 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 381.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.78 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Planet Coaster (HKLM\...\Steam App 493340) (Version: - Frontier Developments) PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.) Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.116 - Qualcomm Atheros) Realm of the Mad God (HKLM\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21291 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7874 - Realtek Semiconductor Corp.) Salt Demo (HKLM\...\Steam App 327870) (Version: - Lavaboots Studios) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited) Spotify (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) Starbound (HKLM\...\Steam App 211820) (Version: - ) Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.31 - Synaptics Incorporated) Synaptics WBF USB Fingerprint Reader (HKLM\...\{28303E4F-8C2B-408C-B0C2-7EAA74564665}) (Version: 5.5.204.24 - Synaptics Incorporated) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) Thunderbolt(TM) Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation) Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version: - Iron Lore Entertainment) UE Speaker Update Assistant (HKLM-x32\...\{B24EA78C-5BB7-4650-9F5D-380C35B35C7A}) (Version: 1.4.19 - Logitech, Inc.) UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden Vendetta Online (HKLM-x32\...\Vendetta Online_is1) (Version: - Guild Software, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00004409-C345-4E26-84FE-95DBD553E3D5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe Task: {1D659AFD-1B98-415A-BE14-DB941F3F5E00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-806150311-2739313462-2939826123-1001UA => C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-13] (Google Inc.) Task: {264996AB-683D-438B-B157-281E73E93AFB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {33C31FAE-19AE-4F46-A2F6-B812EF5FAABF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-27] (Microsoft Corporation) Task: {3C84E429-7D4B-45EF-B26D-0DB97ECCE870} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {4F34A92C-9EB2-43AA-A43A-3B53154B53DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-806150311-2739313462-2939826123-1001Core => C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-13] (Google Inc.) Task: {58D68137-09B7-4E73-B39B-0AA76DACF753} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe Task: {5E1458AF-A307-4B57-AB4A-12403D0CACEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.) Task: {758B6DFE-8B60-4BED-8820-54BB167C400A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.) Task: {7E871E8F-CF5B-45AB-962A-11C7BEF1A578} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated) Task: {8ED9C7D5-CE8B-4E46-94B7-E3B1385564B8} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation) Task: {A2FDFD74-1DC7-4759-AFA7-681414F43D8D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {C6CFF8A9-4889-491D-9584-0C2B3728832A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {CA9ED721-C893-4F03-8D90-FD71A7805F9B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] () Task: {CCE06D13-6302-411B-B4E0-2B6A4A3DBA3D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-09] (Adobe Systems Incorporated) Task: {EC3E4034-908C-491E-956B-E4136B5F7555} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] () Task: {F364B774-6217-4995-9E60-CD32D2A552D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-27] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-05-10 12:13 - 2017-04-27 20:49 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-11-30 14:18 - 2017-05-27 01:19 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-20 17:20 - 2016-09-20 17:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 14:35 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 14:34 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 14:34 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 14:34 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 12:13 - 2017-04-27 19:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-10 12:13 - 2017-04-27 19:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 12:13 - 2017-04-27 19:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" iver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 07:47 - 2016-07-16 07:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-806150311-2739313462-2939826123-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg DNS Servers: 209.18.47.62 - 209.18.47.61 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: lfsvc => 3 HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "iFunBox" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Google Photos Backup" HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "BlueStacks Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8CF54414-74A8-4B0A-BBC9-DBECF794CF3C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{482DBF4C-CE50-4320-B15D-56E96D2C06BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{1CA980AD-D86B-4605-9E08-D13C6D2FE36D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{61A6C028-EA3D-4080-8215-E3C6197F73DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{42F4220B-5F42-42D5-A6A4-4A51C5143EBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{F64BE991-F578-4384-B63D-C077CBF9A003}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{329DD7F4-F67F-4630-8F25-2D89F8DA5AE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{61389093-AC7E-42D0-8394-0690F959AFA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1BDDAFC0-96B2-42A0-B10D-B648D7E2E737}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{526D61F9-1111-45A5-A66C-18B946E51D28}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9A4699A5-2C43-4524-908E-52F5C0DBAA2F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{572CB30F-B025-4F3C-B1DE-D05419F97E64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{B777C918-FFD0-44EF-ABE2-CAC52B958EC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{DA9FADD8-09C0-454B-B35E-846F89360272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe FirewallRules: [{6A95D7CA-B65A-425E-92DA-335378464722}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe FirewallRules: [{798DEE6E-C95A-4A50-9037-40DFCCD89E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{FC339464-39CE-4B3C-9332-E6C4EED844E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [TCP Query User{43266757-CD85-4D49-A889-2ABD5B121A58}C:\users\vincent\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vincent\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{526DA077-75A2-4CE5-9C12-CE7B2C38BD08}C:\users\vincent\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vincent\appdata\roaming\spotify\spotify.exe FirewallRules: [{F06F4946-572F-40A5-80D7-FBEE25DA7ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{FD3E14D1-0B01-4822-AC02-B2292181701C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{37D59D93-141C-4E7C-AC50-0BE4965DEBF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{6042909D-EE36-48A1-AEEA-F556B92E6BCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{FF70F1CC-469B-4528-819E-BB6AB43E7B47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{289AB186-0F11-4866-8285-6CE71F2B5AC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe FirewallRules: [{A2CE0421-9A0B-49F7-8CED-A43FBB2DC0D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{7BE29BC5-D5FF-4A57-AEE6-1A399941F95E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe FirewallRules: [{820DC8D6-83A3-4AA4-ADFD-F55527C5C728}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{1D6654F5-3B36-46B5-B5AD-F7DC6804B00C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe FirewallRules: [{632C6D07-7000-4D61-8FE7-9E47908B10D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt Demo\SaltTrial.exe FirewallRules: [{C000B2CD-48C7-4CCC-A4B9-D3858E2DD146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt Demo\SaltTrial.exe FirewallRules: [{517DB563-FE4E-4898-AB42-66C506E2587C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe FirewallRules: [{8A2AE9E4-EED1-49AD-88C2-AF605084CEE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe FirewallRules: [{4A38B935-56F0-427C-830D-75E3C50A88BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{A32DB632-ADD3-4971-8013-535D50DF91F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [TCP Query User{C96770A8-668F-4629-BD2A-3F93CCFA95AD}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{433CB752-2B84-4F40-AB29-B5CAB4337FAC}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{49B85D9F-DE91-4C12-8029-6A879F5487CD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7ADEF6EE-3B09-471B-A7AD-208B0F9A241B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{9F8B5E41-3434-4CF9-8683-B1F6D6D6D1FB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{BFF7ADC6-BF85-4596-BD6B-35086F43D7B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{0AEC7762-BC7F-4825-92C1-ED2894F62CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe FirewallRules: [{04BA1E0F-2A5E-4DB9-8BCC-FA0CA24D367C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe FirewallRules: [{69E83B94-CBF7-4895-BD1D-A58F9E321472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe FirewallRules: [{97A4FEEF-0A48-4868-8475-FF8813B84CFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe FirewallRules: [{6CA28086-747B-42E7-BF99-166CB4BC3346}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{F9E85C1B-A241-4510-BD86-7458145FE14D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [TCP Query User{50A929B1-C45D-4635-9EB1-C256A6EF2B66}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{CD0D409F-689B-4316-81BE-F13247EA741D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{1232D363-7ABB-4B26-99E3-B3B32EE8CF8D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{7FB75D75-BC07-4A79-949E-D48A17E44D2A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{C9C4471B-76CB-4B2A-B287-6B941E943A25}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [UDP Query User{BB9910BE-55AE-4CD7-96DD-4A1F25D6DC0E}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [{F1F6C4E0-DC15-4358-9405-4AC8FF787E65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{A9C763A3-F4F3-4854-85DD-F460E9BA3721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{DC6737EC-2A4D-46B9-A5D9-902A360D8669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{7AF677A4-9C0A-4B2E-886A-5FC997168BB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{48D7CF9F-B1CF-4092-991C-523E24F6FEE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{BF9F9DB6-80FD-4332-ABD7-52838F2932C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{F8E621E6-7722-412B-B4D4-0B5C85310BA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{90819FC1-41D7-42FE-99CD-18FE2F2741FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [TCP Query User{4493A1DC-9C41-4D1A-AD68-8A3DEBE01331}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [UDP Query User{6A0E56B7-F080-40C7-A9D9-704790570862}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{3D19E782-259C-4FB4-A8A8-BCEDCDDDA965}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9BD37A0F-5BF7-4DC7-8251-05ADA6CEC447}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6ED6D67D-9DE8-449B-B9E9-C44E031E4CD0}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{00591FB2-40AE-4FAC-B10F-DEF37AFF2A87}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3C02CD17-02DD-4528-8E90-8D01446AFD2C}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{03A68CBB-5EDE-46D5-9851-0F01450AC0E3}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DF75EB06-A7EC-43E0-95EE-AF8878D548CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{B59EC92B-0DFE-4A22-8A2B-235BE21F5D2A}C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe FirewallRules: [UDP Query User{9E57413F-5B8A-4868-B271-B4D8A455D1BC}C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe FirewallRules: [{F5E57610-08FB-42A7-93DA-2E4717A6D304}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{08BDC5B2-2973-4F87-A1B3-EC7DE4D65717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe FirewallRules: [{27509125-EDB9-45E8-8BA4-F16B42B8ED09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe FirewallRules: [{B1A382AE-D420-46CF-B92F-61410FD0F0AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{9602990E-1E04-4661-A8ED-C7C230A49214}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe FirewallRules: [{3783A881-E6A2-4FAE-8954-8710F33B8D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{CA003395-73DF-447C-8CA8-2107B3A68D4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe FirewallRules: [{2E54A5C0-863D-4106-8D01-CEA8262E3981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{5F8EE867-1F41-4513-8669-3812B4402B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe FirewallRules: [{11D3D80A-4D4A-4D47-8EA3-3F30C0DA8C2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe FirewallRules: [{509F9746-FAC8-4FDE-967F-8D803690938D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe ==================== Restore Points ========================= 31-05-2017 00:55:15 Windows Update 06-06-2017 12:17:45 Installed OpenOffice 4.1.1 07-06-2017 12:19:22 Installed DirectX ==================== Faulty Device Manager Devices ============= Name: Killer Wireless-n/a/ac 1535 Wireless Network Adapter Description: Killer Wireless-n/a/ac 1535 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: Qcamain10x64 Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2017 12:49:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF) Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/12/2017 11:04:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF) Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/12/2017 10:56:57 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (06/12/2017 10:53:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NVDisplay.Container.exe, version: 1.2.0.0, time stamp: 0x58ee9022 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f Exception code: 0xc0000005 Fault offset: 0x00000000000496bc Faulting process id: 0x9e8 Faulting application start time: 0x01d2e348c701e4c8 Faulting application path: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 98239e50-5f36-4c8f-ae7f-aa14656f05ff Faulting package full name: Faulting package-relative application ID: Error: (06/12/2017 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f Exception code: 0xc0000005 Fault offset: 0x0000000000030bdd Faulting process id: 0x1c54 Faulting application start time: 0x01d2e344ff8045fb Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: e881713f-0ae1-46ce-b7b4-adecbc267bbf Faulting package full name: Faulting package-relative application ID: Error: (06/12/2017 02:16:02 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (06/12/2017 02:09:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HkeyTray.exe, version: 5.1.0.81, time stamp: 0x57b56e39 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a Exception code: 0xe0434352 Fault offset: 0x000da9f2 Faulting process id: 0x1600 Faulting application start time: 0x01d2e34270d84f31 Faulting application path: C:\Program Files (x86)\Hotkey\HkeyTray.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: b7bdaaef-88a3-4e91-89aa-a84de062a9a7 Faulting package full name: Faulting package-relative application ID: Error: (06/12/2017 02:09:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: HkeyTray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException at HkeyTray.CallingVariations.GetProductID_PCI() at HkeyTray.CallingVariations.GetClevoProductName() at HkeyTray.ModeBox.SetDefault(ModeType) at HkeyTray.ModeBox..ctor() at HkeyTray.Global..cctor() Exception Info: System.TypeInitializationException at HkeyTray.MainForm.WndProc(System.Windows.Forms.Message ByRef) at System.Windows.Forms.Control+ControlNativeWindow.OnMessage(System.Windows.Forms.Message ByRef) at System.Windows.Forms.Control+ControlNativeWindow.WndProc(System.Windows.Forms.Message ByRef) at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr) Error: (06/12/2017 02:05:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF) Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/12/2017 02:03:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF) Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (06/13/2017 12:55:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (06/13/2017 12:54:57 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (06/13/2017 12:54:57 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} CodeIntegrity: =================================== Date: 2016-10-07 20:09:25.639 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:09:25.634 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:09:25.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:09:25.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:06:35.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:06:35.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:06:35.509 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-07 20:06:35.503 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-06 21:09:53.158 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-06 21:09:53.145 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz Percentage of memory in use: 13% Total physical RAM: 16339.06 MB Available physical RAM: 14091.39 MB Total Virtual: 18771.06 MB Available Virtual: 16558.74 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:237.81 GB) (Free:50.1 GB) NTFS Drive d: () (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 74E574CC) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 74E574F9) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. I am in a very strange predicament. This evening I decided to run malwarebytes as I was experiencing suspect behavior on my laptop, quarantine/removed a small list of files. The next time I attempted to load chrome, google.com, my home page popped up as expected. However, I was unable to reach another website and eventually timed out. I tried to use Microsoft Edge/Explorer, but discovered the same results. Specifically with chrome, the error message says: "... server DNS could not be found ... DNS_PROBE_FINISHED_NXDOMAIN The strange thing is, I can still load google.com, my homepage, but nothing else. I am also able to load up video games and play online. I don't think it's related, but my ISP came by today and upgraded the coaxial outside and my router. Mobile devices connect to the network and are functioning appropriately. Any ideas?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.