![](http://content.invisioncic.com/Mmalware/set_resources_28/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
INeedHelpWithAProblem
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by INeedHelpWithAProblem
-
-
21 hours ago, Aura said:
Did you edit your username out of your logs? If so, please PM me it as I'll need it for the fixes I'll make you run.
Also, do you have a USB Flash Drive? If so, how big is it?
The message was sent and I don't have a Flash Drive handy at the moment.
-
Oh, I forgot about the addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by *MYNAME* (20-09-2017 20:19:06)
Running from C:\Users\*MYNAME*\Downloads
Windows 8.1 (Update) (X64) (2015-10-10 18:32:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================Administrator (S-1-5-21-1955727277-3545952101-1272509919-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1955727277-3545952101-1272509919-1002 - Limited - Enabled)
Guest (S-1-5-21-1955727277-3545952101-1272509919-501 - Limited - Disabled)
*MYNAME* (S-1-5-21-1955727277-3545952101-1272509919-1001 - Administrator - Enabled) => C:\Users\*MYNAME*==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Fix-It Anti-Virus (Disabled - Up to date) {6D7C005F-2068-C2E1-BC99-92E940218CBA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Fix-It Anti-Virus (Disabled - Up to date) {D61DE1BB-0652-CD6F-8629-A99B3BA6C607}==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1stPricing (HKLM-x32\...\{B232BB05-F567-4D68-9836-67421F6CAC2B}) (Version: 1.3.0 - IMSIDesign)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (HKLM-x32\...\{AA787E05-E835-4812-AA3D-4048C8A46587}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (HKLM-x32\...\{F53B432E-BD19-4400-BFA0-2BBD16410F8F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (HKLM-x32\...\{6FEDAA68-D9C4-4042-BECC-9C2656A7B606}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alien Swarm: Reactive Drop (HKLM\...\Steam App 563560) (Version: - Reactive Drop Team)
Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bpd_scan (HKLM-x32\...\{0E52A52C-E120-461C-AA1B-21B045BEE842}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{8E663D89-A2EA-46B6-AD38-A427A3348309}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{99F67894-9486-413F-94E1-8B12B1606EAB}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fix-It (HKLM-x32\...\{1F211BEF-B722-4FF7-8629-9A51978C0515}) (Version: 15.6.32.12 - Avanquest)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.7.27.15 - HP Inc.)
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
King's Quest 8 - Mask of Eternity (HKLM-x32\...\1207661053_is1) (Version: 2.1.0.26 - GOG.com)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
ProductContext (HKLM-x32\...\{BC0F3E35-0AFF-4F11-B33D-F6FC31BD1AA0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden
RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Middle-Earth (HKLM-x32\...\{3F241898-881F-422C-A83D-20784CC5059D}_is1) (Version: 0.6 - ToME)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
Torchlight II (HKLM\...\Steam App 200710) (Version: - Runic Games)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboCAD Deluxe 19 (HKLM-x32\...\{562DE3F7-C7E2-4FBB-A860-64DB4CED94E0}) (Version: 19.1.333 - IMSIDesign)
TurboCAD Deluxe 19 Symbols (HKLM-x32\...\{5923D403-C02E-40F5-AFE4-2D575504C757}) (Version: 19.0.0 - IMSIDesign)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
zeckensack's Glide wrapper (remove only) (HKLM-x32\...\GlidewrapZbag) (Version: - )==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {054BC6B3-5672-4E89-BBB3-0D016B2BF44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.)
Task: {08919469-A0C1-41A7-8248-B0D064011C24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {14FDA6F4-9001-4FE5-AB4C-C84ADD3E467A} - System32\Tasks\Leewl => C:\PROGRA~1\SHOPPE~1\Xybaoshf.bat <==== ATTENTION
Task: {1628BACB-2064-46B2-BEF6-F8C620779438} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.)
Task: {261C895C-28CC-46D6-B322-7E9A18D8DE81} - System32\Tasks\Uukoflap => C:\PROGRA~1\GROOVE~1\Povevyrj.bat <==== ATTENTION
Task: {2DB23E27-9C4D-4F14-B165-6696489DA722} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {2E60FDEA-B2FE-4A2B-A9F3-AB2A5210C92F} - \ParetoLogic Update Version3 Startup Task -> No File <==== ATTENTION
Task: {343732B4-28B1-4D16-A4E8-F8CE0B660603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {3B7EA564-9FE4-4FCA-BD79-F19FE6656C6E} - System32\Tasks\{82195107-B431-4B17-B347-B4D952444FC7} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Sierra On-Line\Sutil32.exe"
Task: {3E583C44-ED51-4AD1-9DB4-08A5C7F4C500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {48B40CB9-7E13-4164-8F1B-7A22D9AC3CC4} - \ParetoLogic Update Version3 -> No File <==== ATTENTION
Task: {5631B4BC-C6E5-4069-ADC1-626784FAB45D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {6E0B8D58-84E4-4370-A36B-E75D454981DC} - System32\Tasks\HPCeeScheduleFor*MYNAME* => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {817ECB59-A0F1-4B0E-8E41-A495F838BED1} - System32\Tasks\{F0728C84-1F14-4C58-ACA8-8BAF294395BF} => C:\windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {9499AE7D-8C30-403E-ABB1-056A3D8215F2} - System32\Tasks\{27DB525A-6576-4E93-A8D3-D90243D19710} => C:\windows\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=heroes --displayname="Heroes of the Storm"
Task: {9571E2BD-FE52-4AB5-891E-AC412AC31CBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {9B66E9B8-494E-4DF9-8487-5B6C38F7944B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {A499BA76-4B1A-4820-86F0-8E79F86C0440} - \ParetoLogic Registration3 -> No File <==== ATTENTION
Task: {A66632E5-E40F-4261-9469-6D0CF226055A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A93D6881-29A0-49CB-AE58-085E93B11FB6} - System32\Tasks\Driver Booster SkipUAC (*MYNAME*) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Task: {B77F5B6B-8F28-431E-93E0-F228B074EA1F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {BA6CFC8D-2AB6-4CBE-B96D-B64A96AF95B0} - System32\Tasks\{0A9E95F9-BCF8-4C13-91A5-CA56571C5165} => C:\windows\system32\pcalua.exe -a E:\START.exe -d E:\
Task: {E1D3698A-7D9F-48E1-967F-E13278ABA435} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E235376D-B98E-441B-A115-FB29CA5B4D51} - System32\Tasks\AdobeAAMUpdater-1.0-family-*MYNAME* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {E7B517FA-02F1-465A-81CB-FCF81B499CDA} - System32\Tasks\{3FF35015-59F7-45B2-BFD1-46967D2EA640} => C:\windows\system32\pcalua.exe -a E:\Setup\rsrc\Autorun.exe -d E:\
Task: {F14B7FC5-6DB8-4F53-B707-1466366F56B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {F6E881AC-EA14-4283-915C-746A6AF7507F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\HPCeeScheduleFor*MYNAME*.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Сrusаdеr - Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)ShortcutWithArgument: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2017-01-16 08:26 - 2015-07-20 21:17 - 000592256 _____ () C:\Program Files (x86)\Avanquest\Fix-It\sqlite3x64.dll
2017-08-25 16:40 - 2017-08-23 01:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-25 16:40 - 2017-08-23 01:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-08-15 16:03 - 2017-08-04 14:19 - 000678176 _____ () C:\Program Files\Steam\SDL2.dll
2017-08-15 16:03 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files\Steam\v8.dll
2017-08-15 16:03 - 2017-09-06 21:51 - 002505504 _____ () C:\Program Files\Steam\video.dll
2017-08-15 16:03 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files\Steam\icui18n.dll
2017-08-15 16:03 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files\Steam\icuuc.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files\Steam\libavcodec-56.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2017-08-15 16:03 - 2017-09-06 21:51 - 000885024 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2017-08-15 16:03 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files\Steam\openvr_api.dll
2017-08-15 16:06 - 2017-07-17 15:50 - 073115424 _____ () C:\Program Files\Steam\bin\cef\cef.win7\libcef.dll
2017-08-15 16:06 - 2017-05-16 18:54 - 000678176 _____ () C:\Program Files\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-15 16:03 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files\Steam\winh264.dll
2017-08-15 16:06 - 2017-07-17 15:50 - 001936672 _____ () C:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-08-15 16:06 - 2017-07-17 15:50 - 000113952 _____ () C:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libegl.dll==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:85E27EE5 [192]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2017-08-09 17:15 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*MYNAME*\Pictures\mountains_rocks_sky_light_evening_87675_1280x900.jpg
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\*MYNAME*\Pictures\mountains_rocks_sky_light_evening_87675_1280x900.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: .AVQWindowsMonitorService => 2
