Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown rootkit messing with hardware


  • This topic is locked This topic is locked
24 replies to this topic

#1 swashbucklingotter

swashbucklingotter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 27 June 2017 - 09:11 PM

hello. so im pretty sure i have a rootkit. it started 4 days ago. random increases and decreases in my C: drive usage of .1 to 10 gigs, my left speaker stopped working right and has violent static every once in a while. best way i can describe it is when you get graphical tearing and the sound messes up. things are loading slower and videos are lagging hard. the display on applications such as browser or minecraft change size every once in a while when i start the app. display of icons in file explorer change randomly. random sounds of that "authorize the program to make changes to the computer" happen with nothing running and nothing pops up. sound devices have been "unplugged" even though everything is internal (laptop) things on my desktop disappear or move.  here is my FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by swashbucklingotter (administrator) on VIKTOR (27-06-2017 22:07:03)
Running from C:\Users\swashbucklingotter\Desktop
Loaded Profiles: swashbucklingotter (Available Profiles: swashbucklingotter)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Application) C:\Program Files (x86)\KLM\KLM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8801024 2016-04-15] (Realtek Semiconductor)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [690024 2016-03-30] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [297984 2016-01-22] (MSI)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3281160 2014-08-26] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\KLM\KLM.exe [2151224 2015-11-10] (Application)
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Run: [BingSvc] => C:\Users\swashbucklingotter\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Run: [Discord] => C:\Users\swashbucklingotter\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-05-25]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\swashbucklingotter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-05-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CFD211FF-F685-4E7A-928B-019A49B42D89}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> msn.com
CHR StartupUrls: Profile 1 -> "hxxp://my.baypath.edu/ics"
CHR DefaultSearchKeyword: Profile 1 -> bing.com
CHR Profile: C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-27]
CHR Extension: (Google Slides) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-12]
CHR Extension: (Google Docs) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-12]
CHR Extension: (Google Drive) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-12]
CHR Extension: (YouTube) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-12]
CHR Extension: (Adblock Plus) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-05-12]
CHR Extension: (Google Sheets) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-12]
CHR Extension: (Gmail) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\swashbucklingotter\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
CHR HKU\S-1-5-21-212547075-2734779801-2451875018-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-05-31] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 HnGSteamService; C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [778024 2017-06-27] (Reto-Moto ApS)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-04] ()
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2017-01-06] (Microsoft Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-01-22] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2017-03-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2017-01-05] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [142408 2015-09-16] (Rivet Networks, LLC.)
S3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [157752 2015-09-03] (Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-25] (Malwarebytes)
R1 MpKslf59f68f1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5C72DDA-653F-4A9C-AD53-A9BAC25C2877}\MpKslf59f68f1.sys [44928 2017-06-27] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3526400 2017-03-09] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-11-10] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [38720 2016-10-26] (SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-27 22:07 - 2017-06-27 22:07 - 00016316 _____ C:\Users\swashbucklingotter\Desktop\FRST.txt
2017-06-27 21:40 - 2017-06-27 22:07 - 00000000 ____D C:\FRST
2017-06-27 21:39 - 2017-06-27 21:39 - 02441216 _____ (Farbar) C:\Users\swashbucklingotter\Desktop\FRST64.exe
2017-06-27 20:51 - 2017-06-27 20:54 - 01159346 _____ C:\TDSSKiller.3.1.0.15_27.06.2017_20.51.35_log.txt
2017-06-25 15:00 - 2017-06-25 15:51 - 01456318 _____ C:\TDSSKiller.3.1.0.15_25.06.2017_15.00.32_log.txt
2017-06-25 14:58 - 2017-06-25 14:59 - 00226688 _____ C:\TDSSKiller.3.1.0.15_25.06.2017_14.58.16_log.txt
2017-06-25 14:58 - 2017-06-25 14:58 - 04922400 _____ (AO Kaspersky Lab) C:\Users\swashbucklingotter\Desktop\tdsskiller.exe
2017-06-25 14:26 - 2017-06-27 22:02 - 00035590 _____ C:\Windows\ntbtlog.txt
2017-06-25 14:25 - 2017-06-25 14:25 - 00002064 _____ C:\Users\swashbucklingotter\Desktop\gmerscan.txt
2017-06-25 09:01 - 2017-06-25 09:01 - 00380928 _____ C:\Users\swashbucklingotter\Desktop\wcoodho0.exe
2017-06-23 09:56 - 2017-06-02 22:31 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-23 09:56 - 2017-06-02 22:31 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-23 07:48 - 2017-06-23 07:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-23 07:48 - 2016-09-09 14:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-06-23 07:48 - 2016-09-09 14:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-06-23 07:48 - 2016-09-09 14:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-06-23 07:48 - 2016-09-09 14:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-06-23 07:44 - 2017-06-02 07:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-23 07:44 - 2017-06-02 06:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-23 07:44 - 2017-05-14 16:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-23 07:44 - 2017-05-14 16:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-23 07:44 - 2017-05-14 16:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-23 07:44 - 2017-05-14 16:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-23 07:44 - 2017-05-14 16:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-23 07:44 - 2017-05-14 16:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-23 07:44 - 2017-05-14 15:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-23 07:44 - 2017-05-14 15:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-23 07:44 - 2017-05-14 15:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-23 07:44 - 2017-05-14 15:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-23 07:44 - 2017-05-14 15:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-23 07:44 - 2017-05-14 15:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-23 07:44 - 2017-05-14 15:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-23 07:44 - 2017-05-14 14:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-23 07:44 - 2017-05-14 14:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-23 07:44 - 2017-05-14 14:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-06-23 07:44 - 2017-05-14 14:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-23 07:44 - 2017-05-14 14:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-23 07:44 - 2017-05-14 14:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-23 07:44 - 2017-05-14 14:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-23 07:44 - 2017-05-14 14:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-23 07:44 - 2017-05-14 14:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-23 07:44 - 2017-05-14 14:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-23 07:44 - 2017-05-14 14:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-23 07:44 - 2017-05-14 14:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-23 07:44 - 2017-05-14 14:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-23 07:44 - 2017-05-14 14:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-23 07:44 - 2017-05-14 14:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-23 07:44 - 2017-05-12 12:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-23 07:44 - 2017-05-11 22:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-23 07:44 - 2017-05-11 22:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-23 07:44 - 2017-05-11 22:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-23 07:44 - 2017-05-11 19:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-23 07:44 - 2017-05-11 19:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-23 07:44 - 2017-04-16 06:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-06-23 07:44 - 2017-04-16 06:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-06-23 07:44 - 2017-04-16 06:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-06-23 07:44 - 2017-04-16 06:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-23 07:44 - 2017-04-16 05:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-06-23 07:44 - 2017-04-16 05:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-06-23 07:44 - 2017-04-16 05:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-06-23 07:44 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-23 07:44 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-23 07:44 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-23 07:44 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-23 07:44 - 2017-04-16 04:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-06-23 07:44 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-23 07:44 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-23 07:44 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-23 07:44 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-23 07:44 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-23 07:44 - 2017-04-16 03:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-23 07:44 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-23 07:44 