Jump to content

Svcvmx and Other Viruses Issue


Recommended Posts

Hello there. I hope your day is fine unlike mine. Recently I've found my PC to be a bit sluggish, often times taking a good 8-10 minutes on startup and other programs being slow. When I decided to look into the problem at hand I've found out that my computer has been infected with malware called "Svcvmx.exe" and several other "clients" and CTFLoader or something similar to that name. I've tried numerous programs to remove this most annoying file, including but not limited to: Malwarebytes, Mcafee, Norton (yes, I know, I was desperate), Malwarebytes Anti-Rootkit, ADWCleaner, and Avast. All of them were stopped in their tracks by a simple but lying message, "The Requested Resource is in use" which is quite obviously false since I've never ran the program before and nowhere does it say that it is running. I was moving around the internet looking for potential fixes when I found something called "roguekiller" by bleeping computer. This program was not stopped by the virus and it did its job: closing the virus processes. But the issue remained, I am locked off from all the files containing malware so I can't delete them and more recently it made my PC require key activation mode and I couldn't change the settings for things like lockscreen image and other personalization items. I've already gotten this past Microsoft and that problem got resolved.

There was a free giveaway on Ashampoo's site for a program called Ashampoo WinOptimizer 2017  (a website for their optimization programs and the like) and so naturally I wanted to try it out. Wonderful program but I noticed that it did something very good: it was able to "destroy files" in the drop down menu when you right click a file . So I made my merry way to the file location to see if this would finally work, to see if my dreams could come true. To a certain extent, yes. Yes it did work. Although the files are still there, they are no longer functional. I came here hoping to see if I can get help removing these files because I'm not entirely sure they are completely gone and on top of that I'm still receiving the "The Requested Resource is in use" error.

Additional note: I used the Malwarebytes Anti-Rootkit and it says the message but somehow gets around it. I update it to whatever it says is the next update then I press scan. Somewhere around the middle of the scan when it finds 2 viruses (which are the criminals in question) a file pops up in task manager and closes Malwarebytes. I've been planning on getting the virus name but I can't seem to get the anti-rootkit to start right now. Sorry for wasting your time but I really need a fix, this is becoming quite the annoyance.

Link to post
Share on other sites

Hi INeedHelpWithAProblem :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by *MYNAME* (administrator) on FAMILY (20-09-2017 20:17:00)
Running from C:\Users\*MYNAME*\Downloads
Loaded Profiles: *MYNAME* &  (Available Profiles: *MYNAME*)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-08-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [svcvmx] => C:\Users\*MYNAME*\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-09-16] () <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\MountPoints2: {60b3e955-dbff-11e6-8321-a0481ca697b4} - "H:\aocsetup.exe" /autorun
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {60b3e955-dbff-11e6-8321-a0481ca697b4} - "H:\aocsetup.exe" /autorun
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-10-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2016-05-02]
Startup: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill-unsigned.exe - Shortcut.lnk [2017-08-30]
ShortcutTarget: rkill-unsigned.exe - Shortcut.lnk -> C:\Users\*MYNAME*\Desktop\rkill-unsigned.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0E8F22EC-22D7-4156-9F06-94B9094422F2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B24A81F2-032C-463C-910C-FE398EDD8214}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1955727277-3545952101-1272509919-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {1DA9AC06-49A0-44C3-A20C-204D1ED4BF48} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

FireFox:
========
FF DefaultProfile: voy13sbn.default
FF ProfilePath: C:\Users\*MYNAME*\AppData\Roaming\Mozilla\Firefox\Profiles\voy13sbn.default [2017-09-17]
FF NewTab: Mozilla\Firefox\Profiles\voy13sbn.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\voy13sbn.default -> user_pref("browser.startup.homepage", "about:home"about:home);
FF Keyword.URL: Mozilla\Firefox\Profiles\voy13sbn.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\*MYNAME*\AppData\Roaming\Mozilla\Firefox\Profiles\voy13sbn.default\searchplugins\search provided by bing.xml [2017-01-14]