MSCONFIG\Services: 0309191488847699mcinstcleanup => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AQFileRestoreSrv => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: Fix-It Task Manager => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: VCOMCloudAgent => 2
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Sound+"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "PowerDVD16Agent"
HKLM\...\StartupApproved\Run32: => "jhguy"
HKLM\...\StartupApproved\Run32: => "qADASD"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Book Source"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "NowUSeeIt Player"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Windi"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "VideoDownloaderUltimate"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Bionix Wallpaper"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "voxdff"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Book Source"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "NowUSeeIt Player"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Windi"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "VideoDownloaderUltimate"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Bionix Wallpaper"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "voxdff"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BD3B64E4-AFE9-4935-9594-1ACB2FAD00B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{963C6B75-ABD8-46CE-AED3-4FF567CAF6CA}] => (Allow) LPort=2869
FirewallRules: [{707C1706-80DD-487C-8DE8-5D7C1919D929}] => (Allow) LPort=1900
FirewallRules: [{83B482A6-4CED-4CCA-9113-FB1841B18F1D}] => (Allow) C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F69783A7-4245-479A-8071-59E42C8218D2}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{67785E5A-3A54-4240-AAC4-CE6FC8DF4CEC}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{59A71838-580D-44FD-B130-EEEB5F58F1E7}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{9E524117-B8B5-48FF-B985-D15511D77E58}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{FE585100-699D-404F-940D-49C08F78BFA2}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{AC025F4D-5FC3-4C4D-BD87-C0EA8A5B400C}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{0D721CF4-2A65-474B-BBD5-BA3A2E7A49DE}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{62935113-E1A4-4FDE-96CB-B37BFCE7AF20}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{9D92EEA9-7461-4513-8CFE-8D128BCC3C1D}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{50292CB6-B63D-481F-88B4-221A7B39A12B}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䡜祵敧楮湡扵物汯䡜祵敧楮湡扵物汯攮數
FirewallRules: [{B4F522C3-D970-4C9C-8CDA-B38FE27B50DB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䡜祵敧楮湡扵物汯䡜祵敧楮湡扵物汯硥e
FirewallRules: [{3B8D721E-3D03-4DE7-8622-78C08A99277B}] => (Allow) LPort=13139
FirewallRules: [{3702A841-F965-4639-910C-AB40DA148C99}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{DE16D92B-4C0D-4B3D-B893-BF6B4D05E84E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{AED0A2E3-0C21-4A67-97B4-F71401BFAAAE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{F42F894E-4A66-422A-91E8-B8952E337498}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{23091B0F-EE14-422D-B4A0-5A9970B678D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{819DB7B8-BD5E-4C9B-B408-663E895141DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{4E261F21-615B-456F-A1F8-EFB5BA7DF6F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{9CB3CEA1-A960-4530-A2AF-A75FDBD8B137}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{735C566A-B128-4D86-8BA7-D98669A6CEB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E74888A8-C118-449E-BB47-0FE8BAA754F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6555CDE3-61AD-4696-BD43-C089A095828D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{23FAB800-286C-422D-B0BC-3FBFCFBA14B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{5EF4998E-D2E8-4347-BC2C-7E5D3F80D002}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{AE27D3BF-A659-4C40-B049-3E087670CB87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{FD31679D-0B14-4116-897A-86E86A0F4FD1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{284D4927-6025-49BE-8A5C-5A15E8F623F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{6E0B53EA-33CF-4EA2-94D7-A940A5850D6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{64E3CDE5-1F6B-453B-92A8-E4BFF0D7CF3E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{FAA29197-4629-4B55-BA07-477B2B77884D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1FC80B29-8E36-40DF-95DF-1D9C9291C56D}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F53B9E7E-A62A-4CE9-96B8-1234127D00EB}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{201A80C8-46DE-48E1-A47E-462B536762F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E9443294-9025-49FC-97FB-F90CFD44A5AB}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{40542D8F-45C4-4C88-8F09-6EDD9FB4F3E8}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [{3D2F1767-F344-48BC-83DF-559C751CEF86}] => (Allow) C:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{776A5616-FAC2-479F-AC6A-590D9662327F}] => (Allow) C:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{D95861AF-1B76-4295-8EF8-5BD291D0B150}] => (Allow) C:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{478A05B8-4863-4DEA-8338-B2C1FF6AF424}] => (Allow) C:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{558311C6-74FA-40CE-BA36-8911BFFE939F}C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D6343E59-239F-4489-928F-0DD31D64BC92}C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================Application errors:
==================
Error: (09/20/2017 08:19:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Operation:
Instantiating VSS serverError: (09/20/2017 08:19:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
Operation:
Instantiating VSS serverError: (09/20/2017 05:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mask.exe, version: 0.0.0.10, time stamp: 0x369d33fe
Faulting module name: Mask.exe, version: 0.0.0.10, time stamp: 0x369d33fe
Exception code: 0xc0000005
Fault offset: 0x00081367
Faulting process id: 0x134
Faulting application start time: 0x01d332730fe75b15
Faulting application path: C:\GOG Games\Kings Quest 8\Mask.exe
Faulting module path: C:\GOG Games\Kings Quest 8\Mask.exe
Report Id: 534eb7fd-9e66-11e7-8376-a0481ca697b4
Faulting package full name:
Faulting package-relative application ID:
Error: (09/20/2017 04:43:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\JOSEPH~1\AppData\Local\Temp\{6C98E7C0-C919-4AD7-841A-C83EC04F3B58}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}\" -tempdisk1folder:"C:\Users\JOSEPH~1\AppData\Local\Temp\{6C98E7C0-C919-4AD7-841A-C83EC04F3B58}\"; Description = Removed Hi-Rez Studios Games; Error = 0x80042302).Error: (09/20/2017 04:43:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Operation:
Instantiating VSS serverError: (09/20/2017 04:43:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
Operation:
Instantiating VSS server
System errors:
=============
Error: (09/20/2017 04:26:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 5 time(s).Error: (09/19/2017 05:01:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Visual Studio 2010 Service Pack 1.Error: (09/19/2017 04:05:33 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.Error: (09/19/2017 04:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 4 time(s).Error: (09/18/2017 05:57:59 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.Error: (09/18/2017 05:57:50 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.Error: (09/18/2017 05:57:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.Error: (09/18/2017 05:57:29 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.Error: (09/18/2017 05:57:19 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.Error: (09/18/2017 05:57:04 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
CodeIntegrity:
===================================
Date: 2017-09-16 10:47:11.957
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:47:11.441
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:38:40.552
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:38:40.020
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:36:03.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:36:02.832
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:32:17.769
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-16 10:32:16.019
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-10 20:17:51.877
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2017-09-10 20:17:51.346
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 3532.7 MB
Available physical RAM: 2044.85 MB
Total Virtual: 5611.62 MB
Available Virtual: 3516.86 MB==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:449.69 GB) (Free:282.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.59 GB) (Free:1.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (AGE2_X1) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B78B16C0)Partition: GPT.