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-23 07:44 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-23 07:44 - 2017-04-16 03:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-06-23 07:44 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-23 07:44 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-23 07:44 - 2017-04-16 03:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-23 07:44 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-23 07:44 - 2017-04-16 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-06-23 07:44 - 2017-04-09 18:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-23 07:44 - 2017-04-06 12:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-23 07:44 - 2017-04-06 12:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-23 07:44 - 2017-04-02 09:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-23 07:44 - 2017-03-31 19:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-06-23 07:43 - 2017-06-02 08:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-23 07:43 - 2017-06-02 08:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-23 07:43 - 2017-06-02 08:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-23 07:43 - 2017-06-02 08:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-23 07:43 - 2017-06-02 08:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-23 07:43 - 2017-06-02 07:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-23 07:43 - 2017-06-02 06:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-23 07:43 - 2017-06-02 06:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-23 07:43 - 2017-06-02 06:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-23 07:43 - 2017-06-02 06:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-23 07:43 - 2017-06-02 05:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-23 07:43 - 2017-06-02 05:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-23 07:43 - 2017-05-15 15:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-23 07:43 - 2017-05-14 15:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-23 07:43 - 2017-05-14 15:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-23 07:43 - 2017-05-14 14:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-23 07:43 - 2017-05-14 14:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-23 07:43 - 2017-05-14 14:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-23 07:43 - 2017-05-12 13:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-23 07:43 - 2017-05-12 12:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-23 07:43 - 2017-05-12 11:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-23 07:43 - 2017-05-12 11:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-23 07:43 - 2017-05-12 11:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-23 07:43 - 2017-05-12 11:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-23 07:43 - 2017-05-12 00:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-23 07:43 - 2017-05-11 22:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-23 07:43 - 2017-05-11 22:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-23 07:43 - 2017-05-11 22:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-23 07:43 - 2017-05-11 22:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-23 07:43 - 2017-05-11 22:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-23 07:43 - 2017-05-11 22:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-23 07:43 - 2017-05-10 14:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-23 07:43 - 2017-05-06 12:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-23 07:43 - 2017-05-06 12:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-23 07:43 - 2017-05-03 19:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-23 07:43 - 2017-05-03 09:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-23 07:43 - 2017-05-03 09:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-23 07:43 - 2017-04-16 06:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-06-23 07:43 - 2017-04-16 05:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-06-23 07:43 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-23 07:43 - 2017-04-16 04:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-23 07:43 - 2017-04-16 03:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-06-23 07:43 - 2017-04-09 18:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-23 07:43 - 2017-04-06 13:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-23 07:43 - 2017-04-06 13:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-23 07:43 - 2017-04-06 12:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-23 07:43 - 2017-04-06 12:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-23 07:43 - 2017-04-06 12:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-23 07:43 - 2017-04-06 11:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-23 07:43 - 2017-04-02 12:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-06-23 07:43 - 2017-04-02 12:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-06-23 07:43 - 2017-04-02 10:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-23 07:43 - 2017-03-31 17:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-06-22 20:18 - 2017-06-22 20:18 - 00000000 ____D C:\Windows\pss
2017-06-20 19:24 - 2017-06-20 19:24 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Local\id Software
2017-06-20 15:41 - 2017-06-20 15:41 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Local\Bethesda.net Launcher
2017-06-20 15:40 - 2017-06-22 14:33 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-06-20 15:40 - 2017-06-20 15:40 - 00001164 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2017-06-20 15:40 - 2017-06-20 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2017-06-09 16:27 - 2017-06-09 16:29 - 00000000 ____D C:\Users\swashbucklingotter\Desktop\desktop dungeons
2017-06-09 16:22 - 2017-06-23 11:56 - 00000000 ____D C:\Users\swashbucklingotter\Documents\New folder
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-27 21:38 - 2016-04-08 17:15 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-212547075-2734779801-2451875018-1001
2017-06-27 21:33 - 2016-05-25 17:45 - 00000000 __SHD C:\Users\swashbucklingotter\IntelGraphicsProfiles
2017-06-27 21:33 - 2016-05-25 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-27 21:33 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2017-06-27 20:56 - 2016-06-02 10:07 - 00001306 _____ C:\Users\swashbucklingotter\Desktop\nativelog.txt
2017-06-27 20:52 - 2016-07-31 12:03 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-06-27 20:51 - 2016-06-02 10:00 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Roaming\.minecraft
2017-06-27 20:47 - 2016-05-25 22:04 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Local\Battle.net
2017-06-27 20:38 - 2016-11-15 00:34 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-06-27 20:38 - 2016-05-25 22:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-27 20:37 - 2017-03-15 19:21 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Local\CrashDumps
2017-06-27 18:42 - 2016-05-09 17:17 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5C8575F-B763-4C84-B71E-E4DB53553828}
2017-06-27 17:09 - 2016-05-25 17:02 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 17:09 - 2016-05-25 17:02 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 13:49 - 2016-05-31 14:26 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Roaming\Skype
2017-06-25 15:06 - 2014-11-21 04:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-25 15:00 - 2017-05-12 13:56 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-25 15:00 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-25 14:59 - 2016-05-25 15:29 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 17:17 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2017-06-23 09:55 - 2013-08-22 10:44 - 00337808 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-23 09:52 - 2016-05-26 20:32 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-23 09:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-23 09:52 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-23 07:51 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2017-06-23 07:50 - 2016-05-25 17:37 - 00000000 ____D C:\Windows\system32\MRT
2017-06-23 07:48 - 2016-05-25 17:37 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-23 07:48 - 2016-05-25 15:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-23 07:41 - 2017-04-30 17:28 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-23 07:41 - 2017-04-30 17:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-23 07:41 - 2017-04-30 17:28 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-23 07:32 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-20 15:47 - 2017-05-24 21:06 - 00000857 _____ C:\Users\swashbucklingotter\Desktop\passies.txt
2017-06-16 16:14 - 2017-01-05 12:04 - 00000000 ____D C:\Users\swashbucklingotter\Desktop\tight bleep
2017-06-16 13:14 - 2016-06-02 09:58 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-15 20:13 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 20:13 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-15 16:15 - 2016-04-08 17:10 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Local\Packages
2017-06-14 12:27 - 2017-04-24 20:02 - 00000000 ____D C:\Users\swashbucklingotter\Documents\Unreal Projects
2017-06-14 12:02 - 2016-05-25 15:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-13 13:31 - 2016-11-29 17:52 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Roaming\obs-studio
2017-06-08 16:48 - 2016-07-15 00:21 - 00000000 ____D C:\Users\swashbucklingotter\AppData\Roaming\vlc
2017-06-05 21:00 - 2017-05-12 13:56 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-01 21:24 - 2016-11-27 13:15 - 00000000 ____D C:\Users\swashbucklingotter\Documents\Paradox Interactive
2017-05-30 16:45 - 2016-05-25 15:32 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-05-25 15:16 - 2016-05-25 15:16 - 0000000 _____ () C:\Users\swashbucklingotter\AppData\Local\Driver_LOM_8161Present.flag
2016-05-25 18:51 - 2016-05-25 18:51 - 0007610 _____ () C:\Users\swashbucklingotter\AppData\Local\Resmon.ResmonCfg
2016-05-25 17:04 - 2016-05-25 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\swashbucklingotter\installshield_scm.reg
C:\Users\swashbucklingotter\scm.reg
 