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Default [2017-09-12]
CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-20]
CHR Extension: (Google Translate) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-03-04]
CHR Extension: (Google Slides) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-04]
CHR Extension: (Dark Theme for Google Chrome) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2017-09-14]
CHR Extension: (Google Docs) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-04]
CHR Extension: (Google Drive) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-04]
CHR Extension: (YouTube) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-04]
CHR Extension: (Google Mail Checker) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
CHR Profile: C:\Users\*MYNAME*\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkneojpkhdhkohpfkcdcbobponbmcmoo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkneojpkhdhkohpfkcdcbobponbmcmoo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249704 2015-07-20] (Avanquest Software)
S4 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [113536 2015-07-20] (Avanquest Software)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [382504 2017-09-10] (EasyAntiCheat Ltd)
S4 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2015-07-20] (Avanquest Software)
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-08-01] (Realtek Semiconductor)
S2 UserAccess7; C:\windows\SysWOW64\UAService7.exe [143360 2017-03-23] (Sony DADC Austria AG.) [File not signed]
S4 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [142720 2015-07-20] (Avanquest Software North America)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S4 ClickToRunSvc; "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [X]
S2 MBAMService; "\" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 737251EC; C:\windows\system32\drivers\737251EC.sys [253888 2017-09-20] (Malwarebytes)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 AQFileRestore; C:\windows\System32\DRIVERS\AQFileRestore.sys [22096 2015-07-20] ()
S3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) [File not signed]
S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [303616 2016-09-11] () [File not signed]
S3 dot4; C:\windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 gzflt; C:\Program Files (x86)\Avanquest\Fix-It\gzflt.sys [150256 2014-11-04] (BitDefender LLC)
R3 Hamachi; C:\windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [55232 2017-08-04] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-08-01] (REALiX(tm))
S2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [35328 2016-09-11] () [File not signed]
S3 MBAMProtector; C:\windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; C:\windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-09-04] (Malwarebytes)
S3 MWAC; C:\windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; C:\windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 NPF; C:\windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2017-08-01] (Realsil Semiconductor Corporation)
R3 Secdrv; C:\windows\SysWOW64\drivers\SECDRV.SYS [11616 2000-09-19] () [File not signed]
S3 tap0901t; C:\windows\system32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-18] ()
S3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [389240 2014-11-04] (BitDefender S.R.L.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
S3 xspirit; \??\C:\windows\xspirit.sys [X]
S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X]
S2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; \??\C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 20:17 - 2017-09-20 20:17 - 000016199 _____ C:\Users\*MYNAME*\Downloads\FRST.txt
2017-09-20 20:13 - 2017-09-20 20:17 - 000000000 ____D C:\FRST
2017-09-20 20:10 - 2017-09-20 20:10 - 002399744 _____ (Farbar) C:\Users\*MYNAME*\Downloads\FRST64.exe
2017-09-20 18:09 - 2017-09-20 18:10 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\dgVoodoo
2017-09-20 17:51 - 2017-09-20 17:51 - 000000000 ____D C:\Users\*MYNAME*\GlideWrapper
2017-09-20 17:51 - 2017-09-20 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glide wrapper
2017-09-20 17:32 - 2017-09-20 17:32 - 013290179 _____ C:\Users\*MYNAME*\Downloads\mbar-1.10.1.1002-nr.exe
2017-09-20 17:20 - 2017-09-20 18:29 - 000001664 _____ C:\Users\Public\Desktop\King's Quest 8 - Mask of Eternity.lnk
2017-09-20 17:20 - 2017-09-20 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King's Quest Series
2017-09-20 16:31 - 2017-09-20 16:31 - 000253888 _____ (Malwarebytes) C:\windows\system32\Drivers\737251EC.sys
2017-09-18 18:03 - 2017-09-19 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2017-09-18 17:44 - 2017-09-18 18:03 - 000000000 ____D C:\Sierra
2017-09-17 13:41 - 2017-09-17 13:41 - 000003304 _____ C:\windows\System32\Tasks\{B1B20386-608B-4C51-9B6D-A915C4DB882E}
2017-09-17 06:55 - 2017-09-17 06:55 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Codename Entertainment
2017-09-16 11:11 - 2017-09-16 11:11 - 000002346 _____ C:\Users\Public\Desktop\Tales of Middle-Earth.lnk
2017-09-16 10:29 - 2017-09-16 10:29 - 000002082 _____ C:\Users\Public\Desktop\The Conquerors.lnk
2017-09-16 10:21 - 2017-09-16 10:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2017-09-11 05:47 - 2017-09-11 05:47 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\EasyAntiCheat
2017-09-11 05:43 - 2017-09-11 05:43 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\HirezLauncherUI
2017-09-11 05:42 - 2017-09-20 16:43 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
2017-09-11 05:42 - 2017-09-20 16:43 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-10 17:14 - 2017-09-10 17:14 - 000000000 __SHD C:\windows\ei_temp
2017-09-10 15:52 - 2017-09-10 15:52 - 000000000 ____D C:\Program Files (x86)\Fox
2017-09-10 15:50 - 2017-09-10 15:50 - 000021840 _____ C:\windows\SysWOW64\SIntfNT.dll
2017-09-10 15:50 - 2017-09-10 15:50 - 000017212 _____ C:\windows\SysWOW64\SIntf32.dll
2017-09-10 15:50 - 2017-09-10 15:50 - 000012067 _____ C:\windows\SysWOW64\SIntf16.dll
2017-09-09 11:21 - 2017-09-09 11:21 - 000001511 _____ C:\Users\*MYNAME*\Desktop\One-Click-Optimizer (WO2017).lnk
2017-09-09 11:21 - 2017-09-09 11:21 - 000001279 _____ C:\Users\*MYNAME*\Desktop\Ashampoo WinOptimizer 2017.lnk
2017-09-09 11:21 - 2017-09-09 11:21 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-09-09 11:20 - 2017-09-09 11:20 - 000000000 ____D C:\ProgramData\Ashampoo
2017-09-09 11:20 - 2017-09-09 11:20 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2017-09-09 11:20 - 2009-08-24 21:13 - 000034304 _____ (mst software GmbH, Germany) C:\windows\system32\DfSdkBt.exe
2017-09-08 16:53 - 2017-09-08 16:53 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Bad Seed SRL
2017-09-08 06:14 - 2017-09-08 06:14 - 000002277 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm).lnk
2017-09-08 06:14 - 2017-09-08 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2017-09-08 06:11 - 2017-09-08 06:11 - 000000000 ____D C:\Program Files (x86)\EA GAMES
2017-09-07 17:36 - 2017-09-07 17:36 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\UnrealEngine
2017-09-07 17:36 - 2017-09-07 17:36 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\TBL
2017-09-05 05:50 - 2017-09-20 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-09-05 05:46 - 2017-09-08 15:59 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-09-04 20:12 - 2017-09-04 20:14 - 000000127 _____ C:\Users\*MYNAME*\Desktop\Stuff.txt
