INeedHelpWithAProblem

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017 Ran by JosephWhittaker (21-09-2017 19:16:51) Run:1 Running from C:\Users\Joseph Whittaker\Desktop Loaded Profiles: JosephWhittaker & (Available Profiles: JosephWhittaker) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {default} recoveryenabled yes CMD: dir C:\Windows CMD: dir C:\Windows\system32\drivers ***************** ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ========= dir C:\Windows ========= Volume in drive C is Windows Volume Serial Number is 5085-9965 Directory of C:\Windows 09/21/2017 04:37 PM <DIR> . 09/21/2017 04:37 PM <DIR> .. 07/18/2016 08:22 PM <DIR> 8A809006C25A4A3A9DAB94659BCDB107.TMP 08/22/2013 08:36 AM <DIR> addins 08/22/2013 08:36 AM <DIR> ADFS 11/27/2015 08:08 AM <DIR> AppCompat 10/22/2016 05:29 AM <DIR> apppatch 09/14/2017 04:11 PM <DIR> AppReadiness 05/05/2013 04:22 AM 47,164 atiogl.xml 04/02/2014 11:12 AM 0 ativpsrm.bin 08/22/2013 04:21 AM 56,832 bfsvc.exe 08/22/2013 08:36 AM <DIR> Boot 08/22/2013 08:36 AM <DIR> Branding 11/28/2015 12:06 AM <DIR> Camera 05/03/2017 06:50 PM <DIR> CbsTemp 08/21/2013 11:51 PM 35,851 Core.xml 08/21/2013 11:51 PM 35,851 CoreSingleLanguage.xml 04/02/2014 11:57 AM 10 csup.txt 08/22/2013 08:36 AM <DIR> Cursors 12/12/2015 09:05 PM <DIR> D56B0E274A3E46C9B5C1D93D580C099C.TMP 09/19/2017 04:55 PM <DIR> debug 08/22/2013 08:36 AM <DIR> DesktopTileResources 08/22/2013 08:36 AM <DIR> diagnostics 08/22/2013 08:43 AM <DIR> DigitalLocker 04/02/2014 12:17 PM <DIR> en 11/26/2015 07:19 AM <DIR> en-US 08/27/2016 12:44 PM 2,755,504 explorer.exe 11/28/2015 12:06 AM <DIR> FileManager 03/11/2017 08:26 AM 328 game.ini 06/19/2005 09:45 AM 262,144 glide2x.dll 06/19/2005 09:45 AM 258,048 glide3x.dll 09/24/2016 08:25 AM <DIR> Globalization 08/22/2013 12:10 PM <DIR> Help 10/28/2014 06:46 PM 1,001,472 HelpPane.exe 04/02/2014 12:08 PM <DIR> Hewlett-Packard 10/28/2014 07:43 PM 17,408 hh.exe 07/22/2017 10:59 AM 79,142 hpqins05.dat 11/03/2016 04:02 PM 218,321 hpwins23.dat 10/15/2012 07:11 AM 1,698 hpwmdl23.dat 10/15/2012 07:11 AM 1,698 hpwmdl23.dat.temp 11/28/2015 12:02 AM <DIR> IME 11/28/2015 12:07 AM <DIR> ImmersiveControlPanel 09/17/2017 04:38 PM <DIR> Inf 06/07/2016 07:59 AM <DIR> InputMethod 07/20/2016 07:23 PM <DIR> Installing Adobe Acrobat Reader 10/11/2015 07:00 AM 0 iplayer.INI 10/29/1998 04:45 PM 306,688 IsUninst.exe 07/01/2016 08:52 AM 0 ka.ini 08/22/2013 08:36 AM <DIR> L2Schemas 08/01/2017 11:56 AM <DIR> LastGood.Tmp 04/01/2016 10:28 PM <DIR> LiveKernelReports 09/16/2017 11:14 AM <DIR> Logs 11/28/2015 12:06 AM <DIR> MediaViewer 02/12/2017 08:35 AM 392,632,543 MEMORY.DMP 08/22/2013 12:01 AM 43,131 mib.bin 09/11/2017 02:18 AM <DIR> Microsoft.NET 11/26/2015 07:22 AM <DIR> Migration 09/16/2017 11:14 AM <DIR> Minidump 08/22/2013 08:36 AM <DIR> ModemLogs 07/09/2015 10:13 AM 221,184 notepad.exe 11/16/2016 04:42 PM <DIR> Offline Web Pages 09/09/2017 03:52 PM <DIR> Panther 08/22/2013 08:36 AM <DIR> Performance 08/22/2013 08:36 AM <DIR> PLA 05/02/2016 04:44 PM <DIR> PolicyDefinitions 09/21/2017 07:16 PM <DIR> Prefetch 08/09/2017 05:49 PM <DIR> pss 10/28/2014 07:12 PM 154,624 regedit.exe 12/25/2015 12:18 PM <DIR> Registration 05/04/2017 04:08 PM <DIR> rescache 08/22/2013 08:36 AM <DIR> Resources 08/01/2017 11:39 AM 4,332,032 RtCRU64.exe 07/19/2013 04:55 PM 2,080,472 RtlExUpd.dll 08/22/2013 08:36 AM <DIR> SchCache 08/28/2016 11:43 AM <DIR> schemas 08/22/2013 08:36 AM <DIR> security 08/22/2013 07:45 AM <DIR> ServiceProfiles 11/28/2015 12:05 AM <DIR> servicing 08/24/2013 04:03 PM <DIR> Setup 10/22/2016 05:28 AM <DIR> ShellNew 05/05/2017 06:19 PM 354 SIERRA.INI 08/22/2013 12:12 PM <DIR> SKB 10/10/2015 11:11 AM <DIR> SoftwareDistribution 08/22/2013 08:36 AM <DIR> Speech 10/28/2014 07:19 PM 128,512 splwow64.exe 08/21/2013 11:51 PM 35,891 Starter.xml 12/03/2016 10:14 PM <DIR> System 08/22/2013 06:25 AM 219 system.ini 09/16/2017 11:14 AM <DIR> System32 08/22/2013 08:36 AM <DIR> SystemResources 09/10/2017 03:50 PM <DIR> SysWOW64 08/22/2013 08:36 AM <DIR> TAPI 09/17/2017 02:49 AM <DIR> Tasks 09/21/2017 04:12 PM <DIR> Temp 12/13/2016 06:44 PM <DIR> ToastData 01/21/2017 12:02 PM 402 toolsx86.INI 08/22/2013 08:36 AM <DIR> tracing 09/10/2017 09:16 PM <DIR> twain_32 10/28/2014 06:34 PM 54,272 twain_32.dll 05/21/2001 03:43 AM 712,970 UnDangerZ.exe 11/10/1999 11:05 AM 86,016 unvise32qt.exe 08/22/2013 08:36 AM <DIR> vpnplugins 08/22/2013 08:36 AM <DIR> Vss 08/22/2013 08:36 AM <DIR> Web 06/19/2017 01:08 PM 222 win.ini 09/21/2017 06:48 PM 1,092,359 WindowsUpdate.log 10/28/2014 06:53 PM 9,728 winhlp32.exe 11/26/2015 07:22 AM <DIR> WinStore 05/06/2017 09:43 PM <DIR> WinSxS 02/05/2013 10:56 PM 322,048 WLXPGSS.SCR 06/18/2013 07:54 AM 316,640 WMSysPr9.prx 10/28/2014 07:34 PM 11,264 write.exe 08/07/2017 08:11 PM 559,322 ZAM.krnl.trace 08/08/2017 06:10 AM 664,592 ZAM_Guard.krnl.trace 10/11/2015 03:16 PM 355,899 _detmp.1 11/09/1998 12:12 AM 51,712 _detmp.2 43 File(s) 408,944,567 bytes 73 Dir(s) 304,106,237,952 bytes free ========= End of CMD: ========= ========= dir C:\Windows\system32\drivers ========= Volume in drive C is Windows Volume Serial Number is 5085-9965 Directory of C:\Windows\system32\drivers 09/20/2017 04:31 PM <DIR> . 09/20/2017 04:31 PM <DIR> .. 08/22/2013 04:38 AM 231,424 1394ohci.sys 08/22/2013 05:43 AM 108,896 3ware.sys 09/20/2017 04:31 PM 253,888 737251EC.sys 10/06/2014 11:44 PM 533,824 acpi.sys 08/22/2013 05:49 AM 79,712 acpiex.sys 08/22/2013 04:38 AM 10,240 acpipagr.sys 08/22/2013 04:38 AM 12,288 acpipmi.sys 08/22/2013 04:38 AM 10,752 acpitime.sys 08/22/2013 05:43 AM 782,176 adp80xx.sys 10/13/2015 10:10 AM 559,616 afd.sys 07/07/2016 03:32 PM 95,744 agilevpn.sys 08/22/2013 05:43 AM 62,304 AGP440.sys 03/19/2015 06:56 PM 80,384 ahcache.sys 08/22/2013 01:46 AM 95,744 amdk8.sys 05/22/2013 05:38 AM 36,096 amdkmpfd.sys 08/22/2013 01:46 AM 98,816 amdppm.sys 08/22/2013 05:43 AM 79,200 amdsata.sys 08/22/2013 05:43 AM 259,424 amdsbs.sys 08/22/2013 05:43 AM 25,952 amdxata.sys 08/01/2017 11:49 AM 83,656 amd_sata.sys 08/01/2017 11:49 AM 23,752 amd_xata.sys 07/18/2013 04:00 PM 83,224 AmUStor.sys 10/28/2014 07:46 PM 82,944 appid.sys 07/29/2014 04:41 PM 1,984 AQFileRestore.inf 07/20/2015 09:18 PM 22,096 AQFileRestore.sys 08/22/2013 05:43 AM 114,016 arcsas.sys 08/22/2013 04:38 AM 26,624 asyncmac.sys 08/22/2013 05:43 AM 26,464 atapi.sys 08/22/2013 05:43 AM 199,520 ataport.sys 08/01/2017 11:55 AM 43,520 ati2erec.dll 06/23/2013 01:49 AM 138,240 AtihdWB6.sys 08/01/2017 11:55 AM 13,956,096 atikmdag.sys 08/01/2017 11:55 AM 632,320 atikmpag.sys 09/11/2016 06:45 PM 303,616 atksgt.sys 08/22/2013 04:39 AM 50,688 BasicDisplay.sys 02/22/2014 05:14 AM 33,280 BasicRender.sys 08/22/2013 05:49 AM 35,168 battc.sys 08/12/2013 04:25 PM 17,624 bcmfn2.sys 12/12/2011 05:37 PM 1,229,568 bcmwlhigh664.sys 08/22/2013 04:40 AM 7,680 beep.sys 10/04/2016 01:39 PM 101,376 bowser.sys 10/28/2014 07:45 PM 115,712 bridge.sys 11/23/2013 12:13 AM 19,456 BtaMPM.sys 08/22/2013 04:38 AM 36,992 BthAvrcpTg.sys 03/08/2015 07:02 PM 57,856 bthhfenum.sys 08/22/2013 04:38 AM 30,720 BthhfHid.sys 08/22/2013 04:36 AM 63,488 bthmodem.sys 08/22/2013 05:43 AM 531,296 bxvbda.sys 08/22/2013 04:40 AM 88,576 cdfs.sys 08/22/2013 01:46 AM 164,352 cdrom.sys 08/22/2013 04:38 AM 44,032 circlass.sys 05/06/2016 02:59 PM 331,608 Classpnp.sys 10/12/2016 01:01 AM 377,176 clfs.sys 08/22/2013 04:39 AM 25,472 CmBatt.sys 05/18/2016 04:18 PM 563,024 cng.sys 08/22/2013 04:38 AM 36,352 CompositeBus.sys 08/22/2013 06:25 AM 43,008 condrv.sys 05/29/2012 03:53 PM 27,456 cpqdfw.sys 08/22/2013 05:43 AM 68,960 crashdmp.sys 08/22/2013 05:50 AM 57,696 dam.sys 09/08/2016 07:00 AM 138,240 dfsc.sys 01/20/2016 03:40 PM 99,672 disk.sys 08/22/2013 05:43 AM 36,192 Diskdump.sys 08/22/2013 04:40 AM 13,312 Dmpusbstor.sys 08/22/2013 04:37 AM 29,696 dmvsc.sys 09/25/2012 12:52 AM 151,968 Dot4.sys 09/25/2012 