 
Some files in TEMP:
====================
2016-05-31 14:36 - 2016-05-31 14:36 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\swashbucklingotter\AppData\Local\Temp\BSvcProcessor.exe
2016-05-31 14:36 - 2016-05-31 14:36 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\swashbucklingotter\AppData\Local\Temp\BSvcUpdater.exe
2017-04-19 16:17 - 2017-04-19 16:17 - 4485976 _____ (Microsoft Corporation) C:\Users\swashbucklingotter\AppData\Local\Temp\dwl1D00.tmp.exe
2017-04-19 16:19 - 2017-04-19 16:19 - 4485976 _____ (Microsoft Corporation) C:\Users\swashbucklingotter\AppData\Local\Temp\dwlEC23.tmp.exe
2016-08-29 18:13 - 2017-06-26 13:40 - 58684896 _____ (Skype Technologies S.A.) C:\Users\swashbucklingotter\AppData\Local\Temp\SkypeSetup.exe
2017-04-03 16:41 - 2017-02-22 18:31 - 7133808 _____ (Spotify Ltd) C:\Users\swashbucklingotter\AppData\Local\Temp\SpotifyUninstall.exe
2016-12-31 16:27 - 2016-01-14 16:20 - 0362656 _____ (CANON INC.) C:\Users\swashbucklingotter\AppData\Local\Temp\uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-21 17:40
 
==================== End of FRST.txt ============================

Edited by swashbucklingotter, 28 June 2017 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 28 June 2017 - 11:43 AM

Update: had it on for about an hour today and the entire screen turned sideways and every program was running but unresponsive to my mouse....i forced shutdown since i couldnt do anything else and im just leaving it.

#3 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 01 July 2017 - 09:59 AM

Sorry for the wait.

Some ground rules:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. In the interest of full disclosure I am still a student, and therefore anything I propose must be cleared with an instructor, which may sometimes delay my responses. The upside to this is you'll have two heads looking into your problem.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
FRST should have created a second log named Addition.txt. Please post that.

Edited by Bezukhov, 01 July 2017 - 10:16 AM.

To err is Human. To blame it on someone else is even more Human.

