Jump to content

Ran threat scan, web browsers no longer work:


Recommended Posts

I am in a very strange predicament. This evening I decided to run malwarebytes as I was experiencing suspect behavior on my laptop,   quarantine/removed a small list of files. The next time I attempted to load chrome, google.com, my home page popped up as expected. However, I was unable to reach another website and eventually timed out. I tried to use Microsoft Edge/Explorer, but discovered the same results. Specifically with chrome, the error message says: "... server DNS could not be found ... DNS_PROBE_FINISHED_NXDOMAIN

 

The strange thing is, I can still load google.com, my homepage, but nothing else. I am also able to load up video games and play online.

 

I don't think it's related, but my ISP came by today and upgraded the coaxial outside and my router. Mobile devices connect to the network and are functioning appropriately.  

 

Any ideas?

Link to post
Share on other sites

Hello TwoOfThree and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..

 

Link to post
Share on other sites

Slight problem: I can't download the Fanbar Recovery Scan Tool, as the download link yields the same error as I described above. I am able to load your link for techspot.com, and proceed to their download link, but my luck ends there. 

 

Nevermind -- I was able to load Windows 10 in safe mode and connect a cable to the router to make this work. For what it's worth, being in safe mode fixes all of the issues I am having.

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by Vincent (administrator) on DESKTOP-GEPMLNF (13-06-2017 00:54:56)
Running from C:\Users\Vincent\Desktop
Loaded Profiles: Vincent (Available Profiles: defaultuser0 & Vincent)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16681728 2016-07-09] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-06-15] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [KMCONFIG] => "C:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Spotify Web Helper] => C:\Users\Vincent\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-10] (Spotify Ltd)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Spotify] => C:\Users\Vincent\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-10] (Spotify Ltd)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Google Update] => C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Google Photos Backup] => C:\Users\Vincent\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [Discord] => C:\Users\Vincent\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [225816 2017-02-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\RunOnce: [Uninstall C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2016-09-21]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-09-21]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-01]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Vincent\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{39e72cb0-1a18-4847-b4fa-0fae867f9027}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{f89429e8-8856-4443-84d5-b6f39a4f8d63}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-806150311-2739313462-2939826123-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-806150311-2739313462-2939826123-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms}
CHR DefaultSearchKeyword: Default -> {searchTerms}
CHR Profile: C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default [2017-06-13]
CHR Extension: (Google Slides) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-28]
CHR Extension: (BetterTTV) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]
CHR Extension: (Google Docs) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Google Drive) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28]
CHR Extension: (YouTube) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Sheets) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-05-23]
CHR Extension: (Ghostery) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318200 2015-07-21] (Windows (R) Win 7 DDK provider)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-23] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-21] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-21] (BlueStack Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-11] (NVIDIA Corporation)
S2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-26] (Insyde Software Corp.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-06-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [445440 2015-08-12] (Rivet Networks) [File not signed]
S2 KMWDSERVICE; C:\Program Files (x86)\5-button mouse\KMWDSrv.exe [201216 2009-10-08] (UASSOFT.COM) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-04-12] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-11] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-11] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-11] (NVIDIA Corporation)
S2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [30208 2016-08-09] (CLEVO CO.) [File not signed]
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [254568 2016-08-17] (Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-12-01] (Intel(R) Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-17] (Insyde Corporation)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [117296 2015-07-30] (Rivet Networks, LLC.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-21] (Bluestack System Inc. )
S3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
S3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-26] (Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-26] (Insyde Software Corp.)
S2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2016-01-20] (CSR plc.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-12] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-12] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-06-13] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvcvwu.inf_amd64_398c0a0c4281e441\nvlddmkm.sys [14841784 2017-04-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-11] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-08-11] (NVIDIA Corporation)
S3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2340240 2015-08-05] (Qualcomm Atheros, Inc.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [777944 2016-05-20] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [63592 2016-08-17] (Synaptics Incorporated)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 00:54 - 2017-06-13 00:55 - 00018542 _____ C:\Users\Vincent\Desktop\FRST.txt
2017-06-13 00:54 - 2017-06-13 00:54 - 00000000 ____D C:\FRST
2017-06-13 00:53 - 2017-06-13 00:54 - 02438656 _____ (Farbar) C:\Users\Vincent\Desktop\FRST64.exe
2017-06-12 11:01 - 2017-06-12 11:01 - 00000000 ___HD C:\$SysReset
2017-06-12 02:52 - 2017-06-12 02:52 - 00000000 ____D C:\Users\Vincent\AppData\Local\TempOfficeC2RCFBC0E19-604D-43F0-9DB5-9F45A784594C
2017-06-12 02:15 - 2017-06-13 00:49 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 02:15 - 2017-06-13 00:49 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-12 02:15 - 2017-06-13 00:30 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-12 02:15 - 2017-06-12 11:08 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-12 02:15 - 2017-06-12 02:15 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-12 02:15 - 2017-06-12 02:15 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-12 02:15 - 2017-06-12 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-12 02:15 - 2017-06-12 02:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-12 02:15 - 2017-06-12 02:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-12 02:15 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-12 02:14 - 2017-06-12 02:14 - 64232976 _____ (Malwarebytes ) C:\Users\Vincent\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-12 02:09 - 2017-06-12 02:09 - 00000000 ____D C:\Users\Vincent\Documents\FeedbackHub
2017-06-12 02:03 - 2017-06-13 00:49 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-12 02:03 - 2017-06-12 11:03 - 00000000 ____D C:\Windows\pss
2017-06-11 16:03 - 2017-06-12 11:27 - 00000027 _____ C:\Users\Vincent\Desktop\router.txt
2017-06-11 15:47 - 2017-06-11 15:47 - 00545580 _____ C:\Windows\Minidump\061117-9468-01.dmp
2017-06-07 12:19 - 2017-06-07 12:19 - 00000000 ____D C:\Users\Vincent\AppData\Local\RSG
2017-06-06 12:19 - 2017-06-06 12:19 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\OpenOffice
2017-06-06 12:17 - 2017-06-06 12:17 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2017-06-06 12:17 - 2017-06-06 12:17 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-06-06 12:13 - 2017-06-06 12:16 - 140852175 _____ C:\Users\Vincent\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2017-05-25 10:45 - 2017-05-25 10:45 - 32169784 _____ C:\Users\Vincent\Downloads\EQ_setup.exe
2017-05-25 10:45 - 2017-05-25 10:45 - 00002502 _____ C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk
2017-05-25 10:45 - 2017-05-25 10:45 - 00000000 ____D C:\Users\Public\Daybreak Game Company
2017-05-23 14:46 - 2017-05-23 14:50 - 00000000 ____D C:\Users\Vincent\AppData\LocalLow\Daybreak Game Company
2017-05-23 14:46 - 2017-05-23 14:46 - 00000000 ____D C:\Users\Vincent\AppData\Local\SCE
2017-05-23 14:46 - 2017-05-23 14:46 - 00000000 ____D C:\Users\Vincent\AppData\Local\Daybreak Game Company