==================== End of Addition.txt ============================
-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by *MYNAME* (administrator) on FAMILY (20-09-2017 20:17:00)
Running from C:\Users\*MYNAME*\Downloads
Loaded Profiles: *MYNAME* & (Available Profiles: *MYNAME*)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-08-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [svcvmx] => C:\Users\*MYNAME*\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-09-16] () <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\MountPoints2: {60b3e955-dbff-11e6-8321-a0481ca697b4} - "H:\aocsetup.exe" /autorun
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {60b3e955-dbff-11e6-8321-a0481ca697b4} - "H:\aocsetup.exe" /autorun
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-10-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2016-05-02]
Startup: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill-unsigned.exe - Shortcut.lnk [2017-08-30]
ShortcutTarget: rkill-unsigned.exe - Shortcut.lnk -> C:\Users\*MYNAME*\Desktop\rkill-unsigned.exe (No File)==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0E8F22EC-22D7-4156-9F06-94B9094422F2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B24A81F2-032C-463C-910C-FE398EDD8214}: [DhcpNameServer] 192.168.254.254Internet Explorer:
==================
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-1955727277-3545952101-1272509919-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1DA9AC06-49A0-44C3-A20C-204D1ED4BF48} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No FileFireFox:
========
FF DefaultProfile: voy13sbn.default
FF ProfilePath: C:\Users\*MYNAME*\AppData\Roaming\Mozilla\Firefox\Profiles\voy13sbn.default [2017-09-17]
FF NewTab: Mozilla\Firefox\Profiles\voy13sbn.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\voy13sbn.default -> user_pref("browser.startup.homepage", "about:home"about:home);
FF Keyword.URL: Mozilla\Firefox\Profiles\voy13sbn.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\*MYNAME*\AppData\Roaming\Mozilla\Firefox\Profiles\voy13sbn.default\searchplugins\search provided by bing.xml [2017-01-14]Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Default [2017-09-12]
CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-20]
CHR Extension: (Google Translate) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-03-04]
CHR Extension: (Google Slides) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-04]
CHR Extension: (Dark Theme for Google Chrome) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2017-09-14]
CHR Extension: (Google Docs) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-04]
CHR Extension: (Google Drive) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-04]
CHR Extension: (YouTube) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-04]
CHR Extension: (Google Mail Checker) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkneojpkhdhkohpfkcdcbobponbmcmoo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkneojpkhdhkohpfkcdcbobponbmcmoo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249704 2015-07-20] (Avanquest Software)
S4 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [113536 2015-07-20] (Avanquest Software)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [382504 2017-09-10] (EasyAntiCheat Ltd)
S4 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2015-07-20] (Avanquest Software)
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-08-01] (Realtek Semiconductor)
S2 UserAccess7; C:\windows\SysWOW64\UAService7.exe [143360 2017-03-23] (Sony DADC Austria AG.) [File not signed]
S4 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [142720 2015-07-20] (Avanquest Software North America)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S4 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
S2 MBAMService; "\" [X]===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 737251EC; C:\windows\system32\drivers\737251EC.sys [253888 2017-09-20] (Malwarebytes)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 AQFileRestore; C:\windows\System32\DRIVERS\AQFileRestore.sys [22096 2015-07-20] ()
S3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) [File not signed]
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [303616 2016-09-11] () [File not signed]
S3 dot4; C:\windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 gzflt; C:\Program Files (x86)\Avanquest\Fix-It\gzflt.sys [150256 2014-11-04] (BitDefender LLC)
R3 Hamachi; C:\windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [55232 2017-08-04] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-08-01] (REALiX(tm))
S2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [35328 2016-09-11] () [File not signed]
S3 MBAMProtector; C:\windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; C:\windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-09-04] (Malwarebytes)
S3 MWAC; C:\windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; C:\windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 NPF; C:\windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2017-08-01] (Realsil Semiconductor Corporation)
R3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [11616 2000-09-19] () [File not signed]
S3 tap0901t; C:\windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-18] ()
S3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [389240 2014-11-04] (BitDefender S.R.L.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
S3 xspirit; \??\C:\windows\xspirit.sys [X]
S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X]
S2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; \??\C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [X]==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-20 20:17 - 2017-09-20 20:17 - 000016199 _____ C:\Users\*MYNAME*\Downloads\FRST.txt
2017-09-20 20:13 - 2017-09-20 20:17 - 000000000 ____D C:\FRST
2017-09-20 20:10 - 2017-09-20 20:10 - 002399744 _____ (Farbar) C:\Users\*MYNAME*\Downloads\FRST64.exe
2017-09-20 18:09 - 2017-09-20 18:10 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\dgVoodoo
2017-09-20 17:51 - 2017-09-20 17:51 - 000000000 ____D C:\Users\*MYNAME*\GlideWrapper
2017-09-20 17:51 - 2017-09-20 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glide wrapper
2017-09-20 17:32 - 2017-09-20 17:32 - 013290179 _____ C:\Users\*MYNAME*\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-20 17:20 - 2017-09-20 18:29 - 000001664 _____ C:\Users\Public\Desktop\King's Quest 8 - Mask of Eternity.lnk
2017-09-20 17:20 - 2017-09-20 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King's Quest Series
2017-09-20 16:31 - 2017-09-20 16:31 - 000253888 _____ (Malwarebytes) C:\windows\system32\Drivers\737251EC.sys
2017-09-18 18:03 - 2017-09-19 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2017-09-18 17:44 - 2017-09-18 18:03 - 000000000 ____D C:\Sierra
2017-09-17 13:41 - 2017-09-17 13:41 - 000003304 _____ C:\windows\System32\Tasks\{B1B20386-608B-4C51-9B6D-A915C4DB882E}
2017-09-17 06:55 - 2017-09-17 06:55 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Codename Entertainment
2017-09-16 11:11 - 2017-09-16 11:11 - 000002346 _____ C:\Users\Public\Desktop\Tales of Middle-Earth.lnk
2017-09-16 10:29 - 2017-09-16 10:29 - 000002082 _____ C:\Users\Public\Desktop\The Conquerors.lnk
2017-09-16 10:21 - 2017-09-16 10:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2017-09-11 05:47 - 2017-09-11 05:47 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\EasyAntiCheat
2017-09-11 05:43 - 2017-09-11 05:43 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\HirezLauncherUI
2017-09-11 05:42 - 2017-09-20 16:43 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2017-09-11 05:42 - 2017-09-20 16:43 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-10 17:14 - 2017-09-10 17:14 - 000000000 __SHD C:\windows\ei_temp
2017-09-10 15:52 - 2017-09-10 15:52 - 000000000 ____D C:\Program Files (x86)\Fox
2017-09-10 15:50 - 2017-09-10 15:50 - 000021840 _____ C:\windows\SysWOW64\SIntfNT.dll
2017-09-10 15:50 - 2017-09-10 15:50 - 000017212 _____ C:\windows\SysWOW64\SIntf32.dll
2017-09-10 15:50 - 2017-09-10 15:50 - 000012067 _____ C:\windows\SysWOW64\SIntf16.dll
2017-09-09 11:21 - 2017-09-09 11:21 - 000001511 _____ C:\Users\*MYNAME*\Desktop\One-Click-Optimizer (WO2017).lnk
2017-09-09 11:21 - 2017-09-09 11:21 - 000001279 _____ C:\Users\*MYNAME*\Desktop\Ashampoo WinOptimizer 2017.lnk
2017-09-09 11:21 - 2017-09-09 11:21 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-09-09 11:20 - 2017-09-09 11:20 - 000000000 ____D C:\ProgramData\Ashampoo
2017-09-09 11:20 - 2017-09-09 11:20 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2017-09-09 11:20 - 2009-08-24 21:13 - 000034304 _____ (mst software GmbH, Germany) C:\windows\system32\DfSdkBt.exe
2017-09-08 16:53 - 2017-09-08 16:53 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Bad Seed SRL
2017-09-08 06:14 - 2017-09-08 06:14 - 000002277 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk
2017-09-08 06:14 - 2017-09-08 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2017-09-08 06:11 - 2017-09-08 06:11 - 000000000 ____D C:\Program Files (x86)\EA GAMES
2017-09-07 17:36 - 2017-09-07 17:36 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\UnrealEngine
2017-09-07 17:36 - 2017-09-07 17:36 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\TBL
2017-09-05 05:50 - 2017-09-20 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-09-05 05:46 - 2017-09-08 15:59 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-09-04 20:12 - 2017-09-04 20:14 - 000000127 _____ C:\Users\*MYNAME*\Desktop\Stuff.txt
2017-09-04 15:42 - 2017-09-04 15:42 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\CrashRpt