#4 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 01 July 2017 - 10:11 AM

no worries. i just want to get this fixed. here is the addition logs. just so its known because i know the prep guide said to give as much info as possible. i had to boot my computer up to post this and it too 3-4 times as long to boot then it ever had before. i had a black screen for about 30 seconds before the OS showed up.
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by swashbucklingotter (27-06-2017 22:07:23)
Running from C:\Users\swashbucklingotter\Desktop
Windows 8.1 (Update) (X64) (2016-04-08 21:09:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-212547075-2734779801-2451875018-500 - Administrator - Disabled)
Guest (S-1-5-21-212547075-2734779801-2451875018-501 - Limited - Disabled)
swashbucklingotter (S-1-5-21-212547075-2734779801-2451875018-1001 - Administrator - Enabled) => C:\Users\swashbucklingotter
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Amazon Kindle (HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Angry Video Game Nerd Adventures (HKLM\...\Steam App 237740) (Version:  - FreakZone Games)
Ansel (Version: 377.19 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier x64 External Package (Version: 10.1.14393.795 - Microsoft) Hidden
Bastion (HKLM\...\Steam App 107100) (Version:  - Supergiant Games)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1505.1901 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.20.2 - Bethesda Softworks)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Configure (HKLM-x32\...\{5563D674-6B02-43F4-B9D0-C2A944E84F3C}) (Version: 20.014.12127 - Micro-Star International Co., Ltd.)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Breath of Death VII  (HKLM\...\Steam App 107300) (Version:  - Zeboyd Games)
Broken Age (HKLM\...\Steam App 232790) (Version:  - Double Fine Productions)
Brütal Legend (HKLM\...\Steam App 225260) (Version:  - Double Fine Productions)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.2.0 - Canon Inc.)
Cave Story+ (HKLM\...\Steam App 200900) (Version:  - Nicalis)
CheckDevicesConfigurator (Version: 2.2.301 - Nahimic) Hidden
Cthulhu Saves the World  (HKLM\...\Steam App 107310) (Version:  - Zeboyd Games)
DARK SOULS™ III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DiagnosticsHub_CollectionService (Version: 15.0.26208 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN Touchpad 11.13.11.4_X64_WHQL (HKLM\...\Elantech) (Version: 11.13.11.4 - ELAN Microelectronic Corp.)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Fable Anniversary (HKLM\...\Steam App 288470) (Version:  - Lionhead Studios)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version:  - Square Enix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hyperdimension Neptunia Re;Birth1 (HKLM\...\Steam App 282900) (Version:  - IDEA FACTORY Co., Ltd.)
icecap_collection_neutral (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{66614300-cd9b-4a62-8b18-c97e9562dc3e}) (Version: 19.50.0 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1122 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1122 - Rivet Networks)
Kits Configuration Installer (x32 Version: 10.1.14393.795 - Microsoft) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1511.1001 - Application)
KLM (x32 Version: 1.0.1511.1001 - Application) Hidden
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup (Version: 2.2.301 - Nahimic) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Learn Japanese To Survive - Hiragana Battle (HKLM\...\Steam App 438270) (Version:  - Sleepy Duck Educational Games)
Magicka (HKLM\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.5.30308.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nahimic 2 (HKLM-x32\...\{4bf3a886-d271-4103-92f0-b55fbd8447f4}) (Version: 2.2.3 - Nahimic)
Nahimic2UISetup (Version: 2.2.301 - Nahimic) Hidden
NahimicSettingsConfigurator (Version: 2.2.301 - Nahimic) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 377.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 377.19 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
Orcs Must Die! 2 (HKLM\...\Steam App 201790) (Version:  - Robot Entertainment)
Overlord (HKLM\...\Steam App 11450) (Version:  - Triumph Studios)
ProductDaemonSetup (Version: 2.2.301 - Nahimic) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts (HKLM\...\Steam App 3830) (Version:  - Double Fine Productions)
Quake Champions (HKLM-x32\...\Quake Champions) (Version:  - Bethesda Softworks)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7796 - Realtek Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM\...\Steam App 254700) (Version:  - Capcom)
RPG Maker VX Ace (HKLM\...\Steam App 220700) (Version:  - KADOKAWA)
SCM (HKLM\...\{8B57FEA1-ABC0-4469-9205-856FD0D97C40}) (Version: 13.016.01229 - Application)
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
SEGA Mega Drive & Genesis Classics (HKLM\...\Steam App 34270) (Version:  - Sega)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version:  - Paradox Development Studio)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Tabletop Simulator (HKLM\...\Steam App 286160) (Version:  - Berserk Games)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Thief (HKLM\...\Steam App 239160) (Version:  - Eidos-Montréal)
Tomb Raider: Legend (HKLM\...\Steam App 7000) (Version:  - Crystal Dynamics)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UIInstallUpgrade (Version: 2.2.301 - Nahimic) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (x32 Version: 14.10.25008 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS JIT Debugger (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_communitymsi (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_communitymsires (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellmsi (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_minshellmsires (x32 Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_tipsmsi (x32 Version: 15.0.26208 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wakfu (HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\1F4715F1-86E7-4450-AA9A-13ADBF14BED1-2) (Version:  - Ankama)
WinAppDeploy (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{3BE62AA1-60B9-42EA-99BC-1A46B31C7E0C}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Wizard101 (HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-212547075-2734779801-2451875018-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DAFE4A-2166-4CB0-869C-9AF25C3E494C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {0626A527-3D4C-450D-9C2A-E0CC622D00EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-25] (Google Inc.)
Task: {15EEC7C1-ECF6-4716-9E91-98E34ADE02CF} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-03-30] ()
Task: {30F73EFF-EA55-4E2B-AC60-BCF4F646A660} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {3FB65751-1FBB-41CC-90FB-7BDBD820875D} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-03-30] ()
Task: {799239F0-2855-4563-8B71-1B8AFC54C4B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {8C0B5E25-5A51-4F28-9C94-ABAA86308D64} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-03-30] ()
Task: {F1580884-20AB-4B10-A582-3A80BAA31724} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {FDBAD197-1A52-4A9B-8A25-77F240761FAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\swashbucklingotter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-22 04:07 - 2016-04-22 04:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 04:07 - 2016-04-22 04:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-28 21:11 - 2016-02-04 12:53 - 00387144 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-05-25 15:29 - 2017-03-29 15:20 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-30 09:55 - 2016-03-30 09:55 - 00211816 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-03-30 09:55 - 2016-03-30 09:55 - 00284520 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2015-08-09 07:50 - 2015-08-09 07:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe
2016-03-30 09:52 - 2016-03-30 09:52 - 00690024 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2017-01-01 10:00 - 2017-01-01 10:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2017-06-27 17:09 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 17:09 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2015-08-09 07:52 - 2015-08-09 07:52 - 17973744 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2016-03-30 09:52 - 2016-03-30 09:52 - 01962496 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-03-30 09:55 - 2016-03-30 09:55 - 00500224 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-03-30 09:51 - 2016-03-30 09:51 - 00180584 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-03-30 09:49 - 2016-03-30 09:49 - 00252264 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\swashbucklingotter:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01556889.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01556889.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\swashbucklingotter\Desktop\Games_Nuka_Cola_from_Fallout_3_098691_.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-212547075-2734779801-2451875018-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F9F39BF3-2CF3-4C37-AB05-2C5B22638513}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763C5875-1951-4CD1-A757-2E75815382B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6DB8061D-79FE-4A1D-A3A0-B71199FE72BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{39379A1C-1F24-4809-8D56-3A3D52A429B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9E689E0F-4107-414D-9CF8-B6ADF40209C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5AD3957D-4AEE-49E8-9EA3-ECE68E4BB67D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{507F5969-F2A7-4584-B57C-9702BAFF5DEF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19D29E9C-5C6C-47E1-A899-977AF3076C16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4330309-1C69-4A74-88E4-BF2FD175D120}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54565C65-9EBC-4E3F-9EFE-23612EE0BBEA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{519D3DE3-49E6-46A1-B274-BB0836E2DCA9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51218F32-8B08-4245-A5E7-BCE3156ACB45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66D53E06-3DF2-4636-AD5E-A7712A6D0924}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7312997-C871-4C27-8341-246DAD324F33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C3751ACD-C875-4D15-8ED8-2C47984B7701}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{732977CE-3C48-4C81-A1D8-797AB7F95FAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{C55A51E0-F29E-42A7-8B30-F559BB319E30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{2894F6B9-7358-41FC-8570-F48C19EADF3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{C1022451-9CDF-412C-909E-3316A1FB5DB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{708163AE-D9D5-4D43-A8AE-77F8C173B6FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{A8A25657-9D7A-40BE-9F99-D39569AC975E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Breath of Death VII\BoDVIIPC.exe
FirewallRules: [{E667A734-767F-4845-AE09-0C1F16AEF1F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{A93872EC-F7DA-4F6D-BAF8-106BF71AFDCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{4E8F2C79-70D3-488E-8BC4-C8A23E346F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B108EFCC-9FC6-49A4-9ACE-01393925BA3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{E628E312-E3DB-4BC2-A905-2ADC91ADE0A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{0DFC26A0-E811-4927-A4D3-06DC630282FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{9452721E-0F1D-4987-9243-D47179D67ACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{4A5D81B9-4D8F-49F5-B892-E8D412AC3E38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [TCP Query User{E544A7D0-C3FA-4EC8-A43C-6D3D5BEBF157}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0EFB3780-88D3-467D-A1BF-27755AD55362}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{341BBF48-61D4-4C6E-AE23-7E2452FB915C}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F357006B-0A78-4E85-95A0-40B6C11748C5}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F4A82DA1-069F-4CEF-A666-D2A0627E8D90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{CAEE45A1-1DD0-4F54-BD1C-F390955296A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [TCP Query User{032DBF19-16D3-4C0C-A4AC-3340EF15DB61}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5701999E-E662-4749-8896-A1EF536F4C01}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B05852C6-2D91-462C-A59F-E92994AEA197}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D6ACBAF3-DF7B-42CB-8606-B149B2F7CECF}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{011E37A9-64C5-47E9-A4E5-44BFC14FC995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{24A2445F-867D-4FB9-9E19-D9BE929ACCA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{4299B62A-E73F-4306-8307-2309874402AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{0B0862B0-6815-42DE-9B07-A60E027B316D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [TCP Query User{962D61D3-AAA0-4DA2-A6DB-23C67FCAFCCE}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{2277ACE4-6EF4-4827-8498-4CD6046DFBBA}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe
FirewallRules: [{F0EC704F-1BDE-41CD-8E87-1F299C23F9C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{6C3DED6C-DE09-4275-B095-0ACEB25694AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{A9205BEB-85E5-4756-B09A-A3FB3FA252E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{ABB09CC8-9ABD-44A9-A918-AC03B4154E02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{1AE3867B-FC2A-41A7-AFDC-424C6A434CD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [{9B5B7B6D-D14D-4F40-992D-C9E74FA8470A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Age\BrokenAge.exe
FirewallRules: [TCP Query User{840AA566-7D32-44B1-B89A-41D369F4A916}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{ADB3C8B9-616B-44E2-A50C-447BE597BE08}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{DE740EA1-972C-4546-9F39-456301EA6A9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{7C0C711D-190E-4A62-8EE0-95CF192E28F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{8ACE291B-E4E7-4E87-97EF-168C284E48CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{BAEC3EDB-4DBA-4304-AA80-1AA2CC3B9FCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{F53D223A-E881-4A6F-BF9F-14F33341E787}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{FD620BB8-4B6F-4B60-A86D-FDF56D41DB19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{531D45B4-D16E-4B32-8613-B9466FBD06C7}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{9E00A9C6-EDFE-4608-8749-CA817E5E3D1B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{0E20D5EC-DAF3-4F8A-A58A-3B72BCAA8656}C:\users\swashbucklingotter\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\swashbucklingotter\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{708E6CB4-2AA0-4C53-A377-3AC51A0CB05C}C:\users\swashbucklingotter\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\swashbucklingotter\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{EB811F36-A057-48D2-BF2C-324A5964AFC4}] => (Block) C:\users\swashbucklingotter\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{75B09911-EF4F-4198-ACB6-EAA3E3CF4734}] => (Block) C:\users\swashbucklingotter\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E0C7BCDB-5768-494F-8CAB-7D3E529B73E2}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{B0AC1AC1-679A-4710-A613-76026BD67251}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{8AC85922-528A-435B-A8EA-C27C72DF61CE}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{7B9DEBFB-4C84-4DAB-B0F4-2383C88FF819}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{DBEBC780-BFB1-4779-B34A-D03D5C509DA2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{C9A4EA40-0562-43CA-B82F-685E0CC31A8D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{F13E578E-D99B-40EC-825D-4AC74E020BC4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{7B8E57DF-550E-42C7-A735-5159C6014109}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{0BE08725-6C42-4C81-B735-9B55FA6320F3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6794AD9B-73A6-4DDB-9B6A-7BEA6E312B25}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A039D119-5E1E-41DF-A115-9EE9A1DDF981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{7367AF82-0CD2-4A37-9278-BFAA8A3DCCE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{6A3EBDB0-D526-4F32-9792-5FE5567D6A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{3EAC80D9-8D9B-454D-8EB1-6FBDE98E70DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{39B48803-E990-4F57-B31A-D31A88448380}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{10F3BC4B-5F58-4334-AA8F-3C62E7360207}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [TCP Query User{0928F822-45AA-4292-887A-2C6957DAE1EA}C:\users\swashbucklingotter\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\swashbucklingotter\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{785A1D43-4CD0-4F92-86DE-B62035BF0BE2}C:\users\swashbucklingotter\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\swashbucklingotter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FFACC221-ED04-410C-8EDD-66900626426A}] => (Block) C:\users\swashbucklingotter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{54B0CEF4-5103-4CF0-B57B-DC720220F01D}] => (Block) C:\users\swashbucklingotter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0BCE3E4E-36E0-4EBC-8040-AACC1E39C2B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe
FirewallRules: [{6EEEE521-E783-4D35-B786-238C4A9DDD35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Overlord.exe
FirewallRules: [{1E2BB0C6-5EB7-42CB-9A76-EE1496888CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe
FirewallRules: [{5EE9C0C8-136E-4069-80C1-8377A8B66D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overlord\Config.exe
FirewallRules: [{07F1491C-7B89-4F3D-AA16-944ED8E1E5B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{AA7D46AA-DA1D-4260-885B-A3F34181693E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{406D9094-473D-4007-B87C-D0ECE6DED13C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{9B67F688-9838-4D64-BA87-9994BC3A1CC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [TCP Query User{29AD410A-7D89-4D0E-8A97-42B1A4B32177}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8F786DEF-161B-4C5A-8601-40DE2B69261B}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [{6F40EC40-79A2-4570-ACFE-60734F2E6278}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{A49DBB75-9FA7-415C-B4C0-D08DD53279C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{894F0571-3596-4A41-9D4F-8934FAAB88FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{3908BEDE-C284-4FEE-9724-BB28C7A5E06D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{4F0B2713-E0A7-4352-B996-C22128B2EBFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{D5757804-2013-4753-A30F-AC4A721AED08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{77ACFFE1-6A2C-4C00-B412-33873BABACFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{9A630E00-5A31-4F83-B146-D152BBE9FA09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [TCP Query User{4AF3FED2-2C2F-4C6C-8F03-B7E76575561E}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{864F0F79-8935-45FD-839B-1E08CD9A6E09}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2CB9346F-8EA5-4BB1-BD87-A6DDA1DB03FA}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{AB8773FE-9249-4A5E-B36F-B73152435D20}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{62971623-3746-4E05-B8B3-1BB1D00A0366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{E298CF80-97C4-4C44-AAE6-73091E8DC084}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{B6356DEE-BF87-4DB1-A1E7-66D8C53622B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe
FirewallRules: [{AF7730B2-AF58-4E2B-A9E7-2664CBD3FD0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe
FirewallRules: [{2B130488-B5C7-493A-9996-5C486619B77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe
FirewallRules: [{D70C3D13-9BD8-4243-BDA7-AC970F653CD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe
FirewallRules: [{D43B11B4-941C-4B53-9A92-104C2BE2039E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Angry Video Game Nerd Adventures\avgn.exe
FirewallRules: [{D010A26B-8196-4666-9170-A16BD57CA682}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Angry Video Game Nerd Adventures\avgn.exe
FirewallRules: [{5C35ED08-E2D4-4421-9406-8B384E4D7971}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{2D150082-4C05-4BDD-A926-568711275449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [TCP Query User{4AD18024-DBBC-4E45-8851-3589B2F0D0D8}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{ABC37358-B951-4771-9266-22CEB84440DD}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{E6A59BD8-6FA7-4FBB-9765-FDEAD4F91941}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{FD561406-065E-4B01-A44C-84D6C61747E6}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{5FA8AE99-1FDE-4377-8A48-DC7CFC84C23C}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{A53CD1C5-D5ED-4FBD-999C-6B05FB8C49C2}C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\ue_4.15\engine\binaries\win64\ue4editor.exe
FirewallRules: [{E6D2CE7A-A84A-4F6A-94C4-18AD57DF2226}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{27675514-1314-47A9-92E2-C8C4DA3DA018}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3A8B2DAE-97B4-48C5-9EC5-8ACED32E1DCB}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{4C7229C0-A43B-4070-93F2-DF0EC4AC2CBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D6AFEBA1-1671-4929-A2F8-16BA6DA73EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{99AEF27F-AF87-4B40-9F85-80DB41471F33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{94CA9DE6-A2A6-4209-AA60-1A652942B29E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{DFC9AE49-F5A8-4315-BAD0-0CDA37719859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{9FB71A25-43E6-4CFE-BF54-F943F66F9E72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{2F561F3E-876B-4CC8-839E-324C733FE556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{F2D86FB7-9B74-4E2E-A587-8FA576FFE179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{13AA3011-8735-4CCE-BBDA-3F73347A51EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{DD95C01B-F576-4591-A337-C0560FF930F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{72F0CD07-5E68-4FAF-942A-14B8FB3C3150}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{904A39DF-1B84-4B89-8CA5-736618284FFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{27E6FC22-E4D3-4DBE-8147-B67D603A0258}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{DFEF3668-20F9-4C3E-B41E-8CD67B4C52AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{359AC14E-1980-4FDA-828D-2CE08548FF0B}C:\program files (x86)\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) C:\program files (x86)\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [UDP Query User{2C557DA7-A934-41D0-8830-C63C01163079}C:\program files (x86)\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) C:\program files (x86)\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [{95197837-6FAB-49B5-9F9D-35D563FAC065}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-06-2017 14:04:08 Scheduled Checkpoint
14-06-2017 12:02:09 UE4 Prerequisites (x64)
22-06-2017 15:37:20 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Killer e2200 Gigabit Ethernet Controller
Description: Killer e2200 Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Rivet Networks
Service: Ke2200
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2017 08:37:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Battle.net Helper.exe, version: 0.0.0.0, time stamp: 0x5926239f
Faulting module name: libcef.dll, version: 3.2623.1433.0, time stamp: 0x590b8573
Exception code: 0x80000003
Fault offset: 0x0019afa9
Faulting process id: 0x19a0
Faulting application start time: 0x01d2efa6b1061b4b
Faulting application path: C:\Program Files (x86)\Battle.net\Battle.net.8839\Battle.net Helper.exe
Faulting module path: C:\Program Files (x86)\Battle.net\Battle.net.8839\libcef.dll
Report Id: 0130d86a-5b9a-11e7-8287-d07e35f13cc1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2017 11:33:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/27/2017 11:33:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\wsutil.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\wsutil.exe" on line 9.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
Error: (06/27/2017 11:33:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\wstraceutil.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\wstraceutil.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
Error: (06/27/2017 11:33:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\wstracedump.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\wstracedump.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
Error: (06/27/2017 11:33:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/27/2017 11:33:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\makepri.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\makepri.exe" on line 9.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
Error: (06/27/2017 11:33:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\mc.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\mc.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
Error: (06/27/2017 11:33:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\accevent.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\accevent.exe" on line 8.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
Error: (06/27/2017 11:33:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Kits\10\bin\arm64\makecert.exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Kits\10\bin\arm64\makecert.exe" on line 9.
The value "arm64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (06/27/2017 04:28:24 PM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/27/2017 04:27:54 PM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 01:22:22 PM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 01:21:52 PM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 09:20:59 AM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 09:20:29 AM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 08:57:23 AM) (Source: DCOM) (EventID: 10005) (User: viktor)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (06/25/2017 08:57:23 AM) (Source: DCOM) (EventID: 10005) (User: viktor)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/25/2017 08:57:23 AM) (Source: DCOM) (EventID: 10010) (User: viktor)
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
 