12:52 AM 27,040 Dot4Prt.sys 09/25/2012 12:52 AM 49,056 Dot4usb.sys 10/28/2014 07:47 PM 89,088 drmk.sys 10/28/2014 08:58 PM 14,528 drmkaud.sys 08/22/2013 05:39 AM 33,632 Dumpata.sys 06/18/2016 01:06 PM 72,408 dumpfve.sys 03/12/2015 09:03 PM 154,432 dumpsd.sys 04/09/2016 10:37 PM 1,549,144 dxgkrnl.sys 10/28/2014 08:57 PM 389,952 dxgmms1.sys 06/18/2013 07:45 AM 460,288 e1i63x64.sys 08/22/2013 05:43 AM 82,784 EhStorClass.sys 08/22/2013 05:43 AM 114,016 EhStorTcgDrv.sys 10/22/2016 05:28 AM <DIR> en-US 08/22/2013 04:38 AM 10,240 errdev.sys 08/09/2017 05:15 PM <DIR> etc 08/22/2013 05:43 AM 3,357,024 evbda.sys 08/22/2013 04:40 AM 200,704 exfat.sys 08/22/2013 05:49 AM 217,952 fastfat.sys 05/03/2016 07:26 PM 79,064 fbwfh.sys 08/22/2013 04:40 AM 30,720 fdc.sys 02/22/2014 09:00 AM 79,192 fileinfo.sys 08/22/2013 04:39 AM 34,816 filetrace.sys 08/22/2013 04:40 AM 25,088 flpydisk.sys 08/25/2014 08:30 PM 354,112 fltMgr.sys 10/15/2014 01:32 AM 61,248 fsdepends.sys 08/22/2013 06:25 AM 30,048 fs_rec.sys 06/18/2016 01:06 PM 590,688 fvevol.sys 06/11/2015 01:12 PM 428,888 FWPKCLNT.SYS 08/22/2013 01:46 AM 27,136 fxppm.sys 08/22/2013 05:43 AM 65,888 GAGP30KX.SYS 06/18/2013 07:41 AM 3,440,660 gm.dls 06/18/2013 07:41 AM 646 gmreadme.txt 07/24/2014 04:45 AM 76,800 hdaudbus.sys 08/22/2013 04:38 AM 395,776 HdAudio.sys 08/22/2013 04:39 AM 26,624 hidbatt.sys 01/29/2015 08:01 PM 97,792 hidbth.sys 05/13/2016 04:08 PM 111,616 hidclass.sys 08/22/2013 04:37 AM 41,472 hidi2c.sys 08/22/2013 04:39 AM 45,568 hidir.sys 05/13/2016 04:08 PM 32,512 hidparse.sys 05/13/2016 04:08 PM 32,768 hidusb.sys 08/04/2017 10:15 AM 55,232 hitmanpro37.sys 08/22/2013 05:43 AM 64,352 HpSAMD.sys 02/24/2015 01:32 AM 991,552 http.sys 08/22/2013 05:39 AM 24,416 hwpolicy.sys 08/22/2013 04:37 AM 13,824 hyperkbd.sys 08/22/2013 04:39 AM 22,016 HyperVideo.sys 11/03/2014 11:54 PM 108,544 i8042prt.sys 07/30/2013 11:47 AM 24,568 iaLPSSi_GPIO.sys 07/25/2013 12:05 PM 99,320 iaLPSSi_I2C.sys 08/09/2013 05:39 PM 651,248 iaStorAV.sys 08/22/2013 05:43 AM 412,000 iaStorV.sys 08/22/2013 05:43 AM 18,272 intelide.sys 10/12/2014 07:43 PM 39,744 intelpep.sys 08/22/2013 01:46 AM 98,816 intelppm.sys 08/22/2013 04:35 AM 84,992 ipfltdrv.sys 02/03/2016 08:14 AM 80,896 IPMIDrv.sys 11/27/2013 05:02 AM 142,848 ipnat.sys 08/22/2013 04:37 AM 118,784 irda.sys 08/22/2013 04:38 AM 17,920 irenum.sys 08/22/2013 05:43 AM 21,856 isapnp.sys 11/04/2014 12:25 PM 59,712 kbdclass.sys 11/03/2014 11:54 PM 32,256 kbdhid.sys 08/22/2013 04:38 AM 19,456 kdnic.sys 07/04/2014 05:59 AM 295,424 ks.sys 08/22/2016 09:06 AM 100,184 ksecdd.sys 05/18/2016 04:16 PM 178,016 ksecpkg.sys 08/22/2013 04:39 AM 21,248 ksthunk.sys 09/11/2016 06:43 PM 35,328 lirsgt.sys 08/22/2013 04:36 AM 59,392 lltdio.sys 08/22/2013 05:43 AM 109,408 lsi_sas.sys 08/22/2013 05:43 AM 93,536 lsi_sas2.sys 08/22/2013 05:43 AM 81,760 lsi_sas3.sys 08/22/2013 05:43 AM 82,784 lsi_sss.sys 02/22/2014 05:14 AM 124,416 luafv.sys 08/05/2017 07:28 AM 109,272 mbamchameleon.sys 09/04/2017 11:34 AM 194,776 MBAMSwissArmy.sys 08/22/2013 04:39 AM 22,016 mcd.sys 08/22/2013 05:43 AM 56,672 megasas.sys 08/22/2013 05:43 AM 575,840 megasr.sys 08/22/2013 04:40 AM 40,960 modem.sys 08/22/2013 04:36 AM 30,208 monitor.sys 11/04/2014 12:25 PM 51,008 mouclass.sys 11/03/2014 11:54 PM 30,208 mouhid.sys 07/08/2016 03:35 PM 101,208 mountmgr.sys 07/28/2013 01:24 PM 104,736 mouqwtlo.sys 10/28/2014 07:45 PM 74,240 mpsdrv.sys 09/08/2016 07:00 AM 140,800 mrxdav.sys 08/20/2016 06:01 PM 401,408 mrxsmb.sys 08/20/2016 06:01 PM 284,672 mrxsmb10.sys 08/20/2016 06:03 PM 201,728 mrxsmb20.sys 08/22/2013 06:25 AM 30,208 msfs.sys 06/18/2013 07:52 AM 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf 06/18/2013 08:20 AM 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf 08/14/2014 05:36 PM 146,752 msgpioclx.sys 08/22/2013 05:43 AM 41,824 msgpiowin32.sys 08/22/2013 04:39 AM 8,192 mshidkmdf.sys 08/22/2013 04:39 AM 9,728 mshidumdf.sys 07/06/2013 01:27 PM 81,696 msidntfs.sys 08/22/2013 05:43 AM 17,248 msisadrv.sys 09/09/2016 03:14 PM 275,800 msiscsi.sys 08/22/2013 04:39 AM 10,624 mskssrv.sys 10/28/2014 07:45 PM 66,560 mslldp.sys 08/22/2013 04:39 AM 7,040 mspclock.sys 08/22/2013 04:39 AM 6,784 mspqm.sys 08/22/2013 06:25 AM 366,432 msrpc.sys 08/22/2013 05:49 AM 37,728 mssmbios.sys 08/22/2013 04:38 AM 7,936 mstee.sys 08/22/2013 04:37 AM 13,312 MTConfig.sys 04/06/2016 02:21 PM 114,528 mup.sys 08/22/2013 05:43 AM 63,840 mvumis.sys 07/14/2015 02:59 PM 1,113,944 ndis.sys 10/28/2014 07:46 PM 43,008 ndiscap.sys 10/28/2014 07:45 PM 126,464 NdisImPlatform.sys 10/28/2014 07:47 PM 24,576 ndistapi.sys 08/22/2013 04:37 AM 60,416 ndisuio.sys 08/22/2013 04:36 AM 16,384 NdisVirtualBus.sys 04/05/2016 03:37 PM 205,824 ndiswan.sys 10/28/2014 07:46 PM 72,192 ndproxy.sys 10/28/2014 07:45 PM 103,424 Ndu.sys 10/28/2014 07:47 PM 48,128 netbios.sys 05/13/2016 04:07 PM 281,088 netbt.sys 12/30/2015 01:49 PM 470,360 netio.sys 10/28/2014 07:46 PM 87,040 netvsc63.sys 02/03/2010 11:20 AM 47,632 npf.sys 08/22/2013 06:25 AM 58,880 npfs.sys 08/22/2013 04:38 AM 23,040 npsvctrig.sys 10/28/2014 07:46 PM 39,424 nsiproxy.sys 12/30/2015 02:53 PM 2,017,624 ntfs.sys 08/22/2013 06:25 AM 5,632 null.sys 08/22/2013 05:43 AM 150,368 nvraid.sys 08/22/2013 05:43 AM 168,288 nvstor.sys 08/22/2013 05:43 AM 124,768 NV_AGP.SYS 10/28/2014 07:45 PM 445,440 nwifi.sys 10/28/2014 07:45 PM 151,040 pacer.sys 08/11/2016 11:33 AM 96,256 parport.sys 10/15/2014 01:32 AM 88,896 partmgr.sys 07/24/2014 08:28 AM 280,384 pci.sys 08/22/2013 05:43 AM 14,688 pciide.sys 08/22/2013 05:43 AM 48,992 pciidex.sys 08/22/2013 05:49 AM 114,528 pcmcia.sys 08/22/2013 05:39 AM 50,016 pcw.sys 10/12/2014 07:43 PM 86,336 pdc.sys 02/22/2014 05:09 AM 663,040 PEAuth.sys 10/28/2014 07:46 PM 272,384 portcls.sys 08/22/2013 01:46 AM 92,160 processr.sys 10/28/2014 07:47 PM 47,104 qwavedrv.sys 10/28/2014 07:48 PM 17,408 rasacd.sys 02/02/2016 11:16 AM 112,640 rasl2tp.sys 08/22/2013 04:36 AM 84,992 raspppoe.sys 08/22/2013 04:35 AM 107,520 raspptp.sys 10/28/2014 07:45 PM 93,696 rassstp.sys 04/06/2016 11:20 AM 402,432 rdbss.sys 08/22/2013 04:38 AM 22,528 rdpbus.sys 08/22/2013 12:12 PM 195,584 rdpdr.sys 10/28/2014 08:56 PM 27,456 rdpvideominiport.sys 02/22/2014 09:00 AM 249,688 rdyboost.sys 09/09/2016 03:52 PM 921,944 refs.sys 11/05/2015 01:59 AM 145,408 rmcast.sys 08/22/2013 04:38 AM 32,256 RNDISMP.sys 10/28/2014 07:48 PM 11,776 rootmdm.sys 08/22/2013 04:36 AM 80,384 rspndr.sys 08/01/2017 11:41 AM 958,976 Rt630x64.sys 08/01/2017 11:47 AM 9,124,224 RTAIODAT.DAT 08/01/2017 11:47 AM 5,545,512 RTKVHD64.sys 08/01/2017 11:39 AM 418,784 RtsUer.sys 07/09/2013 02:58 PM 263,896 RtsUStor.sys 08/22/2013 05:39 AM 107,872 sbp2port.sys 10/28/2014 07:46 PM 40,960 scfilter.sys 01/19/2007 06:24 PM 25,312 SCMNdisP.sys 08/22/2013 05:43 AM 170,848 scsiport.sys 03/12/2015 09:03 PM 239,424 sdbus.sys 02/22/2014 08:49 AM 79,192 sdstor.sys 08/22/2013 08:35 AM 23,040 secdrv.sys 08/22/2013 05:43 AM 69,472 SerCx.sys 10/25/2013 06:54 PM 146,776 SerCx2.sys 08/11/2016 11:33 AM 23,040 serenum.sys 08/11/2016 11:33 AM 83,456 serial.sys 11/03/2014 11:55 PM 26,112 sermouse.sys 10/28/2014 06:50 PM 11,776 serscan.sys 08/22/2013 04:40 AM 17,408 sfloppy.sys 08/22/2013 05:43 AM 44,896 sisraid2.sys 08/22/2013 05:43 AM 81,760 sisraid4.sys 08/22/2013 04:40 AM 19,968 smclib.sys 08/10/2016 10:46 PM 420,184 spaceport.sys 08/22/2013 05:43 AM 72,032 SpbCx.sys 08/04/2016 07:17 AM 416,768 srv.sys 08/03/2016 11:06 AM 675,328 srv2.sys 08/03/2016 11:05 AM 243,712 srvnet.sys 08/22/2013 05:43 AM 31,072 stexstor.sys 08/22/2013 05:43 AM 107,872 storahci.sys 06/11/2016 12:52 PM 57,184 stornvme.sys 06/11/2016 12:52 PM 379,232 storport.sys 08/22/2013 05:36 AM 45,888 storvsc.sys 08/22/2013 04:39 AM 67,584 stream.sys 10/28/2014 08:59 PM 14,144 swenum.sys 04/27/2016 12:49 AM 39,464 tap0901t.sys 08/22/2013 04:39 AM 29,696 tape.sys 10/28/2014 09:13 PM 21,824 tbs.sys 