2017-09-04 11:47 - 2017-09-04 11:47 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-09-03 10:06 - 2017-09-03 10:06 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Notepad++
2017-09-03 09:55 - 2017-09-03 09:55 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-09-03 09:07 - 2017-09-03 09:51 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\PAYDAY 2
2017-09-03 05:44 - 2017-09-17 13:42 - 000000000 ____D C:\Program Files (x86)\GOG.com
2017-09-03 02:04 - 2017-09-03 02:04 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\HP_Development_Company,_L
2017-09-02 07:00 - 2017-09-02 07:00 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Awesome Games Studio
2017-09-01 06:10 - 2017-09-01 06:10 - 000976896 _____ (Bleeping Computer, LLC) C:\Users\Joseph Whittaker\Desktop\rkill-unsigned64.exe
2017-08-30 21:02 - 2017-09-09 17:28 - 000001810 _____ C:\Users\Joseph Whittaker\Desktop\New Text Document.txt
2017-08-30 20:55 - 2017-08-30 20:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Studios
2017-08-30 15:59 - 2017-08-30 16:00 - 000000000 ____D C:\8292ce730fbf7bc9234ac1
2017-08-28 16:10 - 2017-08-28 16:10 - 000000000 _____ C:\Users\*MYNAME*\AppData\Local\{65961C61-4980-4445-B5C7-A7B4C7F25E34}
2017-08-26 06:25 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\Documents\Starcraft
2017-08-26 06:25 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Blizzard
2017-08-26 04:37 - 2017-08-26 04:37 - 000000986 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-08-26 04:37 - 2017-08-26 04:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-08-25 22:50 - 2017-08-26 14:25 - 000000000 ____D C:\Users\*MYNAME*\Documents\Heroes of the Storm
2017-08-25 22:50 - 2017-08-25 22:50 - 000000846 _____ C:\Users\Public\Desktop\StarCraft.lnk
2017-08-25 22:50 - 2017-08-25 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
2017-08-25 20:13 - 2017-09-20 19:53 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-08-25 20:06 - 2017-09-14 21:14 - 000000000 ____D C:\Program Files (x86)\StarCraft
2017-08-25 20:01 - 2017-09-20 20:08 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Battle.net
2017-08-25 20:01 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Battle.net
2017-08-25 20:01 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Blizzard Entertainment
2017-08-25 20:01 - 2017-08-25 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-08-25 20:00 - 2017-08-25 20:11 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZ2 - Forgotten Enemies
2017-08-25 19:58 - 2017-09-20 18:38 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-08-24 18:41 - 2017-08-24 18:41 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Blizzard
2017-08-23 17:30 - 2017-09-20 16:20 - 000001880 _____ C:\Users\*MYNAME*\Desktop\Rkill.txt
2017-08-21 10:52 - 2017-08-21 10:52 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-08-21 10:45 - 2017-09-20 17:18 - 000000000 ____D C:\GOG Games==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-20 19:31 - 2017-08-15 15:58 - 000000000 ____D C:\Program Files\Steam
2017-09-20 18:10 - 2017-02-08 20:37 - 000003216 _____ C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.zbag.ini
2017-09-20 17:51 - 2015-10-10 11:32 - 000000000 ____D C:\Users\*MYNAME*
2017-09-20 17:46 - 2017-08-20 17:37 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\CrashDumps
2017-09-20 17:25 - 2015-10-10 11:37 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1955727277-3545952101-1272509919-1001
2017-09-20 16:53 - 2017-08-04 13:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-20 16:51 - 2014-04-02 11:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-20 16:46 - 2017-08-12 13:28 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\My Games
2017-09-20 16:46 - 2015-10-10 13:15 - 000000000 ____D C:\Users\*MYNAME*\Documents\My Games
2017-09-20 16:43 - 2017-08-19 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-09-19 16:58 - 2015-10-16 13:48 - 000000000 ____D C:\windows\system32\MRT
2017-09-19 16:55 - 2015-10-16 13:48 - 138202976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-09-18 18:21 - 2017-01-29 19:35 - 000000259 _____ C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.mask.ini
2017-09-17 16:38 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf
2017-09-17 02:49 - 2017-01-23 14:22 - 000003220 _____ C:\windows\System32\Tasks\HPCeeScheduleFor*MYNAME*
2017-09-17 02:49 - 2017-01-23 14:22 - 000000386 _____ C:\windows\Tasks\HPCeeScheduleFor*MYNAME*.job
2017-09-16 11:14 - 2015-12-02 19:53 - 000000000 ____D C:\windows\Minidump
2017-09-16 10:46 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-09-16 10:36 - 2014-04-02 11:12 - 000065536 _____ C:\windows\system32\spu_storage.bin
2017-09-16 10:36 - 2013-08-22 06:25 - 010485760 _____ C:\windows\system32\config\HARDWARE
2017-09-16 10:36 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\BBI
2017-09-14 16:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness
2017-09-11 05:47 - 2016-08-28 09:15 - 000000298 _____ C:\Users\*MYNAME*\Documents\Password.txt
2017-09-10 21:18 - 2015-10-11 15:22 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\ElevatedDiagnostics
2017-09-10 20:29 - 2016-12-12 18:10 - 000382504 _____ (EasyAntiCheat Ltd) C:\windows\SysWOW64\EasyAntiCheat.exe
2017-09-10 20:03 - 2015-12-26 08:38 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft Games
2017-09-10 11:08 - 2017-08-12 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4
2017-09-09 15:52 - 2015-11-11 17:04 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Temp
2017-09-09 15:52 - 2013-08-24 15:31 - 000000000 ____D C:\windows\Panther
2017-09-07 18:05 - 2017-08-15 16:08 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Steam
2017-09-07 17:36 - 2013-08-24 14:59 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-04 15:39 - 2016-12-31 22:43 - 000189248 _____ C:\windows\SysWOW64\PnkBstrB.ex0
2017-09-04 11:34 - 2017-08-04 13:16 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-28 20:17 - 2017-08-12 17:43 - 000000000 ____D C:\Program Files (x86)\id Software
2017-08-27 05:57 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\NDF
2017-08-25 16:40 - 2017-03-04 11:24 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk==================== Files in the root of some directories =======
2017-01-29 19:35 - 2017-09-18 18:21 - 000000259 _____ () C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.mask.ini
2017-02-08 20:37 - 2017-09-20 18:10 - 000003216 _____ () C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.zbag.ini
2016-01-31 21:13 - 2016-01-31 21:13 - 000077953 _____ () C:\Users\*MYNAME*\AppData\Roaming\icarus-dxdiag.xml
2017-01-14 20:55 - 2017-06-22 10:47 - 000000096 _____ () C:\Users\*MYNAME*\AppData\Roaming\version2.xml
2016-01-26 11:39 - 2016-01-26 11:39 - 000000042 _____ () C:\Users\*MYNAME*\AppData\Roaming\WB.CFG
2016-06-29 22:26 - 2017-03-26 16:09 - 000007605 _____ () C:\Users\*MYNAME*\AppData\Local\resmon.resmoncfg
2016-02-09 07:45 - 2016-02-09 07:45 - 000002560 _____ () C:\Users\*MYNAME*\AppData\Local\uninstall.exe
2017-08-28 16:10 - 2017-08-28 16:10 - 000000000 _____ () C:\Users\*MYNAME*\AppData\Local\{65961C61-4980-4445-B5C7-A7B4C7F25E34}
2016-10-15 12:35 - 2017-07-22 10:59 - 000005402 _____ () C:\ProgramData\hpzinstall.log
2016-09-01 18:31 - 2016-09-01 18:31 - 000000016 _____ () C:\ProgramData\mntempFiles to move or delete:
====================
C:\Users\Joseph Whittaker\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
Some files in TEMP:
====================
2017-09-19 17:01 - 2017-09-18 18:20 - 000036158 _____ () C:\Users\*MYNAME*\AppData\Local\Temp\A~NSISu_.exe
2017-09-20 16:45 - 2006-10-11 09:38 - 000720896 _____ () C:\Users\*MYNAME*\AppData\Local\Temp\EAInstall.dll
2017-09-20 16:45 - 2006-11-06 09:59 - 000253952 _____ (Electronic Arts Inc.) C:\Users\*MYNAME*\AppData\Local\Temp\eauninstall.exe
2017-09-20 16:46 - 2006-10-10 11:57 - 000094208 _____ (Electronic Arts Inc.) C:\Users\*MYNAME*\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe
2017-09-20 16:46 - 2007-02-27 16:08 - 000456416 _____ (Macrovision Corporation) C:\Users\*MYNAME*\AppData\Local\Temp\_isC31C.exe==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\windows\system32\drivers\mouqwtlo.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\windows\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTIONLastRegBack: 2017-09-10 21:16
==================== End of FRST.txt ============================
-
Hello there. I hope your day is fine unlike mine. Recently I've found my PC to be a bit sluggish, often times taking a good 8-10 minutes on startup and other programs being slow. When I decided to look into the problem at hand I've found out that my computer has been infected with malware called "Svcvmx.exe" and several other "clients" and CTFLoader or something similar to that name. I've tried numerous programs to remove this most annoying file, including but not limited to: Malwarebytes, Mcafee, Norton (yes, I know, I was desperate), Malwarebytes Anti-Rootkit, ADWCleaner, and Avast. All of them were stopped in their tracks by a simple but lying message, "The Requested Resource is in use" which is quite obviously false since I've never ran the program before and nowhere does it say that it is running. I was moving around the internet looking for potential fixes when I found something called "roguekiller" by bleeping computer. This program was not stopped by the virus and it did its job: closing the virus processes. But the issue remained, I am locked off from all the files containing malware so I can't delete them and more recently it made my PC require key activation mode and I couldn't change the settings for things like lockscreen image and other personalization items. I've already gotten this past Microsoft and that problem got resolved.