Error: (06/25/2017 08:56:52 AM) (Source: DCOM) (EventID: 10005) (User: viktor)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-06-27 16:29:58.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-25 09:22:46.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-24 14:39:38.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-23 10:06:21.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-23 08:58:28.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-09 16:27:46.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-09 16:27:46.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-09 16:27:46.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-09 16:27:45.927
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-28 14:09:42.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 26%
Total physical RAM: 12205.81 MB
Available physical RAM: 9017.9 MB
Total Virtual: 17314.81 MB
Available Virtual: 13814.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:569.75 GB) (Free:236.21 GB) NTFS
Drive d: (Data) (Fixed) (Total:344.35 GB) (Free:344.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D150EF90)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 03 July 2017 - 05:26 AM

I'm back.

 

One question about the audio issue. Are your speakers powered by a USB port, or the wall outlet? Have you tried those speakers on another computer?

 

:step1:
Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

:step2:

I reviewed your logs, and I'm not seeing anything to worry about. Still, there are some files I like to have analyzed.

  • Please go to: VirusTotal
  • On the page you'll find a "Choose File" button.
    Click on the Choose File button.
  • In theChoose File to Upload window which opens, follow the file path to this file.

C:\Program Files (x86)\KLM\KLM.exe

  • If you get a message "File already analysed" click Reanalyse
  • Post the link to the Virus Total results.

:step3: 

We need to see the contents of a couple of files with SystemLook:

  • Please download SystemLook (32-bit) by jpshortstuff and save it to your desktop
  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:
    :contents
    C:\Users\swashbucklingotter\installshield_scm.reg
    C:\Users\swashbucklingotter\scm.reg
    
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. (SystemLook.txt) Please post this log in your next reply.

If you have any questions, don't hesitate to ask. 


To err is Human. To blame it on someone else is even more Human.

#6 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 03 July 2017 - 05:45 AM

the speakers are internal the computer is a laptop. i apologize for the lack of info there i thought i had said it was a laptop. in case i didnt mention it as well i looked when it happened in the audio devices and it showed that some of my realtek audio devices were "unplugged" witch didnt make sense since they are interal and i had to reenable stereo mix to get it to work again. as for utorrent i dont use it at all. im very aware of the risks of using P2P software. i had downloaded it for a single use a while ago and it was from a trusted source. i thought i had deleted it. i have it uninstalled now. the KLM program is the lighting program for my keyboard. it came preinstalled on my laptop. i did virus total and it showed 0/62 for the detection ratio. here is the system look log.
 

SystemLook 30.07.11 by jpshortstuff
Log created at 06:38 on 03/07/2017 by swashbucklingotter
Administrator - Elevation successful
 
========== contents ==========
 
C:\Users\swashbucklingotter\installshield_scm.reg - Opened succesfully.
 
ÿþWindows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}]
"UninstallString"="C:\\Program Files (x86)\\InstallShield Installation Information\\{3E23F267-3E35-40F9-B6BF-BC034D214717}\\setup.exe -runfromtemp -l0x0409"
"DisplayName"="MSI Remind Manager"
"LogFile"="C:\\Program Files (x86)\\InstallShield Installation Information\\{3E23F267-3E35-40F9-B6BF-BC034D214717}\\Setup.ilg"
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0.1601.2201"
"HelpTelephone"=""
"InstallDate"="20160525"
"InstallLocation"="C:\\Program Files (x86)\\MSI\\MSI Remind Manager\\"
"InstallSource"="C:\\Users\\SWASHB~1\\AppData\\Local\\Temp\\{B894103D-12DB-41F9-91E7-06BE8676D8E5}\\"
"ProductID"=""
"Publisher"="Micro-Star International Co., Ltd."
"Readme"=""
"URLInfoAbout"="http://www.msi.com"
"URLUpdateInfo"=""
"HelpLink"=hex(2):00,00
"EstimatedSize"=dword:000020d5
"Language"=dword:00000409
"Version"=dword:01000641
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"DisplayIcon"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,00,7b,00,\
  33,00,45,00,32,00,33,00,46,00,32,00,36,00,37,00,2d,00,33,00,45,00,33,00,35,\
  00,2d,00,34,00,30,00,46,00,39,00,2d,00,42,00,36,00,42,00,46,00,2d,00,42,00,\
  43,00,30,00,33,00,34,00,44,00,32,00,31,00,34,00,37,00,31,00,37,00,7d,00,5c,\
  00,41,00,52,00,50,00,50,00,52,00,4f,00,44,00,55,00,43,00,54,00,49,00,43,00,\
  4f,00,4e,00,2e,00,65,00,78,00,65,00,00,00
"RegOwner"="swashbucklingotter"
"RegCompany"=""
 
 
 
C:\Users\swashbucklingotter\scm.reg - Opened succesfully.
 
ÿþWindows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E23F267-3E35-40F9-B6BF-BC034D214717}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0.1601.2201"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20160525"
"InstallLocation"="C:\\Program Files (x86)\\MSI\\MSI Remind Manager\\"
"InstallSource"="C:\\Users\\SWASHB~1\\AppData\\Local\\Temp\\{B894103D-12DB-41F9-91E7-06BE8676D8E5}\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"Publisher"="Micro-Star International Co., Ltd."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000020d5
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.msi.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01000641
"Language"=dword:00000409
"DisplayName"="MSI Remind Manager"
 
 
 
-= EOF =-


#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 03 July 2017 - 04:03 PM

the speakers are internal the computer is a laptop. i apologize for the lack of info there i thought i had said it was a laptop.


No need to apologize. Somehow I had the idea you did what I do, which is hook external speakers to the lap top. Try using headphones with the laptop and see if the problem persists. Keep the volume down on the headphones. Safety first.
 

the KLM program is the lighting program for my keyboard. it came preinstalled on my laptop. i did virus total and it showed 0/62 for the detection ratio.


I wanted to check that file because it had a generic (Application) name. I've seen that process before, it's called (Micro-Star International Co., Ltd.). No harm in checking it out.

Honestly, I'm not seeing any rootkit, or any other malware. This might be some hardware issues. Could you give me the make and model of this computer? Full disclosure, hardware issues aren't my strong suit. We can check your hard drive and memory.

Back up any data you wish to save!. Just in case there is a problem.

Run Check Disk

  • Hit the Windows Key + E
  • Right click Local Disk (C:)
  • Click Properties from the pop-up menu that appeared after right-clicking.
  • Choose the Tools tab from the collection of tabs at the top of the Properties Window.
  • Now click Check. If you see any message reading You don't need to scan this drive...
    click ---> Scan drive
  • Note any problems.

Run Memory Test

  • Click Windows Key + R, type mdsched.exe in the box, and then press Enter.
  • Choose whether to restart the computer and run the tool immediately or schedule the tool to run at the next restart.
  • Windows Memory Diagnostics runs automatically after the computer restarts and performs a standard memory test automatically. If you want to perform fewer or more tests, press F1, use the Up and Down arrow keys to set the Test Mix as Basic, Standard, or Extended, and then press F10 to apply the desired settings and resume testing.
  • When testing is completed, the computer restarts automatically. You’ll see the test results when you log on.