03/11/2016 05:49 PM 2,466,136 tcpip.sys 03/06/2014 02:19 AM 49,152 tcpipreg.sys 08/22/2013 06:25 AM 30,208 tdi.sys 10/13/2015 10:10 AM 108,032 tdx.sys 08/22/2013 12:12 PM 37,216 terminpt.sys 09/08/2016 01:41 PM 121,176 tm.sys 09/29/2015 05:24 AM 155,480 tpm.sys 08/18/2017 09:06 PM 28,272 TrueSight.sys 11/04/2014 07:30 PM 389,240 Trufos.sys 08/22/2013 04:37 AM 56,320 TsUsbFlt.sys 10/28/2014 07:46 PM 29,696 TsUsbGD.sys 09/04/2015 12:24 PM 154,112 tunnel.sys 08/22/2013 05:43 AM 64,864 UAGP35.SYS 08/22/2013 05:43 AM 74,080 uaspstor.sys 10/06/2014 11:54 PM 189,248 UCX01000.SYS 03/12/2015 07:02 PM 316,416 udfs.sys 08/22/2013 05:39 AM 26,976 uefi.sys 08/22/2013 05:43 AM 65,888 ULIAGPKX.SYS 08/22/2013 04:38 AM 46,080 umbus.sys 11/27/2015 11:57 PM <DIR> UMDF 08/22/2013 04:38 AM 11,776 umpass.sys 04/24/2015 07:25 PM 20,992 usb8023.sys 08/22/2013 04:39 AM 32,512 USBCAMD2.sys 07/24/2014 08:28 AM 143,680 usbccgp.sys 10/28/2014 07:47 PM 98,304 usbcir.sys 10/10/2015 11:34 PM 27,992 usbd.sys 01/08/2016 06:38 PM 91,992 usbehci.sys 10/10/2015 11:34 PM 462,168 usbhub.sys 10/10/2015 11:34 PM 468,824 USBHUB3.SYS 10/10/2015 11:41 AM 30,208 usbohci.sys 10/10/2015 11:34 PM 443,224 usbport.sys 08/22/2013 04:36 AM 26,112 usbprint.sys 08/22/2013 04:39 AM 30,720 usbrpm.sys 10/28/2014 07:47 PM 44,544 usbscan.sys 01/31/2016 12:16 PM 148,832 USBSTOR.SYS 10/10/2015 11:41 AM 37,376 usbuhci.sys 04/15/2015 11:17 PM 325,464 USBXHCI.SYS 08/22/2013 05:37 AM 37,728 vdrvroot.sys 09/14/2013 07:06 AM 175,960 VerifierExt.sys 10/09/2016 03:59 PM 551,256 vhdmp.sys 08/22/2013 05:43 AM 19,808 viaide.sys 08/22/2013 04:39 AM 49,152 videoprt.sys 10/28/2014 08:56 PM 89,368 vmbkmcl.sys 10/28/2014 08:56 PM 97,048 vmbus.sys 08/22/2013 04:37 AM 21,760 VMBusHID.sys 08/22/2013 04:38 AM 11,264 vmgencounter.sys 08/22/2013 04:38 AM 7,168 vms3cap.sys 10/28/2014 08:56 PM 49,944 vmstorfl.sys 04/10/2016 11:21 PM 74,584 volmgr.sys 08/22/2013 05:39 AM 377,696 volmgrx.sys 03/14/2016 09:50 AM 316,760 volsnap.sys 01/26/2016 12:15 PM 72,024 vpci.sys 08/22/2013 05:43 AM 168,800 vsmraid.sys 08/22/2013 05:43 AM 305,504 VSTXRAID.SYS 08/12/2016 05:03 PM 24,576 vwifibus.sys 08/12/2016 05:02 PM 71,680 vwififlt.sys 08/12/2016 05:01 PM 38,912 vwifimp.sys 08/22/2013 04:39 AM 26,752 wacompen.sys 10/28/2014 07:45 PM 80,896 wanarp.sys 02/22/2014 05:14 AM 54,272 watchdog.sys 08/22/2013 05:31 AM 34,760 WdBoot.sys 08/22/2013 06:25 AM 839,488 Wdf01000.sys 08/22/2013 05:34 AM 265,056 WdFilter.sys 08/22/2013 06:25 AM 60,224 WdfLdr.sys 08/22/2013 05:34 AM 124,256 WdNisDrv.sys 08/22/2013 05:39 AM 38,240 werkernel.sys 11/10/2014 11:06 AM 136,512 wfplwfs.sys 10/28/2014 09:09 PM 33,600 wimmount.sys 10/28/2014 08:56 PM 61,208 winhv.sys 08/22/2013 04:40 AM 16,384 wmiacpi.sys 08/22/2013 06:25 AM 18,272 wmilib.sys 03/13/2014 05:35 AM 157,016 wof.sys 10/28/2014 08:57 PM 54,784 wpcfltr.sys 08/22/2013 05:36 AM 26,976 WpdUpFltr.sys 08/22/2013 06:25 AM 23,392 WppRecorder.sys 08/22/2013 04:40 AM 21,504 ws2ifsl.sys 08/22/2013 04:39 AM 20,992 WSDPrint.sys 10/28/2014 07:46 PM 113,664 WUDFPf.sys 10/28/2014 07:46 PM 226,304 WUDFRd.sys 341 File(s) 87,062,792 bytes 5 Dir(s) 304,106,205,184 bytes free ========= End of CMD: ========= ==== End of Fixlog 19:16:51 ====

The message was sent and I don't have a Flash Drive handy at the moment.

Oh, I forgot about the addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017 Ran by *MYNAME* (20-09-2017 20:19:06) Running from C:\Users\*MYNAME*\Downloads Windows 8.1 (Update) (X64) (2015-10-10 18:32:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1955727277-3545952101-1272509919-500 - Administrator - Disabled) ASPNET (S-1-5-21-1955727277-3545952101-1272509919-1002 - Limited - Enabled) Guest (S-1-5-21-1955727277-3545952101-1272509919-501 - Limited - Disabled) *MYNAME* (S-1-5-21-1955727277-3545952101-1272509919-1001 - Administrator - Enabled) => C:\Users\*MYNAME* ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Fix-It Anti-Virus (Disabled - Up to date) {6D7C005F-2068-C2E1-BC99-92E940218CBA} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Fix-It Anti-Virus (Disabled - Up to date) {D61DE1BB-0652-CD6F-8629-A99B3BA6C607} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1stPricing (HKLM-x32\...\{B232BB05-F567-4D68-9836-67421F6CAC2B}) (Version: 1.3.0 - IMSIDesign) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden 6500_E709_eDocs (HKLM-x32\...\{AA787E05-E835-4812-AA3D-4048C8A46587}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (HKLM-x32\...\{F53B432E-BD19-4400-BFA0-2BBD16410F8F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709n (HKLM-x32\...\{6FEDAA68-D9C4-4042-BECC-9C2656A7B606}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Alien Swarm: Reactive Drop (HKLM\...\Steam App 563560) (Version: - Reactive Drop Team) Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG) Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) bpd_scan (HKLM-x32\...\{0E52A52C-E120-461C-AA1B-21B045BEE842}) (Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (HKLM-x32\...\{8E663D89-A2EA-46B6-AD38-A427A3348309}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (HKLM-x32\...\{99F67894-9486-413F-94E1-8B12B1606EAB}) (Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden Fix-It (HKLM-x32\...\{1F211BEF-B722-4FF7-8629-9A51978C0515}) (Version: 15.6.32.12 - Avanquest) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.7.27.15 - HP Inc.) HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden King's Quest 8 - Mask of Eternity (HKLM-x32\...\1207661053_is1) (Version: 2.1.0.26 - GOG.com) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR) Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games) ProductContext (HKLM-x32\...\{BC0F3E35-0AFF-4F11-B33D-F6FC31BD1AA0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software) Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve) StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment) Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Tales of Middle-Earth (HKLM-x32\...\{3F241898-881F-422C-A83D-20784CC5059D}_is1) (Version: 0.6 - ToME) The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - ) Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games) TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden TurboCAD Deluxe 19 (HKLM-x32\...\{562DE3F7-C7E2-4FBB-A860-64DB4CED94E0}) (Version: 19.1.333 - IMSIDesign) TurboCAD Deluxe 19 Symbols (HKLM-x32\...\{5923D403-C02E-40F5-AFE4-2D575504C757}) (Version: 19.0.0 - IMSIDesign) UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) zeckensack's Glide wrapper (remove only) (HKLM-x32\...\GlidewrapZbag) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {054BC6B3-5672-4E89-BBB3-0D016B2BF44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.) Task: {08919469-A0C1-41A7-8248-B0D064011C24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.) Task: {14FDA6F4-9001-4FE5-AB4C-C84ADD3E467A} - System32\Tasks\Leewl => C:\PROGRA~1\SHOPPE~1\Xybaoshf.bat <==== ATTENTION Task: {1628BACB-2064-46B2-BEF6-F8C620779438} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.) Task: {261C895C-28CC-46D6-B322-7E9A18D8DE81} - System32\Tasks\Uukoflap => C:\PROGRA~1\GROOVE~1\Povevyrj.bat <==== ATTENTION Task: {2DB23E27-9C4D-4F14-B165-6696489DA722} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe Task: {2E60FDEA-B2FE-4A2B-A9F3-AB2A5210C92F} - \ParetoLogic Update Version3 Startup Task -> No File <==== ATTENTION Task: {343732B4-28B1-4D16-A4E8-F8CE0B660603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.) Task: {3B7EA564-9FE4-4FCA-BD79-F19FE6656C6E} - System32\Tasks\{82195107-B431-4B17-B347-B4D952444FC7} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Sierra On-Line\Sutil32.exe" Task: {3E583C44-ED51-4AD1-9DB4-08A5C7F4C500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {48B40CB9-7E13-4164-8F1B-7A22D9AC3CC4} - \ParetoLogic Update Version3 -> No File <==== ATTENTION Task: {5631B4BC-C6E5-4069-ADC1-626784FAB45D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {6E0B8D58-84E4-4370-A36B-E75D454981DC} - System32\Tasks\HPCeeScheduleFor*MYNAME* => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {817ECB59-A0F1-4B0E-8E41-A495F838BED1} - System32\Tasks\{F0728C84-1F14-4C58-ACA8-8BAF294395BF} => C:\windows\system32\pcalua.exe -a E:\autorun.exe -d E:\ Task: {9499AE7D-8C30-403E-ABB1-056A3D8215F2} - System32\Tasks\{27DB525A-6576-4E93-A8D3-D90243D19710} => C:\windows\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=heroes --displayname="Heroes of the Storm" Task: {9571E2BD-FE52-4AB5-891E-AC412AC31CBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {9B66E9B8-494E-4DF9-8487-5B6C38F7944B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe Task: {A499BA76-4B1A-4820-86F0-8E79F86C0440} - \ParetoLogic Registration3 -> No File <==== ATTENTION Task: {A66632E5-E40F-4261-9469-6D0CF226055A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {A93D6881-29A0-49CB-AE58-085E93B11FB6} - System32\Tasks\Driver Booster SkipUAC (*MYNAME*) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe Task: {B77F5B6B-8F28-431E-93E0-F228B074EA1F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe Task: {BA6CFC8D-2AB6-4CBE-B96D-B64A96AF95B0} - System32\Tasks\{0A9E95F9-BCF8-4C13-91A5-CA56571C5165} => C:\windows\system32\pcalua.exe -a E:\START.exe -d E:\ Task: {E1D3698A-7D9F-48E1-967F-E13278ABA435} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {E235376D-B98E-441B-A115-FB29CA5B4D51} - System32\Tasks\AdobeAAMUpdater-1.0-family-*MYNAME* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {E7B517FA-02F1-465A-81CB-FCF81B499CDA} - System32\Tasks\{3FF35015-59F7-45B2-BFD1-46967D2EA640} => C:\windows\system32\pcalua.exe -a E:\Setup\rsrc\Autorun.exe -d E:\ Task: {F14B7FC5-6DB8-4F53-B707-1466366F56B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.) Task: {F6E881AC-EA14-4283-915C-746A6AF7507F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\HPCeeScheduleFor*MYNAME*.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File) Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Сrusаdеr - Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) ShortcutWithArgument: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2017-01-16 08:26 - 2015-07-20 21:17 - 000592256 _____ () C:\Program Files (x86)\Avanquest\Fix-It\sqlite3x64.dll 2017-08-25 16:40 - 2017-08-23 01:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-25 16:40 - 2017-08-23 01:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2017-08-15 16:03 - 2017-08-04 14:19 - 000678176 _____ () C:\Program Files\Steam\SDL2.dll 2017-08-15 16:03 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files\Steam\v8.dll 2017-08-15 16:03 - 2017-09-06 21:51 - 002505504 _____ () C:\Program Files\Steam\video.dll 2017-08-15 16:03 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files\Steam\icui18n.dll 2017-08-15 16:03 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files\Steam\icuuc.dll 2017-08-15 16:03 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files\Steam\libavcodec-56.dll 2017-08-15 16:03 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files\Steam\libavformat-56.dll 2017-08-15 16:03 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2017-08-15 16:03 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2017-08-15 16:03 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2017-08-15 16:03 - 2017-09-06 21:51 - 000885024 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2017-08-15 16:03 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files\Steam\openvr_api.dll 2017-08-15 16:06 - 2017-07-17 15:50 - 073115424 _____ () C:\Program Files\Steam\bin\cef\cef.win7\libcef.dll 2017-08-15 16:06 - 2017-05-16 18:54 - 000678176 _____ () C:\Program Files\Steam\bin\cef\cef.win7\SDL2.dll 2017-08-15 16:03 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files\Steam\winh264.dll 2017-08-15 16:06 - 2017-07-17 15:50 - 001936672 _____ () C:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll 2017-08-15 16:06 - 2017-07-17 15:50 - 000113952 _____ () C:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:85E27EE5 [192] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2017-08-09 17:15 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*MYNAME*\Pictures\mountains_rocks_sky_light_evening_87675_1280x900.jpg HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\*MYNAME*\Pictures\mountains_rocks_sky_light_evening_87675_1280x900.jpg DNS Servers: 192.168.254.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: .AVQWindowsMonitorService => 2 MSCONFIG\Services: 0309191488847699mcinstcleanup => 2 MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AppIDSvc => 3 MSCONFIG\Services: AppReadiness => 3 MSCONFIG\Services: AQFileRestoreSrv => 2 MSCONFIG\Services: aspnet_state => 3 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: Browser => 2 MSCONFIG\Services: BthHFSrv => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: ClickToRunSvc => 2 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2 MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: DeviceAssociationService => 2 MSCONFIG\Services: DeviceInstall => 3 MSCONFIG\Services: dot3svc => 3 MSCONFIG\Services: Eaphost => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: fdPHost => 3 MSCONFIG\Services: FDResPub => 3 MSCONFIG\Services: fhsvc => 3 MSCONFIG\Services: Fix-It Task Manager => 2 MSCONFIG\Services: FontCache3.0.0.0 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: HomeGroupListener => 3 MSCONFIG\Services: HomeGroupProvider => 3 MSCONFIG\Services: hpqcaslwmiex => 3 MSCONFIG\Services: hpqcxs08 => 3 MSCONFIG\Services: hpqddsvc => 2 MSCONFIG\Services: HPSLPSVC => 2 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: IEEtwCollectorService => 3 MSCONFIG\Services: KeyIso => 3 MSCONFIG\Services: KtmRm => 3 MSCONFIG\Services: lfsvc => 3 MSCONFIG\Services: lltdsvc => 3 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MSDTC => 3 MSCONFIG\Services: MSiSCSI => 3 MSCONFIG\Services: napagent => 3 MSCONFIG\Services: NcaSvc => 3 MSCONFIG\Services: NcdAutoSetup => 3 MSCONFIG\Services: Netlogon => 3 MSCONFIG\Services: Netman => 3 MSCONFIG\Services: ose => 3 MSCONFIG\Services: p2pimsvc => 3 MSCONFIG\Services: p2psvc => 3 MSCONFIG\Services: PcaSvc => 2 MSCONFIG\Services: PerfHost => 3 MSCONFIG\Services: pla => 3 MSCONFIG\Services: PNRPAutoReg => 3 MSCONFIG\Services: PNRPsvc => 3 MSCONFIG\Services: PrintNotify => 3 MSCONFIG\Services: QWAVE => 3 MSCONFIG\Services: RasAuto => 3 MSCONFIG\Services: RasMan => 3 MSCONFIG\Services: RpcLocator => 3 MSCONFIG\Services: ScDeviceEnum => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: seclogon => 3 MSCONFIG\Services: SensrSvc => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: smphost => 3 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: SstpSvc => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: StorSvc => 3 MSCONFIG\Services: svsvc => 3 MSCONFIG\Services: swprv => 3 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\Services: TrustedInstaller => 3 MSCONFIG\Services: UI0Detect => 3 MSCONFIG\Services: UmRdpService => 3 MSCONFIG\Services: upnphost => 3 MSCONFIG\Services: VaultSvc => 3 MSCONFIG\Services: VCOMCloudAgent => 2 MSCONFIG\Services: vds => 3 MSCONFIG\Services: vmicguestinterface => 3 MSCONFIG\Services: vmicheartbeat => 3 MSCONFIG\Services: vmickvpexchange => 3 MSCONFIG\Services: vmicrdv => 3 MSCONFIG\Services: vmicshutdown => 3 MSCONFIG\Services: vmictimesync => 3 MSCONFIG\Services: vmicvss => 3 MSCONFIG\Services: VSS => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: w3logsvc => 3 MSCONFIG\Services: WAS => 3 MSCONFIG\Services: wbengine => 3 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: wcncsvc => 3 MSCONFIG\Services: WcsPlugInService => 3 MSCONFIG\Services: WebClient => 3 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: WEPHOSTSVC => 3 MSCONFIG\Services: wercplsupport => 3 MSCONFIG\Services: WerSvc => 3 MSCONFIG\Services: WiaRpc => 3 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\Services: workfolderssvc => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WPDBusEnum => 3 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wudfsvc => 3 MSCONFIG\Services: WwanSvc => 3 HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\Run: => "Sound+" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "amd_dc_opt" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "PowerDVD16Agent" HKLM\...