There was a free giveaway on Ashampoo's site for a program called Ashampoo WinOptimizer 2017 (a website for their optimization programs and the like) and so naturally I wanted to try it out. Wonderful program but I noticed that it did something very good: it was able to "destroy files" in the drop down menu when you right click a file . So I made my merry way to the file location to see if this would finally work, to see if my dreams could come true. To a certain extent, yes. Yes it did work. Although the files are still there, they are no longer functional. I came here hoping to see if I can get help removing these files because I'm not entirely sure they are completely gone and on top of that I'm still receiving the "The Requested Resource is in use" error.
Additional note: I used the Malwarebytes Anti-Rootkit and it says the message but somehow gets around it. I update it to whatever it says is the next update then I press scan. Somewhere around the middle of the scan when it finds 2 viruses (which are the criminals in question) a file pops up in task manager and closes Malwarebytes. I've been planning on getting the virus name but I can't seem to get the anti-rootkit to start right now. Sorry for wasting your time but I really need a fix, this is becoming quite the annoyance.
Svcvmx and Other Viruses Issue
in Resolved Malware Removal Logs
Posted
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by JosephWhittaker (21-09-2017 19:16:51) Run:1
Running from C:\Users\Joseph Whittaker\Desktop
Loaded Profiles: JosephWhittaker & (Available Profiles: JosephWhittaker)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************
========= bcdedit.exe /set {default} recoveryenabled yes =========
The operation completed successfully.
========= End of CMD: =========
========= dir C:\Windows =========
Volume in drive C is Windows
Volume Serial Number is 5085-9965
Directory of C:\Windows
09/21/2017 04:37 PM <DIR> .
09/21/2017 04:37 PM <DIR> ..
07/18/2016 08:22 PM <DIR> 8A809006C25A4A3A9DAB94659BCDB107.TMP
08/22/2013 08:36 AM <DIR> addins
08/22/2013 08:36 AM <DIR> ADFS
11/27/2015 08:08 AM <DIR> AppCompat
10/22/2016 05:29 AM <DIR> apppatch
09/14/2017 04:11 PM <DIR> AppReadiness
05/05/2013 04:22 AM 47,164 atiogl.xml
04/02/2014 11:12 AM 0 ativpsrm.bin
08/22/2013 04:21 AM 56,832 bfsvc.exe
08/22/2013 08:36 AM <DIR> Boot
08/22/2013 08:36 AM <DIR> Branding
11/28/2015 12:06 AM <DIR> Camera
05/03/2017 06:50 PM <DIR> CbsTemp
08/21/2013 11:51 PM 35,851 Core.xml
08/21/2013 11:51 PM 35,851 CoreSingleLanguage.xml
04/02/2014 11:57 AM 10 csup.txt
08/22/2013 08:36 AM <DIR> Cursors
12/12/2015 09:05 PM <DIR> D56B0E274A3E46C9B5C1D93D580C099C.TMP
09/19/2017 04:55 PM <DIR> debug
08/22/2013 08:36 AM <DIR> DesktopTileResources
08/22/2013 08:36 AM <DIR> diagnostics
08/22/2013 08:43 AM <DIR> DigitalLocker
04/02/2014 12:17 PM <DIR> en
11/26/2015 07:19 AM <DIR> en-US
08/27/2016 12:44 PM 2,755,504 explorer.exe
11/28/2015 12:06 AM <DIR> FileManager
03/11/2017 08:26 AM 328 game.ini
06/19/2005 09:45 AM 262,144 glide2x.dll
06/19/2005 09:45 AM 258,048 glide3x.dll
09/24/2016 08:25 AM <DIR> Globalization
08/22/2013 12:10 PM <DIR> Help
10/28/2014 06:46 PM 1,001,472 HelpPane.exe
04/02/2014 12:08 PM <DIR> Hewlett-Packard
10/28/2014 07:43 PM 17,408 hh.exe
07/22/2017 10:59 AM 79,142 hpqins05.dat
11/03/2016 04:02 PM 218,321 hpwins23.dat
10/15/2012 07:11 AM 1,698 hpwmdl23.dat
10/15/2012 07:11 AM 1,698 hpwmdl23.dat.temp
11/28/2015 12:02 AM <DIR> IME
11/28/2015 12:07 AM <DIR> ImmersiveControlPanel
09/17/2017 04:38 PM <DIR> Inf
06/07/2016 07:59 AM <DIR> InputMethod
07/20/2016 07:23 PM <DIR> Installing Adobe Acrobat Reader
10/11/2015 07:00 AM 0 iplayer.INI
10/29/1998 04:45 PM 306,688 IsUninst.exe
07/01/2016 08:52 AM 0 ka.ini
08/22/2013 08:36 AM <DIR> L2Schemas
08/01/2017 11:56 AM <DIR> LastGood.Tmp
04/01/2016 10:28 PM <DIR> LiveKernelReports
09/16/2017 11:14 AM <DIR> Logs
11/28/2015 12:06 AM <DIR> MediaViewer
02/12/2017 08:35 AM 392,632,543 MEMORY.DMP
08/22/2013 12:01 AM 43,131 mib.bin
09/11/2017 02:18 AM <DIR> Microsoft.NET
11/26/2015 07:22 AM <DIR> Migration
09/16/2017 11:14 AM <DIR> Minidump
08/22/2013 08:36 AM <DIR> ModemLogs
07/09/2015 10:13 AM 221,184 notepad.exe
11/16/2016 04:42 PM <DIR> Offline Web Pages
09/09/2017 03:52 PM <DIR> Panther
08/22/2013 08:36 AM <DIR> Performance
08/22/2013 08:36 AM <DIR> PLA
05/02/2016 04:44 PM <DIR> PolicyDefinitions
09/21/2017 07:16 PM <DIR> Prefetch
08/09/2017 05:49 PM <DIR> pss
10/28/2014 07:12 PM 154,624 regedit.exe
12/25/2015 12:18 PM <DIR> Registration
05/04/2017 04:08 PM <DIR> rescache
08/22/2013 08:36 AM <DIR> Resources
08/01/2017 11:39 AM 4,332,032 RtCRU64.exe
07/19/2013 04:55 PM 2,080,472 RtlExUpd.dll
08/22/2013 08:36 AM <DIR> SchCache
08/28/2016 11:43 AM <DIR> schemas
08/22/2013 08:36 AM <DIR> security
08/22/2013 07:45 AM <DIR> ServiceProfiles
11/28/2015 12:05 AM <DIR> servicing
08/24/2013 04:03 PM <DIR> Setup
10/22/2016 05:28 AM <DIR> ShellNew
05/05/2017 06:19 PM 354 SIERRA.INI
08/22/2013 12:12 PM <DIR> SKB
10/10/2015 11:11 AM <DIR> SoftwareDistribution
08/22/2013 08:36 AM <DIR> Speech
10/28/2014 07:19 PM 128,512 splwow64.exe
08/21/2013 11:51 PM 35,891 Starter.xml
12/03/2016 10:14 PM <DIR> System
08/22/2013 06:25 AM 219 system.ini
09/16/2017 11:14 AM <DIR> System32
08/22/2013 08:36 AM <DIR> SystemResources
09/10/2017 03:50 PM <DIR> SysWOW64
08/22/2013 08:36 AM <DIR> TAPI
09/17/2017 02:49 AM <DIR> Tasks
09/21/2017 04:12 PM <DIR> Temp
12/13/2016 06:44 PM <DIR> ToastData
01/21/2017 12:02 PM 402 toolsx86.INI
08/22/2013 08:36 AM <DIR> tracing
09/10/2017 09:16 PM <DIR> twain_32
10/28/2014 06:34 PM 54,272 twain_32.dll
05/21/2001 03:43 AM 712,970 UnDangerZ.exe
11/10/1999 11:05 AM 86,016 unvise32qt.exe
08/22/2013 08:36 AM <DIR> vpnplugins
08/22/2013 08:36 AM <DIR> Vss
08/22/2013 08:36 AM <DIR> Web
06/19/2017 01:08 PM 222 win.ini
09/21/2017 06:48 PM 1,092,359 WindowsUpdate.log
10/28/2014 06:53 PM 9,728 winhlp32.exe
11/26/2015 07:22 AM <DIR> WinStore
05/06/2017 09:43 PM <DIR> WinSxS
02/05/2013 10:56 PM 322,048 WLXPGSS.SCR
06/18/2013 07:54 AM 316,640 WMSysPr9.prx
10/28/2014 07:34 PM 11,264 write.exe
08/07/2017 08:11 PM 559,322 ZAM.krnl.trace
08/08/2017 06:10 AM 664,592 ZAM_Guard.krnl.trace
10/11/2015 03:16 PM 355,899 _detmp.1
11/09/1998 12:12 AM 51,712 _detmp.2
43 File(s) 408,944,567 bytes
73 Dir(s) 304,106,237,952 bytes free
========= End of CMD: =========
========= dir C:\Windows\system32\drivers =========
Volume in drive C is Windows
Volume Serial Number is 5085-9965
Directory of C:\Windows\system32\drivers
09/20/2017 04:31 PM <DIR> .