2017-09-04 15:42 - 2017-09-04 15:42 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\CrashRpt
2017-09-04 11:47 - 2017-09-04 11:47 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-09-03 10:06 - 2017-09-03 10:06 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Notepad++
2017-09-03 09:55 - 2017-09-03 09:55 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-09-03 09:07 - 2017-09-03 09:51 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\PAYDAY 2
2017-09-03 05:44 - 2017-09-17 13:42 - 000000000 ____D C:\Program Files (x86)\GOG.com
2017-09-03 02:04 - 2017-09-03 02:04 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\HP_Development_Company,_L
2017-09-02 07:00 - 2017-09-02 07:00 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Awesome Games Studio
2017-09-01 06:10 - 2017-09-01 06:10 - 000976896 _____ (Bleeping Computer, LLC) C:\Users\Joseph Whittaker\Desktop\rkill-unsigned64.exe
2017-08-30 21:02 - 2017-09-09 17:28 - 000001810 _____ C:\Users\Joseph Whittaker\Desktop\New Text Document.txt
2017-08-30 20:55 - 2017-08-30 20:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Studios
2017-08-30 15:59 - 2017-08-30 16:00 - 000000000 ____D C:\8292ce730fbf7bc9234ac1
2017-08-28 16:10 - 2017-08-28 16:10 - 000000000 _____ C:\Users\*MYNAME*\AppData\Local\{65961C61-4980-4445-B5C7-A7B4C7F25E34}
2017-08-26 06:25 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\Documents\Starcraft
2017-08-26 06:25 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Blizzard
2017-08-26 04:37 - 2017-08-26 04:37 - 000000986 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2017-08-26 04:37 - 2017-08-26 04:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-08-25 22:50 - 2017-08-26 14:25 - 000000000 ____D C:\Users\*MYNAME*\Documents\Heroes of the Storm
2017-08-25 22:50 - 2017-08-25 22:50 - 000000846 _____ C:\Users\Public\Desktop\StarCraft.lnk
2017-08-25 22:50 - 2017-08-25 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
2017-08-25 20:13 - 2017-09-20 19:53 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-08-25 20:06 - 2017-09-14 21:14 - 000000000 ____D C:\Program Files (x86)\StarCraft
2017-08-25 20:01 - 2017-09-20 20:08 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Battle.net
2017-08-25 20:01 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Battle.net
2017-08-25 20:01 - 2017-08-26 06:25 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Blizzard Entertainment
2017-08-25 20:01 - 2017-08-25 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-08-25 20:00 - 2017-08-25 20:11 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZ2 - Forgotten Enemies
2017-08-25 19:58 - 2017-09-20 18:38 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-08-24 18:41 - 2017-08-24 18:41 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Blizzard
2017-08-23 17:30 - 2017-09-20 16:20 - 000001880 _____ C:\Users\*MYNAME*\Desktop\Rkill.txt
2017-08-21 10:52 - 2017-08-21 10:52 - 000000000 ____D C:\Program Files (x86)\OpenAL
2017-08-21 10:45 - 2017-09-20 17:18 - 000000000 ____D C:\GOG Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 19:31 - 2017-08-15 15:58 - 000000000 ____D C:\Program Files\Steam
2017-09-20 18:10 - 2017-02-08 20:37 - 000003216 _____ C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.zbag.ini
2017-09-20 17:51 - 2015-10-10 11:32 - 000000000 ____D C:\Users\*MYNAME*
2017-09-20 17:46 - 2017-08-20 17:37 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\CrashDumps
2017-09-20 17:25 - 2015-10-10 11:37 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1955727277-3545952101-1272509919-1001
2017-09-20 16:53 - 2017-08-04 13:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-20 16:51 - 2014-04-02 11:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-20 16:46 - 2017-08-12 13:28 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\My Games
2017-09-20 16:46 - 2015-10-10 13:15 - 000000000 ____D C:\Users\*MYNAME*\Documents\My Games
2017-09-20 16:43 - 2017-08-19 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-09-19 16:58 - 2015-10-16 13:48 - 000000000 ____D C:\windows\system32\MRT
2017-09-19 16:55 - 2015-10-16 13:48 - 138202976 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-09-18 18:21 - 2017-01-29 19:35 - 000000259 _____ C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.mask.ini
2017-09-17 16:38 - 2013-08-22 06:36 - 000000000 ____D C:\windows\Inf
2017-09-17 02:49 - 2017-01-23 14:22 - 000003220 _____ C:\windows\System32\Tasks\HPCeeScheduleFor*MYNAME*
2017-09-17 02:49 - 2017-01-23 14:22 - 000000386 _____ C:\windows\Tasks\HPCeeScheduleFor*MYNAME*.job
2017-09-16 11:14 - 2015-12-02 19:53 - 000000000 ____D C:\windows\Minidump
2017-09-16 10:46 - 2013-08-22 07:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-09-16 10:36 - 2014-04-02 11:12 - 000065536 _____ C:\windows\system32\spu_storage.bin
2017-09-16 10:36 - 2013-08-22 06:25 - 010485760 _____ C:\windows\system32\config\HARDWARE
2017-09-16 10:36 - 2013-08-22 06:25 - 000262144 ___SH C:\windows\system32\config\BBI
2017-09-14 16:11 - 2013-08-22 08:36 - 000000000 ____D C:\windows\AppReadiness
2017-09-11 05:47 - 2016-08-28 09:15 - 000000298 _____ C:\Users\*MYNAME*\Documents\Password.txt
2017-09-10 21:18 - 2015-10-11 15:22 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\ElevatedDiagnostics
2017-09-10 20:29 - 2016-12-12 18:10 - 000382504 _____ (EasyAntiCheat Ltd) C:\windows\SysWOW64\EasyAntiCheat.exe
2017-09-10 20:03 - 2015-12-26 08:38 - 000000000 ____D C:\Users\*MYNAME*\AppData\Roaming\Microsoft Games
2017-09-10 11:08 - 2017-08-12 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4
2017-09-09 15:52 - 2015-11-11 17:04 - 000000000 ____D C:\Users\*MYNAME*\AppData\LocalLow\Temp
2017-09-09 15:52 - 2013-08-24 15:31 - 000000000 ____D C:\windows\Panther
2017-09-07 18:05 - 2017-08-15 16:08 - 000000000 ____D C:\Users\*MYNAME*\AppData\Local\Steam
2017-09-07 17:36 - 2013-08-24 14:59 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-04 15:39 - 2016-12-31 22:43 - 000189248 _____ C:\windows\SysWOW64\PnkBstrB.ex0
2017-09-04 11:34 - 2017-08-04 13:16 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-28 20:17 - 2017-08-12 17:43 - 000000000 ____D C:\Program Files (x86)\id Software
2017-08-27 05:57 - 2013-08-22 08:36 - 000000000 ____D C:\windows\system32\NDF
2017-08-25 16:40 - 2017-03-04 11:24 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-01-29 19:35 - 2017-09-18 18:21 - 000000259 _____ () C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.mask.ini
2017-02-08 20:37 - 2017-09-20 18:10 - 000003216 _____ () C:\Users\*MYNAME*\AppData\Roaming\glide_wrapper.zbag.ini
2016-01-31 21:13 - 2016-01-31 21:13 - 000077953 _____ () C:\Users\*MYNAME*\AppData\Roaming\icarus-dxdiag.xml
2017-01-14 20:55 - 2017-06-22 10:47 - 000000096 _____ () C:\Users\*MYNAME*\AppData\Roaming\version2.xml
2016-01-26 11:39 - 2016-01-26 11:39 - 000000042 _____ () C:\Users\*MYNAME*\AppData\Roaming\WB.CFG
2016-06-29 22:26 - 2017-03-26 16:09 - 000007605 _____ () C:\Users\*MYNAME*\AppData\Local\resmon.resmoncfg
2016-02-09 07:45 - 2016-02-09 07:45 - 000002560 _____ () C:\Users\*MYNAME*\AppData\Local\uninstall.exe
2017-08-28 16:10 - 2017-08-28 16:10 - 000000000 _____ () C:\Users\*MYNAME*\AppData\Local\{65961C61-4980-4445-B5C7-A7B4C7F25E34}
2016-10-15 12:35 - 2017-07-22 10:59 - 000005402 _____ () C:\ProgramData\hpzinstall.log
2016-09-01 18:31 - 2016-09-01 18:31 - 000000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Users\Joseph Whittaker\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe


Some files in TEMP:
====================
2017-09-19 17:01 - 2017-09-18 18:20 - 000036158 _____ () C:\Users\*MYNAME*\AppData\Local\Temp\A~NSISu_.exe
2017-09-20 16:45 - 2006-10-11 09:38 - 000720896 _____ () C:\Users\*MYNAME*\AppData\Local\Temp\EAInstall.dll
2017-09-20 16:45 - 2006-11-06 09:59 - 000253952 _____ (Electronic Arts Inc.) C:\Users\*MYNAME*\AppData\Local\Temp\eauninstall.exe
2017-09-20 16:46 - 2006-10-10 11:57 - 000094208 _____ (Electronic Arts Inc.) C:\Users\*MYNAME*\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe
2017-09-20 16:46 - 2007-02-27 16:08 - 000456416 _____ (Macrovision Corporation) C:\Users\*MYNAME*\AppData\Local\Temp\_isC31C.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\windows\system32\drivers\mouqwtlo.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\windows\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-09-10 21:16

==================== End of FRST.txt ============================

Link to post
Share on other sites

Oh, I forgot about the addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by *MYNAME* (20-09-2017 20:19:06)
Running from C:\Users\*MYNAME*\Downloads
Windows 8.1 (Update) (X64) (2015-10-10 18:32:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1955727277-3545952101-1272509919-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1955727277-3545952101-1272509919-1002 - Limited - Enabled)
Guest (S-1-5-21-1955727277-3545952101-1272509919-501 - Limited - Disabled)
*MYNAME* (S-1-5-21-1955727277-3545952101-1272509919-1001 - Administrator - Enabled) => C:\Users\*MYNAME*