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 00:53 - 2016-08-12 16:29 - 01918008 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-13 00:51 - 2016-08-12 16:21 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-13 00:48 - 2016-09-28 21:44 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-13 00:48 - 2016-09-28 21:06 - 00000000 ____D C:\Users\Vincent
2017-06-13 00:48 - 2016-08-12 16:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 00:48 - 2016-07-16 02:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-06-13 00:32 - 2016-11-13 09:00 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C86DDE3-DF9A-4411-A7DA-8FF838D21EFC}
2017-06-12 11:08 - 2016-09-21 14:20 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-12 02:09 - 2016-09-28 21:09 - 00000000 ____D C:\Users\Vincent\AppData\Local\CrashDumps
2017-06-12 02:08 - 2016-08-12 16:21 - 00359024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-11 15:47 - 2017-03-13 15:31 - 1182835478 _____ C:\Windows\MEMORY.DMP
2017-06-11 15:47 - 2017-03-13 15:31 - 00000000 ____D C:\Windows\Minidump
2017-06-11 15:47 - 2017-01-29 15:58 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\discord
2017-06-11 15:47 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF
2017-06-09 12:28 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-09 12:28 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp
2017-06-09 12:25 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness
2017-06-08 12:17 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-07 12:19 - 2016-09-21 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-06 13:44 - 2016-09-29 12:32 - 00000000 ____D C:\Users\Vincent\Desktop\Misc
2017-05-31 00:54 - 2016-09-28 23:10 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-27 01:20 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-27 01:19 - 2016-11-30 14:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-26 03:43 - 2017-01-10 16:17 - 00000000 ____D C:\Users\Vincent\AppData\Local\Battle.net
2017-05-24 12:54 - 2017-01-10 16:19 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-05-23 02:16 - 2016-09-29 12:03 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 02:15 - 2016-09-29 12:03 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-20 02:51 - 2017-01-10 16:15 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-18 02:46 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\NDF
2017-05-16 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache
2017-05-16 13:08 - 2016-09-28 21:39 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-14 08:50 - 2016-11-29 22:10 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2017-02-24 10:50 - 2016-11-23 09:37 - 0000570 _____ () C:\Users\Vincent\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-08 02:17