\StartupApproved\Run32: => "jhguy" HKLM\...\StartupApproved\Run32: => "qADASD" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Book Source" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "NowUSeeIt Player" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Itibiti.exe" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Web Companion" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Windi" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "VideoDownloaderUltimate" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Bionix Wallpaper" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "voxdff" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Book Source" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "NowUSeeIt Player" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Itibiti.exe" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Web Companion" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Windi" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "VideoDownloaderUltimate" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Bionix Wallpaper" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "voxdff" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BD3B64E4-AFE9-4935-9594-1ACB2FAD00B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{963C6B75-ABD8-46CE-AED3-4FF567CAF6CA}] => (Allow) LPort=2869 FirewallRules: [{707C1706-80DD-487C-8DE8-5D7C1919D929}] => (Allow) LPort=1900 FirewallRules: [{83B482A6-4CED-4CCA-9113-FB1841B18F1D}] => (Allow) C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{F69783A7-4245-479A-8071-59E42C8218D2}] => (Allow) C:\windows\system32\rundll32.exe FirewallRules: [{67785E5A-3A54-4240-AAC4-CE6FC8DF4CEC}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe FirewallRules: [{59A71838-580D-44FD-B130-EEEB5F58F1E7}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe FirewallRules: [{9E524117-B8B5-48FF-B985-D15511D77E58}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe FirewallRules: [{FE585100-699D-404F-940D-49C08F78BFA2}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe FirewallRules: [{AC025F4D-5FC3-4C4D-BD87-C0EA8A5B400C}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe FirewallRules: [{0D721CF4-2A65-474B-BBD5-BA3A2E7A49DE}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe FirewallRules: [{62935113-E1A4-4FDE-96CB-B37BFCE7AF20}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe FirewallRules: [{9D92EEA9-7461-4513-8CFE-8D128BCC3C1D}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe FirewallRules: [{50292CB6-B63D-481F-88B4-221A7B39A12B}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䡜祵敧楮湡扵物汯䡜祵敧楮湡扵物汯攮數 FirewallRules: [{B4F522C3-D970-4C9C-8CDA-B38FE27B50DB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䡜祵敧楮湡扵物汯䡜祵敧楮湡扵物汯⹟硥e FirewallRules: [{3B8D721E-3D03-4DE7-8622-78C08A99277B}] => (Allow) LPort=13139 FirewallRules: [{3702A841-F965-4639-910C-AB40DA148C99}] => (Allow) C:\windows\system32\rundll32.exe FirewallRules: [TCP Query User{DE16D92B-4C0D-4B3D-B893-BF6B4D05E84E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{AED0A2E3-0C21-4A67-97B4-F71401BFAAAE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [{F42F894E-4A66-422A-91E8-B8952E337498}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{23091B0F-EE14-422D-B4A0-5A9970B678D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{819DB7B8-BD5E-4C9B-B408-663E895141DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{4E261F21-615B-456F-A1F8-EFB5BA7DF6F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{9CB3CEA1-A960-4530-A2AF-A75FDBD8B137}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{735C566A-B128-4D86-8BA7-D98669A6CEB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{E74888A8-C118-449E-BB47-0FE8BAA754F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6555CDE3-61AD-4696-BD43-C089A095828D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{23FAB800-286C-422D-B0BC-3FBFCFBA14B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{5EF4998E-D2E8-4347-BC2C-7E5D3F80D002}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{AE27D3BF-A659-4C40-B049-3E087670CB87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{FD31679D-0B14-4116-897A-86E86A0F4FD1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{284D4927-6025-49BE-8A5C-5A15E8F623F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{6E0B53EA-33CF-4EA2-94D7-A940A5850D6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{64E3CDE5-1F6B-453B-92A8-E4BFF0D7CF3E}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{FAA29197-4629-4B55-BA07-477B2B77884D}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{1FC80B29-8E36-40DF-95DF-1D9C9291C56D}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F53B9E7E-A62A-4CE9-96B8-1234127D00EB}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{201A80C8-46DE-48E1-A47E-462B536762F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{E9443294-9025-49FC-97FB-F90CFD44A5AB}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{40542D8F-45C4-4C88-8F09-6EDD9FB4F3E8}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe FirewallRules: [{3D2F1767-F344-48BC-83DF-559C751CEF86}] => (Allow) C:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{776A5616-FAC2-479F-AC6A-590D9662327F}] => (Allow) C:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe FirewallRules: [{D95861AF-1B76-4295-8EF8-5BD291D0B150}] => (Allow) C:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{478A05B8-4863-4DEA-8338-B2C1FF6AF424}] => (Allow) C:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [TCP Query User{558311C6-74FA-40CE-BA36-8911BFFE939F}C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{D6343E59-239F-4489-928F-0DD31D64BC92}C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: TAP-Win32 Adapter V9 (Tunngle) Description: TAP-Win32 Adapter V9 (Tunngle) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Win32 Provider V9 (Tunngle) Service: tap0901t Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/20/2017 08:19:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Instantiating VSS server Error: (09/20/2017 08:19:45 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Instantiating VSS server Error: (09/20/2017 05:46:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Mask.exe, version: 0.0.0.10, time stamp: 0x369d33fe Faulting module name: Mask.exe, version: 0.0.0.10, time stamp: 0x369d33fe Exception code: 0xc0000005 Fault offset: 0x00081367 Faulting process id: 0x134 Faulting application start time: 0x01d332730fe75b15 Faulting application path: C:\GOG Games\Kings Quest 8\Mask.exe Faulting module path: C:\GOG Games\Kings Quest 8\Mask.exe Report Id: 534eb7fd-9e66-11e7-8376-a0481ca697b4 Faulting package full name: Faulting package-relative application ID: Error: (09/20/2017 04:43:15 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\JOSEPH~1\AppData\Local\Temp\{6C98E7C0-C919-4AD7-841A-C83EC04F3B58}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}\" -tempdisk1folder:"C:\Users\JOSEPH~1\AppData\Local\Temp\{6C98E7C0-C919-4AD7-841A-C83EC04F3B58}\"; Description = Removed Hi-Rez Studios Games; Error = 0x80042302). Error: (09/20/2017 04:43:15 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Instantiating VSS server Error: (09/20/2017 04:43:15 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Instantiating