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Fix-It Anti-Virus (Disabled - Up to date) {6D7C005F-2068-C2E1-BC99-92E940218CBA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Fix-It Anti-Virus (Disabled - Up to date) {D61DE1BB-0652-CD6F-8629-A99B3BA6C607}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1stPricing (HKLM-x32\...\{B232BB05-F567-4D68-9836-67421F6CAC2B}) (Version: 1.3.0 - IMSIDesign)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (HKLM-x32\...\{AA787E05-E835-4812-AA3D-4048C8A46587}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (HKLM-x32\...\{F53B432E-BD19-4400-BFA0-2BBD16410F8F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (HKLM-x32\...\{6FEDAA68-D9C4-4042-BECC-9C2656A7B606}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alien Swarm: Reactive Drop (HKLM\...\Steam App 563560) (Version:  - Reactive Drop Team)
Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bpd_scan (HKLM-x32\...\{0E52A52C-E120-461C-AA1B-21B045BEE842}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{8E663D89-A2EA-46B6-AD38-A427A3348309}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{99F67894-9486-413F-94E1-8B12B1606EAB}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fix-It (HKLM-x32\...\{1F211BEF-B722-4FF7-8629-9A51978C0515}) (Version: 15.6.32.12 - Avanquest)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.7.27.15 - HP Inc.)
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
King's Quest 8 - Mask of Eternity (HKLM-x32\...\1207661053_is1) (Version: 2.1.0.26 - GOG.com)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
ProductContext (HKLM-x32\...\{BC0F3E35-0AFF-4F11-B33D-F6FC31BD1AA0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden
RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Middle-Earth (HKLM-x32\...\{3F241898-881F-422C-A83D-20784CC5059D}_is1) (Version: 0.6 - ToME)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboCAD Deluxe 19 (HKLM-x32\...\{562DE3F7-C7E2-4FBB-A860-64DB4CED94E0}) (Version: 19.1.333 - IMSIDesign)
TurboCAD Deluxe 19 Symbols (HKLM-x32\...\{5923D403-C02E-40F5-AFE4-2D575504C757}) (Version: 19.0.0 - IMSIDesign)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
zeckensack's Glide wrapper (remove only) (HKLM-x32\...\GlidewrapZbag) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll [2015-07-20] (Avanquest Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054BC6B3-5672-4E89-BBB3-0D016B2BF44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.)
Task: {08919469-A0C1-41A7-8248-B0D064011C24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {14FDA6F4-9001-4FE5-AB4C-C84ADD3E467A} - System32\Tasks\Leewl => C:\PROGRA~1\SHOPPE~1\Xybaoshf.bat <==== ATTENTION
Task: {1628BACB-2064-46B2-BEF6-F8C620779438} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-04] (Google Inc.)
Task: {261C895C-28CC-46D6-B322-7E9A18D8DE81} - System32\Tasks\Uukoflap => C:\PROGRA~1\GROOVE~1\Povevyrj.bat <==== ATTENTION
Task: {2DB23E27-9C4D-4F14-B165-6696489DA722} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {2E60FDEA-B2FE-4A2B-A9F3-AB2A5210C92F} - \ParetoLogic Update Version3 Startup Task -> No File <==== ATTENTION
Task: {343732B4-28B1-4D16-A4E8-F8CE0B660603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {3B7EA564-9FE4-4FCA-BD79-F19FE6656C6E} - System32\Tasks\{82195107-B431-4B17-B347-B4D952444FC7} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Sierra On-Line\Sutil32.exe"
Task: {3E583C44-ED51-4AD1-9DB4-08A5C7F4C500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {48B40CB9-7E13-4164-8F1B-7A22D9AC3CC4} - \ParetoLogic Update Version3 -> No File <==== ATTENTION
Task: {5631B4BC-C6E5-4069-ADC1-626784FAB45D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {6E0B8D58-84E4-4370-A36B-E75D454981DC} - System32\Tasks\HPCeeScheduleFor*MYNAME* => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {817ECB59-A0F1-4B0E-8E41-A495F838BED1} - System32\Tasks\{F0728C84-1F14-4C58-ACA8-8BAF294395BF} => C:\windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {9499AE7D-8C30-403E-ABB1-056A3D8215F2} - System32\Tasks\{27DB525A-6576-4E93-A8D3-D90243D19710} => C:\windows\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=heroes --displayname="Heroes of the Storm"
Task: {9571E2BD-FE52-4AB5-891E-AC412AC31CBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {9B66E9B8-494E-4DF9-8487-5B6C38F7944B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {A499BA76-4B1A-4820-86F0-8E79F86C0440} - \ParetoLogic Registration3 -> No File <==== ATTENTION
Task: {A66632E5-E40F-4261-9469-6D0CF226055A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A93D6881-29A0-49CB-AE58-085E93B11FB6} - System32\Tasks\Driver Booster SkipUAC (*MYNAME*) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Task: {B77F5B6B-8F28-431E-93E0-F228B074EA1F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {BA6CFC8D-2AB6-4CBE-B96D-B64A96AF95B0} - System32\Tasks\{0A9E95F9-BCF8-4C13-91A5-CA56571C5165} => C:\windows\system32\pcalua.exe -a E:\START.exe -d E:\
Task: {E1D3698A-7D9F-48E1-967F-E13278ABA435} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E235376D-B98E-441B-A115-FB29CA5B4D51} - System32\Tasks\AdobeAAMUpdater-1.0-family-*MYNAME* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {E7B517FA-02F1-465A-81CB-FCF81B499CDA} - System32\Tasks\{3FF35015-59F7-45B2-BFD1-46967D2EA640} => C:\windows\system32\pcalua.exe -a E:\Setup\rsrc\Autorun.exe -d E:\
Task: {F14B7FC5-6DB8-4F53-B707-1466366F56B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {F6E881AC-EA14-4283-915C-746A6AF7507F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\HPCeeScheduleFor*MYNAME*.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File)
Shortcut: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Сrusаdеr - Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