09/20/2017 04:31 PM <DIR> ..
08/22/2013 04:38 AM 231,424 1394ohci.sys
08/22/2013 05:43 AM 108,896 3ware.sys
09/20/2017 04:31 PM 253,888 737251EC.sys
10/06/2014 11:44 PM 533,824 acpi.sys
08/22/2013 05:49 AM 79,712 acpiex.sys
08/22/2013 04:38 AM 10,240 acpipagr.sys
08/22/2013 04:38 AM 12,288 acpipmi.sys
08/22/2013 04:38 AM 10,752 acpitime.sys
08/22/2013 05:43 AM 782,176 adp80xx.sys
10/13/2015 10:10 AM 559,616 afd.sys
07/07/2016 03:32 PM 95,744 agilevpn.sys
08/22/2013 05:43 AM 62,304 AGP440.sys
03/19/2015 06:56 PM 80,384 ahcache.sys
08/22/2013 01:46 AM 95,744 amdk8.sys
05/22/2013 05:38 AM 36,096 amdkmpfd.sys
08/22/2013 01:46 AM 98,816 amdppm.sys
08/22/2013 05:43 AM 79,200 amdsata.sys
08/22/2013 05:43 AM 259,424 amdsbs.sys
08/22/2013 05:43 AM 25,952 amdxata.sys
08/01/2017 11:49 AM 83,656 amd_sata.sys
08/01/2017 11:49 AM 23,752 amd_xata.sys
07/18/2013 04:00 PM 83,224 AmUStor.sys
10/28/2014 07:46 PM 82,944 appid.sys
07/29/2014 04:41 PM 1,984 AQFileRestore.inf
07/20/2015 09:18 PM 22,096 AQFileRestore.sys
08/22/2013 05:43 AM 114,016 arcsas.sys
08/22/2013 04:38 AM 26,624 asyncmac.sys
08/22/2013 05:43 AM 26,464 atapi.sys
08/22/2013 05:43 AM 199,520 ataport.sys
08/01/2017 11:55 AM 43,520 ati2erec.dll
06/23/2013 01:49 AM 138,240 AtihdWB6.sys
08/01/2017 11:55 AM 13,956,096 atikmdag.sys
08/01/2017 11:55 AM 632,320 atikmpag.sys
09/11/2016 06:45 PM 303,616 atksgt.sys
08/22/2013 04:39 AM 50,688 BasicDisplay.sys
02/22/2014 05:14 AM 33,280 BasicRender.sys
08/22/2013 05:49 AM 35,168 battc.sys
08/12/2013 04:25 PM 17,624 bcmfn2.sys
12/12/2011 05:37 PM 1,229,568 bcmwlhigh664.sys
08/22/2013 04:40 AM 7,680 beep.sys
10/04/2016 01:39 PM 101,376 bowser.sys
10/28/2014 07:45 PM 115,712 bridge.sys
11/23/2013 12:13 AM 19,456 BtaMPM.sys
08/22/2013 04:38 AM 36,992 BthAvrcpTg.sys
03/08/2015 07:02 PM 57,856 bthhfenum.sys
08/22/2013 04:38 AM 30,720 BthhfHid.sys
08/22/2013 04:36 AM 63,488 bthmodem.sys
08/22/2013 05:43 AM 531,296 bxvbda.sys
08/22/2013 04:40 AM 88,576 cdfs.sys
08/22/2013 01:46 AM 164,352 cdrom.sys
08/22/2013 04:38 AM 44,032 circlass.sys
05/06/2016 02:59 PM 331,608 Classpnp.sys
10/12/2016 01:01 AM 377,176 clfs.sys
08/22/2013 04:39 AM 25,472 CmBatt.sys
05/18/2016 04:18 PM 563,024 cng.sys
08/22/2013 04:38 AM 36,352 CompositeBus.sys
08/22/2013 06:25 AM 43,008 condrv.sys
05/29/2012 03:53 PM 27,456 cpqdfw.sys
08/22/2013 05:43 AM 68,960 crashdmp.sys
08/22/2013 05:50 AM 57,696 dam.sys
09/08/2016 07:00 AM 138,240 dfsc.sys
01/20/2016 03:40 PM 99,672 disk.sys
08/22/2013 05:43 AM 36,192 Diskdump.sys
08/22/2013 04:40 AM 13,312 Dmpusbstor.sys
08/22/2013 04:37 AM 29,696 dmvsc.sys
09/25/2012 12:52 AM 151,968 Dot4.sys
09/25/2012 12:52 AM 27,040 Dot4Prt.sys
09/25/2012 12:52 AM 49,056 Dot4usb.sys
10/28/2014 07:47 PM 89,088 drmk.sys
10/28/2014 08:58 PM 14,528 drmkaud.sys
08/22/2013 05:39 AM 33,632 Dumpata.sys
06/18/2016 01:06 PM 72,408 dumpfve.sys
03/12/2015 09:03 PM 154,432 dumpsd.sys
04/09/2016 10:37 PM 1,549,144 dxgkrnl.sys
10/28/2014 08:57 PM 389,952 dxgmms1.sys
06/18/2013 07:45 AM 460,288 e1i63x64.sys
08/22/2013 05:43 AM 82,784 EhStorClass.sys
08/22/2013 05:43 AM 114,016 EhStorTcgDrv.sys
10/22/2016 05:28 AM <DIR> en-US
08/22/2013 04:38 AM 10,240 errdev.sys
08/09/2017 05:15 PM <DIR> etc
08/22/2013 05:43 AM 3,357,024 evbda.sys
08/22/2013 04:40 AM 200,704 exfat.sys
08/22/2013 05:49 AM 217,952 fastfat.sys
05/03/2016 07:26 PM 79,064 fbwfh.sys
08/22/2013 04:40 AM 30,720 fdc.sys
02/22/2014 09:00 AM 79,192 fileinfo.sys
08/22/2013 04:39 AM 34,816 filetrace.sys
08/22/2013 04:40 AM 25,088 flpydisk.sys
08/25/2014 08:30 PM 354,112 fltMgr.sys
10/15/2014 01:32 AM 61,248 fsdepends.sys
08/22/2013 06:25 AM 30,048 fs_rec.sys
06/18/2016 01:06 PM 590,688 fvevol.sys
06/11/2015 01:12 PM 428,888 FWPKCLNT.SYS
08/22/2013 01:46 AM 27,136 fxppm.sys
08/22/2013 05:43 AM 65,888 GAGP30KX.SYS
06/18/2013 07:41 AM 3,440,660 gm.dls
06/18/2013 07:41 AM 646 gmreadme.txt
07/24/2014 04:45 AM 76,800 hdaudbus.sys
08/22/2013 04:38 AM 395,776 HdAudio.sys
08/22/2013 04:39 AM 26,624 hidbatt.sys
01/29/2015 08:01 PM 97,792 hidbth.sys
05/13/2016 04:08 PM 111,616 hidclass.sys
08/22/2013 04:37 AM 41,472 hidi2c.sys
08/22/2013 04:39 AM 45,568 hidir.sys
05/13/2016 04:08 PM 32,512 hidparse.sys
05/13/2016 04:08 PM 32,768 hidusb.sys
08/04/2017 10:15 AM 55,232 hitmanpro37.sys
08/22/2013 05:43 AM 64,352 HpSAMD.sys
02/24/2015 01:32 AM 991,552 http.sys
08/22/2013 05:39 AM 24,416 hwpolicy.sys
08/22/2013 04:37 AM 13,824 hyperkbd.sys
08/22/2013 04:39 AM 22,016 HyperVideo.sys
11/03/2014 11:54 PM 108,544 i8042prt.sys
07/30/2013 11:47 AM 24,568 iaLPSSi_GPIO.sys
07/25/2013 12:05 PM 99,320 iaLPSSi_I2C.sys