VSS server System errors: ============= Error: (09/20/2017 04:26:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 5 time(s). Error: (09/19/2017 05:01:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Visual Studio 2010 Service Pack 1. Error: (09/19/2017 04:05:33 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. Error: (09/19/2017 04:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 4 time(s). Error: (09/18/2017 05:57:59 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. Error: (09/18/2017 05:57:50 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. Error: (09/18/2017 05:57:42 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. Error: (09/18/2017 05:57:29 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. Error: (09/18/2017 05:57:19 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. Error: (09/18/2017 05:57:04 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom1, has a bad block. CodeIntegrity: =================================== Date: 2017-09-16 10:47:11.957 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:47:11.441 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:38:40.552 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:38:40.020 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:36:03.363 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:36:02.832 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:32:17.769 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-16 10:32:16.019 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-10 20:17:51.877 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-10 20:17:51.346 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics Percentage of memory in use: 42% Total physical RAM: 3532.7 MB Available physical RAM: 2044.85 MB Total Virtual: 5611.62 MB Available Virtual: 3516.86 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:449.69 GB) (Free:282.99 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery Image) (Fixed) (Total:14.59 GB) (Free:1.76 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: (AGE2_X1) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B78B16C0) Partition: GPT. ==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017 Ran by *MYNAME* (administrator) on FAMILY (20-09-2017 20:17:00) Running from C:\Users\*MYNAME*\Downloads Loaded Profiles: *MYNAME* & (Available Profiles: *MYNAME*) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-08-01] (Realtek Semiconductor) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [svcvmx] => C:\Users\*MYNAME*\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-09-16] () <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\MountPoints2: {60b3e955-dbff-11e6-8321-a0481ca697b4} - "H:\aocsetup.exe" /autorun HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation) HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {60b3e955-dbff-11e6-8321-a0481ca697b4} - "H:\aocsetup.exe" /autorun HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-10-15] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2016-05-02] Startup: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill-unsigned.exe - Shortcut.lnk [2017-08-30] ShortcutTarget: rkill-unsigned.exe - Shortcut.lnk -> C:\Users\*MYNAME*\Desktop\rkill-unsigned.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{0E8F22EC-22D7-4156-9F06-94B9094422F2}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{B24A81F2-032C-463C-910C-FE398EDD8214}: [DhcpNameServer] 192.168.254.254 Internet Explorer: ================== HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = URLSearchHook: [S-1-5-21-1955727277-3545952101-1272509919-1001] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {1DA9AC06-49A0-44C3-A20C-204D1ED4BF48} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File FireFox: ======== FF DefaultProfile: voy13sbn.default FF ProfilePath: C:\Users\*MYNAME*\AppData\Roaming\Mozilla\Firefox\Profiles\voy13sbn.default [2017-09-17] FF NewTab: Mozilla\Firefox\Profiles\voy13sbn.default -> about:newtab FF Homepage: Mozilla\Firefox\Profiles\voy13sbn.default -> user_pref("browser.startup.homepage", "about:home"about:home); FF Keyword.URL: Mozilla\Firefox\Profiles\voy13sbn.default -> user_pref("keyword.URL", true); FF SearchPlugin: C:\Users\*MYNAME*\AppData\Roaming\Mozilla\Firefox\Profiles\voy13sbn.default\searchplugins\search provided by bing.xml [2017-01-14] Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Default [2017-09-12] CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-20] CHR Extension: (Google Translate) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-03-04] CHR Extension: (Google Slides) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-04] CHR Extension: (Dark Theme for Google Chrome) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2017-09-14] CHR Extension: (Google Docs) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-04] CHR Extension: (Google Drive) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-04] CHR Extension: (YouTube) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-04] CHR Extension: (Google Sheets) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-04] CHR Extension: (Google Docs Offline) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-04] CHR Extension: (Google Mail Checker) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-04] CHR Extension: (Chrome Media Router) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12] CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-12] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found> CHR HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkneojpkhdhkohpfkcdcbobponbmcmoo] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkneojpkhdhkohpfkcdcbobponbmcmoo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249704 2015-07-20] (Avanquest Software) S4 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [113536 2015-07-20] (Avanquest Software) S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [382504 2017-09-10] (EasyAntiCheat Ltd) S4 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2015-07-20] (Avanquest Software) S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.) S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-08-01] (Realtek Semiconductor) S2 UserAccess7; C:\windows\SysWOW64\UAService7.exe [143360 2017-03-23] (Sony DADC Austria AG.) [File not signed] S4 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [142720 2015-07-20] (Avanquest Software North America) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () S4 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X] S2 MBAMService; "\" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 737251EC; C:\windows\system32\drivers\737251EC.sys [253888 2017-09-20] (Malwarebytes) R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) S3 AQFileRestore; C:\windows\System32\DRIVERS\AQFileRestore.sys [22096 2015-07-20] () S3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) [File not signed] S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [303616 2016-09-11] () [File not signed] S3 dot4; C:\windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider) S3 gzflt; C:\Program Files (x86)\Avanquest\Fix-It\gzflt.sys [150256 2014-11-04] (BitDefender LLC) R3 Hamachi; C:\windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [55232 2017-08-04] () R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-08-01] (REALiX(tm)) S2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [35328 2016-09-11] () [File not signed] S3 MBAMProtector; C:\windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 MBAMProtector; C:\windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-09-04] (Malwarebytes) S3 MWAC; C:\windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 MWAC; C:\windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 NPF; C:\windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) R3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2017-08-01] (Realsil Semiconductor Corporation) R3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [11616 2000-09-19] () [File not signed] S3 tap0901t; C:\windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-18] () S3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [389240 2014-11-04] (BitDefender S.R.L.) S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] S3 xspirit; \??