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by Vincent (13-06-2017 00:55:11)
Running from C:\Users\Vincent\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-29 01:05:59)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-806150311-2739313462-2939826123-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-806150311-2739313462-2939826123-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-806150311-2739313462-2939826123-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-806150311-2739313462-2939826123-501 - Limited - Disabled)
Vincent (S-1-5-21-806150311-2739313462-2939826123-1001 - Administrator - Enabled) => C:\Users\Vincent

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
5-button Mouse Driver (HKLM-x32\...\InstallShield_{7B926DFB-431E-449F-B829-E45D928BCA55}) (Version: 6.1 - Author)
5-button Mouse Driver (x32 Version: 6.1 - Author) Hidden
adbLink version 2.07 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 2.07 - jocala.com)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Ansel (Version: 381.78 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.100.6363 - BlueStack Systems, Inc.)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Control Center 5.0001.0.81 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.81 - )
Control Center 5.0001.0.81 (x32 Version: 5.0001.0.81 - Default Company Name) Hidden
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
EverQuest (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\DG0-EverQuest) (Version:  - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\DGC-EverQuest) (Version: 1.0.3.192 - Daybreak Game Company)
EVERSPACE™ (HKLM\...\Steam App 396750) (Version:  - ROCKFISH Games)
Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.32 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.55.1538 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.55.1538 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.55.1538 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{08D44959-ACAB-4F54-834D-E7DFE855F519}) (Version: 1.1.55.1538 - Rivet Networks)
Killer Wireless-AC 1535 Drivers (Version: 1.1.55.1538 - Rivet Networks) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 381.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
PLAYERUNKNOWN'S BATTLEGROUNDS  (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.116 - Qualcomm Atheros)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21291 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7874 - Realtek Semiconductor Corp.)
Salt Demo (HKLM\...\Steam App 327870) (Version:  - Lavaboots Studios)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.31 - Synaptics Incorporated)
Synaptics WBF USB Fingerprint Reader (HKLM\...\{28303E4F-8C2B-408C-B0C2-7EAA74564665}) (Version: 5.5.204.24 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Thunderbolt(TM) Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version:  - Iron Lore Entertainment)
UE Speaker Update Assistant (HKLM-x32\...\{B24EA78C-5BB7-4650-9F5D-380C35B35C7A}) (Version: 1.4.19 - Logitech, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Vendetta Online (HKLM-x32\...\Vendetta Online_is1) (Version:  - Guild Software, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-806150311-2739313462-2939826123-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vincent\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00004409-C345-4E26-84FE-95DBD553E3D5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {1D659AFD-1B98-415A-BE14-DB941F3F5E00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-806150311-2739313462-2939826123-1001UA => C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-13] (Google Inc.)
Task: {264996AB-683D-438B-B157-281E73E93AFB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {33C31FAE-19AE-4F46-A2F6-B812EF5FAABF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-27] (Microsoft Corporation)
Task: {3C84E429-7D4B-45EF-B26D-0DB97ECCE870} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {4F34A92C-9EB2-43AA-A43A-3B53154B53DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-806150311-2739313462-2939826123-1001Core => C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-13] (Google Inc.)
Task: {58D68137-09B7-4E73-B39B-0AA76DACF753} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {5E1458AF-A307-4B57-AB4A-12403D0CACEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {758B6DFE-8B60-4BED-8820-54BB167C400A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-28] (Google Inc.)
Task: {7E871E8F-CF5B-45AB-962A-11C7BEF1A578} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {8ED9C7D5-CE8B-4E46-94B7-E3B1385564B8} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {A2FDFD74-1DC7-4759-AFA7-681414F43D8D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {C6CFF8A9-4889-491D-9584-0C2B3728832A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {CA9ED721-C893-4F03-8D90-FD71A7805F9B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] ()
Task: {CCE06D13-6302-411B-B4E0-2B6A4A3DBA3D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {EC3E4034-908C-491E-956B-E4136B5F7555} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] ()
Task: {F364B774-6217-4995-9E60-CD32D2A552D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-27] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-05-10 12:13 - 2017-04-27 20:49 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-30 14:18 - 2017-05-27 01:19 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-20 17:20 - 2016-09-20 17:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 14:35 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 14:34 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 14:34 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 14:34 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-10 12:13 - 2017-04-27 19:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-10 12:13 - 2017-04-27 19:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-10 12:13 - 2017-04-27 19:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-806150311-2739313462-2939826123-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "iFunBox"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "Google Photos Backup"