ShortcutWithArgument: C:\Users\*MYNAME*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2017-01-16 08:26 - 2015-07-20 21:17 - 000592256 _____ () C:\Program Files (x86)\Avanquest\Fix-It\sqlite3x64.dll
2017-08-25 16:40 - 2017-08-23 01:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-25 16:40 - 2017-08-23 01:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-08-15 16:03 - 2017-08-04 14:19 - 000678176 _____ () C:\Program Files\Steam\SDL2.dll
2017-08-15 16:03 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files\Steam\v8.dll
2017-08-15 16:03 - 2017-09-06 21:51 - 002505504 _____ () C:\Program Files\Steam\video.dll
2017-08-15 16:03 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files\Steam\icui18n.dll
2017-08-15 16:03 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files\Steam\icuuc.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files\Steam\libavcodec-56.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2017-08-15 16:03 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2017-08-15 16:03 - 2017-09-06 21:51 - 000885024 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2017-08-15 16:03 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files\Steam\openvr_api.dll
2017-08-15 16:06 - 2017-07-17 15:50 - 073115424 _____ () C:\Program Files\Steam\bin\cef\cef.win7\libcef.dll
2017-08-15 16:06 - 2017-05-16 18:54 - 000678176 _____ () C:\Program Files\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-15 16:03 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files\Steam\winh264.dll
2017-08-15 16:06 - 2017-07-17 15:50 - 001936672 _____ () C:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-08-15 16:06 - 2017-07-17 15:50 - 000113952 _____ () C:\Program Files\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:85E27EE5 [192]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-08-09 17:15 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*MYNAME*\Pictures\mountains_rocks_sky_light_evening_87675_1280x900.jpg
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\*MYNAME*\Pictures\mountains_rocks_sky_light_evening_87675_1280x900.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: .AVQWindowsMonitorService => 2
MSCONFIG\Services: 0309191488847699mcinstcleanup => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AQFileRestoreSrv => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: Fix-It Task Manager => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: VCOMCloudAgent => 2
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Sound+"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "PowerDVD16Agent"
HKLM\...\StartupApproved\Run32: => "jhguy"
HKLM\...\StartupApproved\Run32: => "qADASD"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Book Source"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "NowUSeeIt Player"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Windi"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "VideoDownloaderUltimate"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "Bionix Wallpaper"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "voxdff"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Book Source"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "NowUSeeIt Player"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Windi"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "VideoDownloaderUltimate"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Bionix Wallpaper"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "voxdff"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1955727277-3545952101-1272509919-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BD3B64E4-AFE9-4935-9594-1ACB2FAD00B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{963C6B75-ABD8-46CE-AED3-4FF567CAF6CA}] => (Allow) LPort=2869
FirewallRules: [{707C1706-80DD-487C-8DE8-5D7C1919D929}] => (Allow) LPort=1900
FirewallRules: [{83B482A6-4CED-4CCA-9113-FB1841B18F1D}] => (Allow) C:\Users\*MYNAME*\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F69783A7-4245-479A-8071-59E42C8218D2}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{67785E5A-3A54-4240-AAC4-CE6FC8DF4CEC}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{59A71838-580D-44FD-B130-EEEB5F58F1E7}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{9E524117-B8B5-48FF-B985-D15511D77E58}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{FE585100-699D-404F-940D-49C08F78BFA2}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{AC025F4D-5FC3-4C4D-BD87-C0EA8A5B400C}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{0D721CF4-2A65-474B-BBD5-BA3A2E7A49DE}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{62935113-E1A4-4FDE-96CB-B37BFCE7AF20}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{9D92EEA9-7461-4513-8CFE-8D128BCC3C1D}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{50292CB6-B63D-481F-88B4-221A7B39A12B}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䡜祵敧楮湡扵物汯䡜祵敧楮湡扵物汯攮數
FirewallRules: [{B4F522C3-D970-4C9C-8CDA-B38FE27B50DB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䡜祵敧楮湡扵物汯䡜祵敧楮湡扵物汯⹟硥e
FirewallRules: [{3B8D721E-3D03-4DE7-8622-78C08A99277B}] => (Allow) LPort=13139
FirewallRules: [{3702A841-F965-4639-910C-AB40DA148C99}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{DE16D92B-4C0D-4B3D-B893-BF6B4D05E84E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{AED0A2E3-0C21-4A67-97B4-F71401BFAAAE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{F42F894E-4A66-422A-91E8-B8952E337498}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{23091B0F-EE14-422D-B4A0-5A9970B678D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{819DB7B8-BD5E-4C9B-B408-663E895141DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{4E261F21-615B-456F-A1F8-EFB5BA7DF6F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{9CB3CEA1-A960-4530-A2AF-A75FDBD8B137}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{735C566A-B128-4D86-8BA7-D98669A6CEB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E74888A8-C118-449E-BB47-0FE8BAA754F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6555CDE3-61AD-4696-BD43-C089A095828D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{23FAB800-286C-422D-B0BC-3FBFCFBA14B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{5EF4998E-D2E8-4347-BC2C-7E5D3F80D002}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{AE27D3BF-A659-4C40-B049-3E087670CB87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{FD31679D-0B14-4116-897A-86E86A0F4FD1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{284D4927-6025-49BE-8A5C-5A15E8F623F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{6E0B53EA-33CF-4EA2-94D7-A940A5850D6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{64E3CDE5-1F6B-453B-92A8-E4BFF0D7CF3E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{FAA29197-4629-4B55-BA07-477B2B77884D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1FC80B29-8E36-40DF-95DF-1D9C9291C56D}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F53B9E7E-A62A-4CE9-96B8-1234127D00EB}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{201A80C8-46DE-48E1-A47E-462B536762F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E9443294-9025-49FC-97FB-F90CFD44A5AB}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{40542D8F-45C4-4C88-8F09-6EDD9FB4F3E8}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [{3D2F1767-F344-48BC-83DF-559C751CEF86}] => (Allow) C:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{776A5616-FAC2-479F-AC6A-590D9662327F}] => (Allow) C:\Program Files\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{D95861AF-1B76-4295-8EF8-5BD291D0B150}] => (Allow) C:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{478A05B8-4863-4DEA-8338-B2C1FF6AF424}] => (Allow) C:\Program Files\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{558311C6-74FA-40CE-BA36-8911BFFE939F}C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D6343E59-239F-4489-928F-0DD31D64BC92}C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2017 08:19:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Instantiating VSS server