\C:\windows\xspirit.sys [X] S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X] S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X] S2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; \??\C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-20 20:17 - 2017-09-20 20:17 - 000016199 _____ C:\Users\*MYNAME*\Downloads\FRST.txt 2017-09-20 20:13 - 2017-09-20 20:17 - 000000000 ____D C:\FRST 2017-09-20 20:10 - 2017-09-20 20:10 - 002399744 _____ (Farbar) C:\Users\*MYNAME*\Downloads\FRST64.exe 2017-09-20 18:09 - 2017-09-20 18:10 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\dgVoodoo 2017-09-20 17:51 - 2017-09-20 17:51 - 000000000 ____D C:\Users\*MYNAME*\GlideWrapper 2017-09-20 17:51 - 2017-09-20 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glide wrapper 2017-09-20 17:32 - 2017-09-20 17:32 - 013290179 _____ C:\Users\*MYNAME*\Downloads\mbar-1.10.1.1002-nr.exe 2017-09-20 17:20 - 2017-09-20 18:29 - 000001664 _____ C:\Users\Public\Desktop\King's Quest 8 - Mask of Eternity.lnk 2017-09-20 17:20 - 2017-09-20 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King's Quest Series 2017-09-20 16:31 - 2017-09-20 16:31 - 000253888 _____ (Malwarebytes) C:\windows\system32\Drivers\737251EC.sys 2017-09-18 18:03 - 2017-09-19 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2017-09-18 17:44 - 2017-09-18 18:03 - 000000000 ____D C:\Sierra 2017-09-17 13:41 - 2017-09-17 13:41 - 000003304 _____ C:\windows\System32\Tasks\{B1B20386-608B-4C51-9B6D-A915C4DB882E} 2017-09-17 06:55 - 2017-09-17 06:55 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Codename Entertainment 2017-09-16 11:11 - 2017-09-16 11:11 - 000002346 _____ C:\Users\Public\Desktop\Tales of Middle-Earth.lnk 2017-09-16 10:29 - 2017-09-16 10:29 - 000002082 _____ C:\Users\Public\Desktop\The Conquerors.lnk 2017-09-16 10:21 - 2017-09-16 10:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Games 2017-09-11 05:47 - 2017-09-11 05:47 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\EasyAntiCheat 2017-09-11 05:43 - 2017-09-11 05:43 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\HirezLauncherUI 2017-09-11 05:42 - 2017-09-20 16:43 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2017-09-11 05:42 - 2017-09-20 16:43 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-09-10 17:14 - 2017-09-10 17:14 - 000000000 __SHD C:\windows\ei_temp 2017-09-10 15:52 - 2017-09-10 15:52 - 000000000 ____D C:\Program Files (x86)\Fox 2017-09-10 15:50 - 2017-09-10 15:50 - 000021840 _____ C:\windows\SysWOW64\SIntfNT.dll 2017-09-10 15:50 - 2017-09-10 15:50 - 000017212 _____ C:\windows\SysWOW64\SIntf32.dll 2017-09-10 15:50 - 2017-09-10 15:50 - 000012067 _____ C:\windows\SysWOW64\SIntf16.dll 2017-09-09 11:21 - 2017-09-09 11:21 - 000001511 _____ C:\Users\*MYNAME*\Desktop\One-Click-Optimizer (WO2017).lnk 2017-09-09 11:21 - 2017-09-09 11:21 - 000001279 _____ C:\Users\*MYNAME*\Desktop\Ashampoo WinOptimizer 2017.lnk 2017-09-09 11:21 - 2017-09-09 11:21 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2017-09-09 11:20 - 2017-09-09 11:20 - 000000000 ____D C:\ProgramData\Ashampoo 2017-09-09 11:20 - 2017-09-09 11:20 - 000000000 ____D C:\Program Files (x86)\Ashampoo 2017-09-09 11:20 - 2009-08-24 21:13 - 000034304 _____ (mst software GmbH, Germany) C:\windows\system32\DfSdkBt.exe 2017-09-08 16:53 - 2017-09-08 16:53 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Bad Seed SRL 2017-09-08 06:14 - 2017-09-08 06:14 - 000002277 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk 2017-09-08 06:14 - 2017-09-08 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2017-09-08 06:11 - 2017-09-08 06:11 - 000000000 ____D C:\Program Files (x86)\EA GAMES 2017-09-07 17:36 - 2017-09-07 17:36 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\UnrealEngine 2017-09-07 17:36 - 2017-09-07 17:36 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\TBL 2017-09-05 05:50 - 2017-09-20 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2017-09-05 05:46 - 2017-09-08 15:59 - 000000000 ____D C:\Program Files (x86)\Electronic Arts 2017-09-04 20:12 - 2017-09-04 20:14 - 000000127 _____ C:\Users\*MYNAME*\Desktop\Stuff.txt 2017-09-04 15:42 - 2017-09-04 15:42 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\CrashRpt 2017-09-04 11:47 - 2017-09-04 11:47 - 000000000 ____D C:\Users\Public\Documents\Steam 2017-09-03 10:06 - 2017-09-03 10:06 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Notepad++ 2017-09-03 09:55 - 2017-09-03 09:55 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies 2017-09-03 09:07 - 2017-09-03 09:51 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\PAYDAY 2 2017-09-03 05:44 - 2017-09-17 13:42 - 000000000 ____D C:\Program Files (x86)\GOG.com 2017-09-03 02:04 - 2017-09-03 02:04 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\HP_Development_Company,_L 2017-09-02 07:00 - 2017-09-02 07:00 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Awesome Games Studio 2017-09-01 06:10 - 2017-09-01 06:10 - 000976896 _____ (Bleeping Computer, LLC) C:\Users\Joseph Whittaker\Desktop\rkill-unsigned64.exe 2017-08-30 21:02 - 2017-09-09 17:28 - 000001810 _____ C:\Users\Joseph Whittaker\Desktop\New Text Document.txt 2017-08-30 20:55 - 2017-08-30 20:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Studios 2017-08-30 15:59 - 2017-08-30 16:00 - 000000000 ____D C:\8292ce730fbf7bc9234ac1 2017-08-28 16:10 - 2017-08-28 16:10 - 000000000 _____ C:\Users\*MYNAME*\AppData\Local\{65961C61-4980-4445-B5C7-A7B4C7F25E34} 2017-08-26 06:25 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\Documents\Starcraft 2017-08-26 06:25 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Blizzard 2017-08-26 04:37 - 2017-08-26 04:37 - 000000986 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk 2017-08-26 04:37 - 2017-08-26 04:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2017-08-25 22:50 - 2017-08-26 14:25 - 000000000 ____D C:\Users\*MYNAME*\Documents\Heroes of the Storm 2017-08-25 22:50 - 2017-08-25 22:50 - 000000846 _____ C:\Users\Public\Desktop\StarCraft.lnk 2017-08-25 22:50 - 2017-08-25 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft 2017-08-25 20:13 - 2017-09-20 19:53 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm 2017-08-25 20:06 - 2017-09-14 21:14 - 000000000 ____D C:\Program Files (x86)\StarCraft 2017-08-25 20:01 - 2017-09-20 20:08 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Battle.net 2017-08-25 20:01 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Battle.net 2017-08-25 20:01 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Blizzard Entertainment 2017-08-25 20:01 - 2017-08-25 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App 2017-08-25 20:00 - 2017-08-25 20:11 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZ2 - Forgotten Enemies 2017-08-25 19:58 - 2017-09-20 18:38 - 000000000 ____D C:\Program Files (x86)\Blizzard App 2017-08-24 18:41 - 2017-08-24 18:41 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Blizzard 2017-08-23 17:30 - 2017-09-20 16:20 - 000001880 _____ C:\Users\*MYNAME*\Desktop\Rkill.txt 2017-08-21 10:52 - 2017-08-21 10:52 - 000000000 ____D C:\Program Files (x86)\OpenAL 2017-08-21 10:45 - 2017-09-20 17:18 - 000000000 ____D C:\GOG Games ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-20 19:31 - 2017-08-15 15:58 - 000000000 ____D C:\Program Files\Steam 2017-09-20 18:10 - 2017-02-08 20:37 - 000003216 _____ C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.zbag.ini 2017-09-20 17:51 - 