HKU\S-1-5-21-806150311-2739313462-2939826123-1001\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8CF54414-74A8-4B0A-BBC9-DBECF794CF3C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{482DBF4C-CE50-4320-B15D-56E96D2C06BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1CA980AD-D86B-4605-9E08-D13C6D2FE36D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{61A6C028-EA3D-4080-8215-E3C6197F73DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{42F4220B-5F42-42D5-A6A4-4A51C5143EBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F64BE991-F578-4384-B63D-C077CBF9A003}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{329DD7F4-F67F-4630-8F25-2D89F8DA5AE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{61389093-AC7E-42D0-8394-0690F959AFA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1BDDAFC0-96B2-42A0-B10D-B648D7E2E737}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{526D61F9-1111-45A5-A66C-18B946E51D28}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9A4699A5-2C43-4524-908E-52F5C0DBAA2F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{572CB30F-B025-4F3C-B1DE-D05419F97E64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B777C918-FFD0-44EF-ABE2-CAC52B958EC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DA9FADD8-09C0-454B-B35E-846F89360272}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{6A95D7CA-B65A-425E-92DA-335378464722}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{798DEE6E-C95A-4A50-9037-40DFCCD89E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{FC339464-39CE-4B3C-9332-E6C4EED844E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{43266757-CD85-4D49-A889-2ABD5B121A58}C:\users\vincent\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vincent\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{526DA077-75A2-4CE5-9C12-CE7B2C38BD08}C:\users\vincent\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vincent\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F06F4946-572F-40A5-80D7-FBEE25DA7ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{FD3E14D1-0B01-4822-AC02-B2292181701C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{37D59D93-141C-4E7C-AC50-0BE4965DEBF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{6042909D-EE36-48A1-AEEA-F556B92E6BCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{FF70F1CC-469B-4528-819E-BB6AB43E7B47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{289AB186-0F11-4866-8285-6CE71F2B5AC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{A2CE0421-9A0B-49F7-8CED-A43FBB2DC0D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{7BE29BC5-D5FF-4A57-AEE6-1A399941F95E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{820DC8D6-83A3-4AA4-ADFD-F55527C5C728}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{1D6654F5-3B36-46B5-B5AD-F7DC6804B00C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{632C6D07-7000-4D61-8FE7-9E47908B10D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt Demo\SaltTrial.exe
FirewallRules: [{C000B2CD-48C7-4CCC-A4B9-D3858E2DD146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Salt Demo\SaltTrial.exe
FirewallRules: [{517DB563-FE4E-4898-AB42-66C506E2587C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{8A2AE9E4-EED1-49AD-88C2-AF605084CEE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{4A38B935-56F0-427C-830D-75E3C50A88BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{A32DB632-ADD3-4971-8013-535D50DF91F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [TCP Query User{C96770A8-668F-4629-BD2A-3F93CCFA95AD}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{433CB752-2B84-4F40-AB29-B5CAB4337FAC}C:\users\vincent\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vincent\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{49B85D9F-DE91-4C12-8029-6A879F5487CD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7ADEF6EE-3B09-471B-A7AD-208B0F9A241B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9F8B5E41-3434-4CF9-8683-B1F6D6D6D1FB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BFF7ADC6-BF85-4596-BD6B-35086F43D7B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0AEC7762-BC7F-4825-92C1-ED2894F62CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{04BA1E0F-2A5E-4DB9-8BCC-FA0CA24D367C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{69E83B94-CBF7-4895-BD1D-A58F9E321472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{97A4FEEF-0A48-4868-8475-FF8813B84CFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{6CA28086-747B-42E7-BF99-166CB4BC3346}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F9E85C1B-A241-4510-BD86-7458145FE14D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{50A929B1-C45D-4635-9EB1-C256A6EF2B66}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{CD0D409F-689B-4316-81BE-F13247EA741D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{1232D363-7ABB-4B26-99E3-B3B32EE8CF8D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7FB75D75-BC07-4A79-949E-D48A17E44D2A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{C9C4471B-76CB-4B2A-B287-6B941E943A25}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{BB9910BE-55AE-4CD7-96DD-4A1F25D6DC0E}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{F1F6C4E0-DC15-4358-9405-4AC8FF787E65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{A9C763A3-F4F3-4854-85DD-F460E9BA3721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{DC6737EC-2A4D-46B9-A5D9-902A360D8669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{7AF677A4-9C0A-4B2E-886A-5FC997168BB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{48D7CF9F-B1CF-4092-991C-523E24F6FEE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{BF9F9DB6-80FD-4332-ABD7-52838F2932C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{F8E621E6-7722-412B-B4D4-0B5C85310BA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{90819FC1-41D7-42FE-99CD-18FE2F2741FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [TCP Query User{4493A1DC-9C41-4D1A-AD68-8A3DEBE01331}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{6A0E56B7-F080-40C7-A9D9-704790570862}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{3D19E782-259C-4FB4-A8A8-BCEDCDDDA965}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BD37A0F-5BF7-4DC7-8251-05ADA6CEC447}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6ED6D67D-9DE8-449B-B9E9-C44E031E4CD0}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00591FB2-40AE-4FAC-B10F-DEF37AFF2A87}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C02CD17-02DD-4528-8E90-8D01446AFD2C}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{03A68CBB-5EDE-46D5-9851-0F01450AC0E3}] => (Allow) C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DF75EB06-A7EC-43E0-95EE-AF8878D548CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{B59EC92B-0DFE-4A22-8A2B-235BE21F5D2A}C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{9E57413F-5B8A-4868-B271-B4D8A455D1BC}C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\daybreak game company\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{F5E57610-08FB-42A7-93DA-2E4717A6D304}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{08BDC5B2-2973-4F87-A1B3-EC7DE4D65717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{27509125-EDB9-45E8-8BA4-F16B42B8ED09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{B1A382AE-D420-46CF-B92F-61410FD0F0AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{9602990E-1E04-4661-A8ED-C7C230A49214}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{3783A881-E6A2-4FAE-8954-8710F33B8D03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{CA003395-73DF-447C-8CA8-2107B3A68D4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{2E54A5C0-863D-4106-8D01-CEA8262E3981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{5F8EE867-1F41-4513-8669-3812B4402B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{11D3D80A-4D4A-4D47-8EA3-3F30C0DA8C2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{509F9746-FAC8-4FDE-967F-8D803690938D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