Another scan with something else, as a second opinion.

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

So let me know the make and model of this laptop, any problems with the tests, and post the ESET log, if it found anything.


To err is Human. To blame it on someone else is even more Human.

#8 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 July 2017 - 11:26 AM

its a MSI laptop, apache pro i dont know the rest of the model i cant seem to find the right one online or on the comp. i did the disk check and nothing came up and passed the memory because i did one of those before i posted here but the ESET scanner found some stuff
 

C:\Users\swashbucklingotter\AppData\Local\Temp\HYD73B.tmp.1479156801\HTA\install.1479156801.zip a variant of Win32/FusionCore.K potentially unwanted application deleted
C:\Users\swashbucklingotter\AppData\Local\Temp\HYD73B.tmp.1479156801\HTA\3rdparty\FS.dll a variant of Win32/FusionCore.K potentially unwanted application cleaned by deleting
C:\Users\swashbucklingotter\AppData\Local\Temp\HYD8153.tmp.1499078164\HTA\install.1499078164.zip a variant of Win32/FusionCore.K potentially unwanted application deleted
C:\Users\swashbucklingotter\AppData\Local\Temp\HYD8153.tmp.1499078164\HTA\3rdparty\FS.dll a variant of Win32/FusionCore.K potentially unwanted application cleaned by deleting

im going to run the memory scan now and post when its done.


#9 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 July 2017 - 11:54 AM

no memory issues were found.



#10 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 07 July 2017 - 07:32 AM

Is your computer running any better since the ESET scan?

Win32/FusionCore.K fall under the heading of PUA/PUP. More information here:

https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

We can run Speccy to get a better picture of your hardware situation:

  • Download Speccy portable HERE. It's a direct download.
  • Right click spsetup.zip and choose Extract All....
  • In the Window that appears let Windows create the folder, and ensure that the box Show extracted files when complete is checked.
  • Choose Speccy64.exe in the folder that appears.
  • When the scan is done click File at the top left of the Speccy Window, then Publish Snapshot....
  • Click Yes at the next prompt.
  • Now click Copy to Clipboard.
  • Paste that link in your next reply.

To err is Human. To blame it on someone else is even more Human.

#11 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 07 July 2017 - 06:38 PM

to be honest its been running better since i shut it off for a few days before you responded to my post initially. im still getting increases in my C:drive consumption by my .1 -3 gigs. the longer i leave it on the more the consumption changes and when i leave it alone and it goes into sleep mode there is a bigger increase in consumption.  other then that i haven't had any issue.

http://speccy.piriform.com/results/wATVfUTFVIzWGzBtpwSyl76
 



#12 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 09 July 2017 - 03:28 AM

Maybe we can find out what's writing to your disk.

  • Press Ctrl+Shift+Esc to bring up Task Manager.
  • Keep clicking the Disk tab until you see processes that are writing to your drive. You'll know what those are because they'll read greater than 0%. Note which processes are writing to disk and report them.

To err is Human. To blame it on someone else is even more Human.

#13 swashbucklingotter

swashbucklingotter
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 10 July 2017 - 12:00 PM

i got one of those noises indicating something happening again and nothing was there but all my processes changed. desktop windows manager, bonjour service, client server runtime process, console window host, device association framework, elan, ETD control center then google chrome but none of those are using any disk usage. there is also multipe of the client server runtime process and console window host. Microsoft Network Realtime Inspection Service keeps going up to 2mb/s usage and system keeps going from 0.1 to 4mb/s all the others are either 0 or 0.1mb/s i also just got a message that my windows defender virus definitions needed to be updated so i did and it told me it couldnt and i need to check my internet connection but it installed and downloaded anyway.


Edited by swashbucklingotter, 10 July 2017 - 12:27 PM.


#14 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 11 July 2017 - 03:30 PM

i got one of those noises indicating something happening again and nothing was there but all my processes changed. desktop windows manager, bonjour service, client server runtime process, console window host, device association framework, elan, ETD control center then google chrome but none of those are using any disk usage. there is also multipe of the client server runtime process and console window host. Microsoft Network Realtime Inspection Service keeps going up to 2mb/s usage and system keeps going from 0.1 to 4mb/s all the others are either 0 or 0.1mb/s i also just got a message that my windows defender virus definitions needed to be updated so i did and it told me it couldnt and i need to check my internet connection but it installed and downloaded anyway.


Whatever that "Something" is that's happening is legit. I see no evidence of anything malicious going on here. Multiple instances of "client server runtime process and console window host" is normal. I have a few of each going on in my computer.

Your disk usage is also within normal parameters. Just in the last few minutes mine was jumping around from 1% to 5%. Probably something writing log files that will be ignored and deleted with my next Disk Clean operation.

If you want one last opinion:


Please download: Dr.Web CureIt!

You will see a on the web page this:

5znm8p.jpg

Make sure both boxes on the left are ticked, then click Download on the right.

This will start the download of a randomly named file. It's a big file, it might take a few minutes to get it all.

Save any work and close all programs.

Double-click the random named file (i.e. 5mkuvc4z.exe) to run the program.

When first launched, Dr.Web CureIt loads a Window with: "I agree to participate in software...". Tick that box then click continue.

At the Scan Mode window, press: Start Scanning

An Express Scan window appears where Dr.Web CureIt! displays general information on its progress and lists detected threats.
This scan may take a while depending on the number of drives or directories, so please be patient.

When the scan is done, a Scanning Completed window appears.
If viruses or other threats are identified, press: Neutralize
(Note: If you need to apply a different action to a threat, click the Action for it, and select whether to Cure, Move or Delete.)
When Neutralize is selected, a window appears with the neutralizing progress.

A Curing Completed window shows when the threats are neutralized successfully.
Close the window to return to the Desktop.
Also, restart the computer so files in use can be moved or deleted.
When back in Windows, search for the CureIt log:
  • Press Start, and in the Search programs and files area, type in (or copy/paste) the following: %USERPROFILE%\Doctor Web
  • When the Doctor Web folder appears in the search area, open the folder, and then open the CureIt log.
>> Please post the CureIt.log in your reply.
To err is Human. To blame it on someone else is even more Human.

#15 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:07 AM

Posted 14 July 2017 - 08:20 AM

Do you still need my help?
To err is Human. To blame it on someone else is even more Human.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users