2015-10-10 11:32 - 000000000 ____D C:\Users\*MYNAME* 2017-09-20 17:46 - 2017-08-20 17:37 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\CrashDumps 2017-09-20 17:25 - 2015-10-10 11:37 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1955727277-3545952101-1272509919-1001 2017-09-20 16:53 - 2017-08-04 13:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-09-20 16:51 - 2014-04-02 11:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-09-20 16:46 - 2017-08-12 13:28 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\My Games 2017-09-20 16:46 - 2015-10-10 13:15 - 000000000 ____D C:\Users\*MYNAME*\Documents\My Games 2017-09-20 16:43 - 2017-08-19 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2017-09-19 16:58 - 2015-10-16 13:48 - 000000000 ____D C:\windows\system32\MRT 2017-09-19 16:55 - 2015-10-16 13:48 - 138202976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2017-09-18 18:21 - 2017-01-29 19:35 - 000000259 _____ C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.mask.ini 2017-09-17 16:38 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf 2017-09-17 02:49 - 2017-01-23 14:22 - 000003220 _____ C:\windows\System32\Tasks\HPCeeScheduleFor*MYNAME* 2017-09-17 02:49 - 2017-01-23 14:22 - 000000386 _____ C:\windows\Tasks\HPCeeScheduleFor*MYNAME*.job 2017-09-16 11:14 - 2015-12-02 19:53 - 000000000 ____D C:\windows\Minidump 2017-09-16 10:46 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2017-09-16 10:36 - 2014-04-02 11:12 - 000065536 _____ C:\windows\system32\spu_storage.bin 2017-09-16 10:36 - 2013-08-22 06:25 - 010485760 _____ C:\windows\system32\config\HARDWARE 2017-09-16 10:36 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\BBI 2017-09-14 16:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness 2017-09-11 05:47 - 2016-08-28 09:15 - 000000298 _____ C:\Users\*MYNAME*\Documents\Password.txt 2017-09-10 21:18 - 2015-10-11 15:22 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\ElevatedDiagnostics 2017-09-10 20:29 - 2016-12-12 18:10 - 000382504 _____ (EasyAntiCheat Ltd) C:\windows\SysWOW64\EasyAntiCheat.exe 2017-09-10 20:03 - 2015-12-26 08:38 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft Games 2017-09-10 11:08 - 2017-08-12 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4 2017-09-09 15:52 - 2015-11-11 17:04 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Temp 2017-09-09 15:52 - 2013-08-24 15:31 - 000000000 ____D C:\windows\Panther 2017-09-07 18:05 - 2017-08-15 16:08 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Steam 2017-09-07 17:36 - 2013-08-24 14:59 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-04 15:39 - 2016-12-31 22:43 - 000189248 _____ C:\windows\SysWOW64\PnkBstrB.ex0 2017-09-04 11:34 - 2017-08-04 13:16 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-28 20:17 - 2017-08-12 17:43 - 000000000 ____D C:\Program Files (x86)\id Software 2017-08-27 05:57 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\NDF 2017-08-25 16:40 - 2017-03-04 11:24 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2017-01-29 19:35 - 2017-09-18 18:21 - 000000259 _____ () C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.mask.ini 2017-02-08 20:37 - 2017-09-20 18:10 - 000003216 _____ () C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.zbag.ini 2016-01-31 21:13 - 2016-01-31 21:13 - 000077953 _____ () C:\Users\*MYNAME*\AppData\Roaming\icarus-dxdiag.xml 2017-01-14 20:55 - 2017-06-22 10:47 - 000000096 _____ () C:\Users\*MYNAME*\AppData\Roaming\version2.xml 2016-01-26 11:39 - 2016-01-26 11:39 - 000000042 _____ () C:\Users\*MYNAME*\AppData\Roaming\WB.CFG 2016-06-29 22:26 - 2017-03-26 16:09 - 000007605 _____ () C:\Users\*MYNAME*\AppData\Local\resmon.resmoncfg 2016-02-09 07:45 - 2016-02-09 07:45 - 000002560 _____ () C:\Users\*MYNAME*\AppData\Local\uninstall.exe 2017-08-28 16:10 - 2017-08-28 16:10 - 000000000 _____ () C:\Users\*MYNAME*\AppData\Local\{65961C61-4980-4445-B5C7-A7B4C7F25E34} 2016-10-15 12:35 - 2017-07-22 10:59 - 000005402 _____ () C:\ProgramData\hpzinstall.log 2016-09-01 18:31 - 2016-09-01 18:31 - 000000016 _____ () C:\ProgramData\mntemp Files to move or delete: ==================== C:\Users\Joseph Whittaker\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe Some files in TEMP: ==================== 2017-09-19 17:01 - 2017-09-18 18:20 - 000036158 _____ () C:\Users\*MYNAME*\AppData\Local\Temp\A~NSISu_.exe 2017-09-20 16:45 - 2006-10-11 09:38 - 000720896 _____ () C:\Users\*MYNAME*\AppData\Local\Temp\EAInstall.dll 2017-09-20 16:45 - 2006-11-06 09:59 - 000253952 _____ (Electronic Arts Inc.) C:\Users\*MYNAME*\AppData\Local\Temp\eauninstall.exe 2017-09-20 16:46 - 2006-10-10 11:57 - 000094208 _____ (Electronic Arts Inc.) C:\Users\*MYNAME*\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe 2017-09-20 16:46 - 2007-02-27 16:08 - 000456416 _____ (Macrovision Corporation) C:\Users\*MYNAME*\AppData\Local\Temp\_isC31C.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed C:\windows\system32\drivers\mouqwtlo.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION C:\windows\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION LastRegBack: 2017-09-10 21:16 ==================== End of FRST.txt ============================

Hello there. I hope your day is fine unlike mine. Recently I've found my PC to be a bit sluggish, often times taking a good 8-10 minutes on startup and other programs being slow. When I decided to look into the problem at hand I've found out that my computer has been infected with malware called "Svcvmx.exe" and several other "clients" and CTFLoader or something similar to that name. I've tried numerous programs to remove this most annoying file, including but not limited to: Malwarebytes, Mcafee, Norton (yes, I know, I was desperate), Malwarebytes Anti-Rootkit, ADWCleaner, and Avast. All of them were stopped in their tracks by a simple but lying message, "The Requested Resource is in use" which is quite obviously false since I've never ran the program before and nowhere does it say that it is running. I was moving around the internet looking for potential fixes when I found something called "roguekiller" by bleeping computer. This program was not stopped by the virus and it did its job: closing the virus processes. But the issue remained, I am locked off from all the files containing malware so I can't delete them and more recently it made my PC require key activation mode and I couldn't change the settings for things like lockscreen image and other personalization items. I've already gotten this past Microsoft and that problem got resolved. There was a free giveaway on Ashampoo's site for a program called Ashampoo WinOptimizer 2017 (a website for their optimization programs and the like) and so naturally I wanted to try it out. Wonderful program but I noticed that it did something very good: it was able to "destroy files" in the drop down menu when you right click a file . So I made my merry way to the file location to see if this would finally work, to see if my dreams could come true. To a certain extent, yes. Yes it did work. Although the files are still there, they are no longer functional. I came here hoping to see if I can get help removing these files because I'm not entirely sure they are completely gone and on top of that I'm still receiving the "The Requested Resource is in use" error. Additional note: I used the Malwarebytes Anti-Rootkit and it says the message but somehow gets around it. I update it to whatever it says is the next update then I press scan. Somewhere around the middle of the scan when it finds 2 viruses (which are the criminals in question) a file pops up in task manager and closes Malwarebytes. I've been planning on getting the virus name but I can't seem to get the anti-rootkit to start right now. Sorry for wasting your time but I really need a fix, this is becoming quite the annoyance.