Error: (09/20/2017 08:19:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Instantiating VSS server

Error: (09/20/2017 05:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mask.exe, version: 0.0.0.10, time stamp: 0x369d33fe
Faulting module name: Mask.exe, version: 0.0.0.10, time stamp: 0x369d33fe
Exception code: 0xc0000005
Fault offset: 0x00081367
Faulting process id: 0x134
Faulting application start time: 0x01d332730fe75b15
Faulting application path: C:\GOG Games\Kings Quest 8\Mask.exe
Faulting module path: C:\GOG Games\Kings Quest 8\Mask.exe
Report Id: 534eb7fd-9e66-11e7-8376-a0481ca697b4
Faulting package full name: 
Faulting package-relative application ID:


Error: (09/20/2017 04:43:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\JOSEPH~1\AppData\Local\Temp\{6C98E7C0-C919-4AD7-841A-C83EC04F3B58}\setup.exe -runfromtemp -l0x0409  -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}\" -tempdisk1folder:"C:\Users\JOSEPH~1\AppData\Local\Temp\{6C98E7C0-C919-4AD7-841A-C83EC04F3B58}\"; Description = Removed Hi-Rez Studios Games; Error = 0x80042302).

Error: (09/20/2017 04:43:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Instantiating VSS server

Error: (09/20/2017 04:43:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Instantiating VSS server


System errors:
=============
Error: (09/20/2017 04:26:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 5 time(s).

Error: (09/19/2017 05:01:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Visual Studio 2010 Service Pack 1.

Error: (09/19/2017 04:05:33 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (09/19/2017 04:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (09/18/2017 05:57:59 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (09/18/2017 05:57:50 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (09/18/2017 05:57:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (09/18/2017 05:57:29 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (09/18/2017 05:57:19 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.

Error: (09/18/2017 05:57:04 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.


CodeIntegrity:
===================================
  Date: 2017-09-16 10:47:11.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:47:11.441
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:38:40.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:38:40.020
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:36:03.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:36:02.832
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:32:17.769
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-16 10:32:16.019
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-10 20:17:51.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-10 20:17:51.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics 
Percentage of memory in use: 42%
Total physical RAM: 3532.7 MB
Available physical RAM: 2044.85 MB
Total Virtual: 5611.62 MB
Available Virtual: 3516.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.69 GB) (Free:282.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.59 GB) (Free:1.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (AGE2_X1) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B78B16C0)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Alright, because you'll need one to remove this infection.

Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • A file called fixlog.txt will be on your desktop. Attach it in your next reply

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by JosephWhittaker (21-09-2017 19:16:51) Run:1
Running from C:\Users\Joseph Whittaker\Desktop
Loaded Profiles: JosephWhittaker &  (Available Profiles: JosephWhittaker)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= dir C:\Windows =========