08/09/2013 05:39 PM 651,248 iaStorAV.sys
08/22/2013 05:43 AM 412,000 iaStorV.sys
08/22/2013 05:43 AM 18,272 intelide.sys
10/12/2014 07:43 PM 39,744 intelpep.sys
08/22/2013 01:46 AM 98,816 intelppm.sys
08/22/2013 04:35 AM 84,992 ipfltdrv.sys
02/03/2016 08:14 AM 80,896 IPMIDrv.sys
11/27/2013 05:02 AM 142,848 ipnat.sys
08/22/2013 04:37 AM 118,784 irda.sys
08/22/2013 04:38 AM 17,920 irenum.sys
08/22/2013 05:43 AM 21,856 isapnp.sys
11/04/2014 12:25 PM 59,712 kbdclass.sys
11/03/2014 11:54 PM 32,256 kbdhid.sys
08/22/2013 04:38 AM 19,456 kdnic.sys
07/04/2014 05:59 AM 295,424 ks.sys
08/22/2016 09:06 AM 100,184 ksecdd.sys
05/18/2016 04:16 PM 178,016 ksecpkg.sys
08/22/2013 04:39 AM 21,248 ksthunk.sys
09/11/2016 06:43 PM 35,328 lirsgt.sys
08/22/2013 04:36 AM 59,392 lltdio.sys
08/22/2013 05:43 AM 109,408 lsi_sas.sys
08/22/2013 05:43 AM 93,536 lsi_sas2.sys
08/22/2013 05:43 AM 81,760 lsi_sas3.sys
08/22/2013 05:43 AM 82,784 lsi_sss.sys
02/22/2014 05:14 AM 124,416 luafv.sys
08/05/2017 07:28 AM 109,272 mbamchameleon.sys
09/04/2017 11:34 AM 194,776 MBAMSwissArmy.sys
08/22/2013 04:39 AM 22,016 mcd.sys
08/22/2013 05:43 AM 56,672 megasas.sys
08/22/2013 05:43 AM 575,840 megasr.sys
08/22/2013 04:40 AM 40,960 modem.sys
08/22/2013 04:36 AM 30,208 monitor.sys
11/04/2014 12:25 PM 51,008 mouclass.sys
11/03/2014 11:54 PM 30,208 mouhid.sys
07/08/2016 03:35 PM 101,208 mountmgr.sys
07/28/2013 01:24 PM 104,736 mouqwtlo.sys
10/28/2014 07:45 PM 74,240 mpsdrv.sys
09/08/2016 07:00 AM 140,800 mrxdav.sys
08/20/2016 06:01 PM 401,408 mrxsmb.sys
08/20/2016 06:01 PM 284,672 mrxsmb10.sys
08/20/2016 06:03 PM 201,728 mrxsmb20.sys
08/22/2013 06:25 AM 30,208 msfs.sys
06/18/2013 07:52 AM 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf
06/18/2013 08:20 AM 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
08/14/2014 05:36 PM 146,752 msgpioclx.sys
08/22/2013 05:43 AM 41,824 msgpiowin32.sys
08/22/2013 04:39 AM 8,192 mshidkmdf.sys
08/22/2013 04:39 AM 9,728 mshidumdf.sys
07/06/2013 01:27 PM 81,696 msidntfs.sys
08/22/2013 05:43 AM 17,248 msisadrv.sys
09/09/2016 03:14 PM 275,800 msiscsi.sys
08/22/2013 04:39 AM 10,624 mskssrv.sys
10/28/2014 07:45 PM 66,560 mslldp.sys
08/22/2013 04:39 AM 7,040 mspclock.sys
08/22/2013 04:39 AM 6,784 mspqm.sys
08/22/2013 06:25 AM 366,432 msrpc.sys
08/22/2013 05:49 AM 37,728 mssmbios.sys
08/22/2013 04:38 AM 7,936 mstee.sys
08/22/2013 04:37 AM 13,312 MTConfig.sys
04/06/2016 02:21 PM 114,528 mup.sys
08/22/2013 05:43 AM 63,840 mvumis.sys
07/14/2015 02:59 PM 1,113,944 ndis.sys
10/28/2014 07:46 PM 43,008 ndiscap.sys
10/28/2014 07:45 PM 126,464 NdisImPlatform.sys
10/28/2014 07:47 PM 24,576 ndistapi.sys
08/22/2013 04:37 AM 60,416 ndisuio.sys
08/22/2013 04:36 AM 16,384 NdisVirtualBus.sys
04/05/2016 03:37 PM 205,824 ndiswan.sys
10/28/2014 07:46 PM 72,192 ndproxy.sys
10/28/2014 07:45 PM 103,424 Ndu.sys
10/28/2014 07:47 PM 48,128 netbios.sys
05/13/2016 04:07 PM 281,088 netbt.sys
12/30/2015 01:49 PM 470,360 netio.sys
10/28/2014 07:46 PM 87,040 netvsc63.sys
02/03/2010 11:20 AM 47,632 npf.sys
08/22/2013 06:25 AM 58,880 npfs.sys
08/22/2013 04:38 AM 23,040 npsvctrig.sys
10/28/2014 07:46 PM 39,424 nsiproxy.sys
12/30/2015 02:53 PM 2,017,624 ntfs.sys
08/22/2013 06:25 AM 5,632 null.sys
08/22/2013 05:43 AM 150,368 nvraid.sys
08/22/2013 05:43 AM 168,288 nvstor.sys
08/22/2013 05:43 AM 124,768 NV_AGP.SYS
10/28/2014 07:45 PM 445,440 nwifi.sys
10/28/2014 07:45 PM 151,040 pacer.sys
08/11/2016 11:33 AM 96,256 parport.sys
10/15/2014 01:32 AM 88,896 partmgr.sys
07/24/2014 08:28 AM 280,384 pci.sys
08/22/2013 05:43 AM 14,688 pciide.sys
08/22/2013 05:43 AM 48,992 pciidex.sys
08/22/2013 05:49 AM 114,528 pcmcia.sys
08/22/2013 05:39 AM 50,016 pcw.sys
10/12/2014 07:43 PM 86,336 pdc.sys
02/22/2014 05:09 AM 663,040 PEAuth.sys
10/28/2014 07:46 PM 272,384 portcls.sys
08/22/2013 01:46 AM 92,160 processr.sys
10/28/2014 07:47 PM 47,104 qwavedrv.sys
10/28/2014 07:48 PM 17,408 rasacd.sys
02/02/2016 11:16 AM 112,640 rasl2tp.sys
08/22/2013 04:36 AM 84,992 raspppoe.sys
08/22/2013 04:35 AM 107,520 raspptp.sys
10/28/2014 07:45 PM 93,696 rassstp.sys
04/06/2016 11:20 AM 402,432 rdbss.sys
08/22/2013 04:38 AM 22,528 rdpbus.sys
08/22/2013 12:12 PM 195,584 rdpdr.sys
10/28/2014 08:56 PM 27,456 rdpvideominiport.sys
02/22/2014 09:00 AM 249,688 rdyboost.sys
09/09/2016 03:52 PM 921,944 refs.sys
11/05/2015 01:59 AM 145,408 rmcast.sys
08/22/2013 04:38 AM 32,256 RNDISMP.sys
10/28/2014 07:48 PM 11,776 rootmdm.sys
08/22/2013 04:36 AM 80,384 rspndr.sys
08/01/2017 11:41 AM 958,976 Rt630x64.sys
08/01/2017 11:47 AM 9,124,224 RTAIODAT.DAT