==================== Restore Points =========================

31-05-2017 00:55:15 Windows Update
06-06-2017 12:17:45 Installed OpenOffice 4.1.1
07-06-2017 12:19:22 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: Killer Wireless-n/a/ac 1535 Wireless Network Adapter
Description: Killer Wireless-n/a/ac 1535 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: Qcamain10x64
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2017 12:49:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF)
Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2017 11:04:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF)
Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2017 10:56:57 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2017 10:53:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.2.0.0, time stamp: 0x58ee9022
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x00000000000496bc
Faulting process id: 0x9e8
Faulting application start time: 0x01d2e348c701e4c8
Faulting application path: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 98239e50-5f36-4c8f-ae7f-aa14656f05ff
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/12/2017 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000030bdd
Faulting process id: 0x1c54
Faulting application start time: 0x01d2e344ff8045fb
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: e881713f-0ae1-46ce-b7b4-adecbc267bbf
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/12/2017 02:16:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2017 02:09:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HkeyTray.exe, version: 5.1.0.81, time stamp: 0x57b56e39
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902845a
Exception code: 0xe0434352
Fault offset: 0x000da9f2
Faulting process id: 0x1600
Faulting application start time: 0x01d2e34270d84f31
Faulting application path: C:\Program Files (x86)\Hotkey\HkeyTray.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: b7bdaaef-88a3-4e91-89aa-a84de062a9a7
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/12/2017 02:09:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HkeyTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at HkeyTray.CallingVariations.GetProductID_PCI()
   at HkeyTray.CallingVariations.GetClevoProductName()
   at HkeyTray.ModeBox.SetDefault(ModeType)
   at HkeyTray.ModeBox..ctor()
   at HkeyTray.Global..cctor()