08/01/2017 11:47 AM 5,545,512 RTKVHD64.sys
08/01/2017 11:39 AM 418,784 RtsUer.sys
07/09/2013 02:58 PM 263,896 RtsUStor.sys
08/22/2013 05:39 AM 107,872 sbp2port.sys
10/28/2014 07:46 PM 40,960 scfilter.sys
01/19/2007 06:24 PM 25,312 SCMNdisP.sys
08/22/2013 05:43 AM 170,848 scsiport.sys
03/12/2015 09:03 PM 239,424 sdbus.sys
02/22/2014 08:49 AM 79,192 sdstor.sys
08/22/2013 08:35 AM 23,040 secdrv.sys
08/22/2013 05:43 AM 69,472 SerCx.sys
10/25/2013 06:54 PM 146,776 SerCx2.sys
08/11/2016 11:33 AM 23,040 serenum.sys
08/11/2016 11:33 AM 83,456 serial.sys
11/03/2014 11:55 PM 26,112 sermouse.sys
10/28/2014 06:50 PM 11,776 serscan.sys
08/22/2013 04:40 AM 17,408 sfloppy.sys
08/22/2013 05:43 AM 44,896 sisraid2.sys
08/22/2013 05:43 AM 81,760 sisraid4.sys
08/22/2013 04:40 AM 19,968 smclib.sys
08/10/2016 10:46 PM 420,184 spaceport.sys
08/22/2013 05:43 AM 72,032 SpbCx.sys
08/04/2016 07:17 AM 416,768 srv.sys
08/03/2016 11:06 AM 675,328 srv2.sys
08/03/2016 11:05 AM 243,712 srvnet.sys
08/22/2013 05:43 AM 31,072 stexstor.sys
08/22/2013 05:43 AM 107,872 storahci.sys
06/11/2016 12:52 PM 57,184 stornvme.sys
06/11/2016 12:52 PM 379,232 storport.sys
08/22/2013 05:36 AM 45,888 storvsc.sys
08/22/2013 04:39 AM 67,584 stream.sys
10/28/2014 08:59 PM 14,144 swenum.sys
04/27/2016 12:49 AM 39,464 tap0901t.sys
08/22/2013 04:39 AM 29,696 tape.sys
10/28/2014 09:13 PM 21,824 tbs.sys
03/11/2016 05:49 PM 2,466,136 tcpip.sys
03/06/2014 02:19 AM 49,152 tcpipreg.sys
08/22/2013 06:25 AM 30,208 tdi.sys
10/13/2015 10:10 AM 108,032 tdx.sys
08/22/2013 12:12 PM 37,216 terminpt.sys
09/08/2016 01:41 PM 121,176 tm.sys
09/29/2015 05:24 AM 155,480 tpm.sys
08/18/2017 09:06 PM 28,272 TrueSight.sys
11/04/2014 07:30 PM 389,240 Trufos.sys
08/22/2013 04:37 AM 56,320 TsUsbFlt.sys
10/28/2014 07:46 PM 29,696 TsUsbGD.sys
09/04/2015 12:24 PM 154,112 tunnel.sys
08/22/2013 05:43 AM 64,864 UAGP35.SYS
08/22/2013 05:43 AM 74,080 uaspstor.sys
10/06/2014 11:54 PM 189,248 UCX01000.SYS
03/12/2015 07:02 PM 316,416 udfs.sys
08/22/2013 05:39 AM 26,976 uefi.sys
08/22/2013 05:43 AM 65,888 ULIAGPKX.SYS
08/22/2013 04:38 AM 46,080 umbus.sys
11/27/2015 11:57 PM <DIR> UMDF
08/22/2013 04:38 AM 11,776 umpass.sys
04/24/2015 07:25 PM 20,992 usb8023.sys
08/22/2013 04:39 AM 32,512 USBCAMD2.sys
07/24/2014 08:28 AM 143,680 usbccgp.sys
10/28/2014 07:47 PM 98,304 usbcir.sys
10/10/2015 11:34 PM 27,992 usbd.sys
01/08/2016 06:38 PM 91,992 usbehci.sys
10/10/2015 11:34 PM 462,168 usbhub.sys
10/10/2015 11:34 PM 468,824 USBHUB3.SYS
10/10/2015 11:41 AM 30,208 usbohci.sys
10/10/2015 11:34 PM 443,224 usbport.sys
08/22/2013 04:36 AM 26,112 usbprint.sys
08/22/2013 04:39 AM 30,720 usbrpm.sys
10/28/2014 07:47 PM 44,544 usbscan.sys
01/31/2016 12:16 PM 148,832 USBSTOR.SYS
10/10/2015 11:41 AM 37,376 usbuhci.sys
04/15/2015 11:17 PM 325,464 USBXHCI.SYS
08/22/2013 05:37 AM 37,728 vdrvroot.sys
09/14/2013 07:06 AM 175,960 VerifierExt.sys
10/09/2016 03:59 PM 551,256 vhdmp.sys
08/22/2013 05:43 AM 19,808 viaide.sys
08/22/2013 04:39 AM 49,152 videoprt.sys
10/28/2014 08:56 PM 89,368 vmbkmcl.sys
10/28/2014 08:56 PM 97,048 vmbus.sys
08/22/2013 04:37 AM 21,760 VMBusHID.sys
08/22/2013 04:38 AM 11,264 vmgencounter.sys
08/22/2013 04:38 AM 7,168 vms3cap.sys
10/28/2014 08:56 PM 49,944 vmstorfl.sys
04/10/2016 11:21 PM 74,584 volmgr.sys
08/22/2013 05:39 AM 377,696 volmgrx.sys
03/14/2016 09:50 AM 316,760 volsnap.sys
01/26/2016 12:15 PM 72,024 vpci.sys
08/22/2013 05:43 AM 168,800 vsmraid.sys
08/22/2013 05:43 AM 305,504 VSTXRAID.SYS
08/12/2016 05:03 PM 24,576 vwifibus.sys
08/12/2016 05:02 PM 71,680 vwififlt.sys
08/12/2016 05:01 PM 38,912 vwifimp.sys
08/22/2013 04:39 AM 26,752 wacompen.sys
10/28/2014 07:45 PM 80,896 wanarp.sys
02/22/2014 05:14 AM 54,272 watchdog.sys
08/22/2013 05:31 AM 34,760 WdBoot.sys
08/22/2013 06:25 AM 839,488 Wdf01000.sys
08/22/2013 05:34 AM 265,056 WdFilter.sys
08/22/2013 06:25 AM 60,224 WdfLdr.sys
08/22/2013 05:34 AM 124,256 WdNisDrv.sys
08/22/2013 05:39 AM 38,240 werkernel.sys
11/10/2014 11:06 AM 136,512 wfplwfs.sys
10/28/2014 09:09 PM 33,600 wimmount.sys
10/28/2014 08:56 PM 61,208 winhv.sys
08/22/2013 04:40 AM 16,384 wmiacpi.sys
08/22/2013 06:25 AM 18,272 wmilib.sys
03/13/2014 05:35 AM 157,016 wof.sys
10/28/2014 08:57 PM 54,784 wpcfltr.sys
08/22/2013 05:36 AM 26,976 WpdUpFltr.sys
08/22/2013 06:25 AM 23,392 WppRecorder.sys
08/22/2013 04:40 AM 21,504 ws2ifsl.sys
08/22/2013 04:39 AM 20,992 WSDPrint.sys
10/28/2014 07:46 PM 113,664 WUDFPf.sys
10/28/2014 07:46 PM 226,304 WUDFRd.sys
341 File(s) 87,062,792 bytes
5 Dir(s) 304,106,205,184 bytes free
========= End of CMD: =========
==== End of Fixlog 19:16:51 ====