Exception Info: System.TypeInitializationException
   at HkeyTray.MainForm.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.Control+ControlNativeWindow.OnMessage(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.Control+ControlNativeWindow.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)

Error: (06/12/2017 02:05:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF)
Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/12/2017 02:03:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEPMLNF)
Description: Activation of app Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/13/2017 12:55:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:55:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/13/2017 12:54:57 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (06/13/2017 12:54:57 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-GEPMLNF)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2016-10-07 20:09:25.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:09:25.634
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:09:25.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:09:25.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:06:35.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:06:35.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:06:35.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 20:06:35.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-06 21:09:53.158
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-06 21:09:53.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 13%
Total physical RAM: 16339.06 MB
Available physical RAM: 14091.39 MB
Total Virtual: 18771.06 MB
Available Virtual: 16558.74 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.81 GB) (Free:50.1 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 74E574CC)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 74E574F9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by TwoOfThree
Erroneous information in original post.
Link to post
Share on other sites

I do not see any obvious malware or infection in those logs. One entry is definitely suspicious. Can you tell me if you know and trust the following, Also when did you install it...?:

HKLM-x32\...\Run: [KMCONFIG] => "C:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe

Check this link for information... http://www.freefixer.com/library/file/KMConfig.exe-30489/#vtreport
 
Thank you,
Kevin
Link to post
Share on other sites

Thanks for the update, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.

Or from this Mirror
 
  • Double click on Adwcleaner.exe to run the tool
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns..

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by Vincent (13-06-2017 12:40:50) Run:1
Running from C:\Users\Vincent\Desktop
Loaded Profiles: Vincent (Available Profiles: defaultuser0 & Vincent)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [KMCONFIG] => "C:\Program Files (x86)\5-button mouse\StartAutorun.exe" KMConfig.exe
C:\Program Files (x86)\5-button mouse\StartAutorun.exe
C:\Program Files (x86)\5-button mouse
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
end

*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG => value removed successfully
C:\Program Files (x86)\5-button mouse\StartAutorun.exe => moved successfully
C:\Program Files (x86)\5-button mouse => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 237796072 B
Java, Flash, Steam htmlcache => 708186166 B
Windows/system/drivers => 48245514 B
Edge => 31170339 B
Chrome => 819095346 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 593354 B
defaultuser0 => 587916 B
Vincent => 1510690815 B

RecycleBin => 0 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:41:05 ====

 

 

Malwarebytes, AdwCleaner, and Sophos all scanned 100% clean; no logs to report.

Link to post
Share on other sites

Chrome is your Default browser, lets try a clean install of Chrome first and see if there is any improvement...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome :

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en

Does that help...?
Link to post
Share on other sites

Sorry for the late reply, working nights in the hospital. 

 

So I am having a lot of trouble with the Chrome uninstall as my computer seems to have declined even more. Programs are hanging or not loading all together, such as Windows Settings, msconfig, and Microsoft browsers. I Loaded task manager to see if anything was hogging resources and noticed "Antimalware Service Executable" which yields the error "Unable to terminate process."

 

This laptop seems to be getting worse by the hour. 

Link to post
Share on other sites

Clean boot disables all none microsoft system files, If your PC now responds better we can assume that a 3rd party service or services maybe the problem... If clean boot makes your system faster and more responsive it is now a process of elimination to find which non MS service(s) was affecting your system...

Go through the process again, this time with all MS services hidden again enable the top half of non MS services, re-boot and see how your system responds, if still ok the top half can be left enabled.

Repeat again, enable so many of the bottom half then re-boot. Continue until you locate the problem service(s). A process of elimination, a bit long winded but worth the effort. Let me know the outcome...

Thank you,

Kevin

 

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.