 Volume in drive C is Windows
 Volume Serial Number is 5085-9965

 Directory of C:\Windows

09/21/2017  04:37 PM    <DIR>          .
09/21/2017  04:37 PM    <DIR>          ..
07/18/2016  08:22 PM    <DIR>          8A809006C25A4A3A9DAB94659BCDB107.TMP
08/22/2013  08:36 AM    <DIR>          addins
08/22/2013  08:36 AM    <DIR>          ADFS
11/27/2015  08:08 AM    <DIR>          AppCompat
10/22/2016  05:29 AM    <DIR>          apppatch
09/14/2017  04:11 PM    <DIR>          AppReadiness
05/05/2013  04:22 AM            47,164 atiogl.xml
04/02/2014  11:12 AM                 0 ativpsrm.bin
08/22/2013  04:21 AM            56,832 bfsvc.exe
08/22/2013  08:36 AM    <DIR>          Boot
08/22/2013  08:36 AM    <DIR>          Branding
11/28/2015  12:06 AM    <DIR>          Camera
05/03/2017  06:50 PM    <DIR>          CbsTemp
08/21/2013  11:51 PM            35,851 Core.xml
08/21/2013  11:51 PM            35,851 CoreSingleLanguage.xml
04/02/2014  11:57 AM                10 csup.txt
08/22/2013  08:36 AM    <DIR>          Cursors
12/12/2015  09:05 PM    <DIR>          D56B0E274A3E46C9B5C1D93D580C099C.TMP
09/19/2017  04:55 PM    <DIR>          debug
08/22/2013  08:36 AM    <DIR>          DesktopTileResources
08/22/2013  08:36 AM    <DIR>          diagnostics
08/22/2013  08:43 AM    <DIR>          DigitalLocker
04/02/2014  12:17 PM    <DIR>          en
11/26/2015  07:19 AM    <DIR>          en-US
08/27/2016  12:44 PM         2,755,504 explorer.exe
11/28/2015  12:06 AM    <DIR>          FileManager
03/11/2017  08:26 AM               328 game.ini
06/19/2005  09:45 AM           262,144 glide2x.dll
06/19/2005  09:45 AM           258,048 glide3x.dll
09/24/2016  08:25 AM    <DIR>          Globalization
08/22/2013  12:10 PM    <DIR>          Help
10/28/2014  06:46 PM         1,001,472 HelpPane.exe
04/02/2014  12:08 PM    <DIR>          Hewlett-Packard
10/28/2014  07:43 PM            17,408 hh.exe
07/22/2017  10:59 AM            79,142 hpqins05.dat
11/03/2016  04:02 PM           218,321 hpwins23.dat
10/15/2012  07:11 AM             1,698 hpwmdl23.dat
10/15/2012  07:11 AM             1,698 hpwmdl23.dat.temp
11/28/2015  12:02 AM    <DIR>          IME
11/28/2015  12:07 AM    <DIR>          ImmersiveControlPanel
09/17/2017  04:38 PM    <DIR>          Inf
06/07/2016  07:59 AM    <DIR>          InputMethod
07/20/2016  07:23 PM    <DIR>          Installing Adobe Acrobat Reader
10/11/2015  07:00 AM                 0 iplayer.INI
10/29/1998  04:45 PM           306,688 IsUninst.exe
07/01/2016  08:52 AM                 0 ka.ini
08/22/2013  08:36 AM    <DIR>          L2Schemas
08/01/2017  11:56 AM    <DIR>          LastGood.Tmp
04/01/2016  10:28 PM    <DIR>          LiveKernelReports
09/16/2017  11:14 AM    <DIR>          Logs
11/28/2015  12:06 AM    <DIR>          MediaViewer
02/12/2017  08:35 AM       392,632,543 MEMORY.DMP
08/22/2013  12:01 AM            43,131 mib.bin
09/11/2017  02:18 AM    <DIR>          Microsoft.NET
11/26/2015  07:22 AM    <DIR>          Migration
09/16/2017  11:14 AM    <DIR>          Minidump
08/22/2013  08:36 AM    <DIR>          ModemLogs
07/09/2015  10:13 AM           221,184 notepad.exe
11/16/2016  04:42 PM    <DIR>          Offline Web Pages
09/09/2017  03:52 PM    <DIR>          Panther
08/22/2013  08:36 AM    <DIR>          Performance
08/22/2013  08:36 AM    <DIR>          PLA
05/02/2016  04:44 PM    <DIR>          PolicyDefinitions
09/21/2017  07:16 PM    <DIR>          Prefetch
08/09/2017  05:49 PM    <DIR>          pss
10/28/2014  07:12 PM           154,624 regedit.exe
12/25/2015  12:18 PM    <DIR>          Registration
05/04/2017  04:08 PM    <DIR>          rescache
08/22/2013  08:36 AM    <DIR>          Resources
08/01/2017  11:39 AM         4,332,032 RtCRU64.exe
07/19/2013  04:55 PM         2,080,472 RtlExUpd.dll
08/22/2013  08:36 AM    <DIR>          SchCache
08/28/2016  11:43 AM    <DIR>          schemas
08/22/2013  08:36 AM    <DIR>          security
08/22/2013  07:45 AM    <DIR>          ServiceProfiles
11/28/2015  12:05 AM    <DIR>          servicing
08/24/2013  04:03 PM    <DIR>          Setup
10/22/2016  05:28 AM    <DIR>          ShellNew
05/05/2017  06:19 PM               354 SIERRA.INI
08/22/2013  12:12 PM    <DIR>          SKB
10/10/2015  11:11 AM    <DIR>          SoftwareDistribution
08/22/2013  08:36 AM    <DIR>          Speech
10/28/2014  07:19 PM           128,512 splwow64.exe
08/21/2013  11:51 PM            35,891 Starter.xml
12/03/2016  10:14 PM    <DIR>          System
08/22/2013  06:25 AM               219 system.ini
09/16/2017  11:14 AM    <DIR>          System32
08/22/2013  08:36 AM    <DIR>          SystemResources
09/10/2017  03:50 PM    <DIR>          SysWOW64
08/22/2013  08:36 AM    <DIR>          TAPI
09/17/2017  02:49 AM    <DIR>          Tasks
09/21/2017  04:12 PM    <DIR>          Temp
12/13/2016  06:44 PM    <DIR>          ToastData
01/21/2017  12:02 PM               402 toolsx86.INI
08/22/2013  08:36 AM    <DIR>          tracing
09/10/2017  09:16 PM    <DIR>          twain_32
10/28/2014  06:34 PM            54,272 twain_32.dll
05/21/2001  03:43 AM           712,970 UnDangerZ.exe
11/10/1999  11:05 AM            86,016 unvise32qt.exe
08/22/2013  08:36 AM    <DIR>          vpnplugins
08/22/2013  08:36 AM    <DIR>          Vss
08/22/2013  08:36 AM    <DIR>          Web
06/19/2017  01:08 PM               222 win.ini
09/21/2017  06:48 PM         1,092,359 WindowsUpdate.log
10/28/2014  06:53 PM             9,728 winhlp32.exe
11/26/2015  07:22 AM    <DIR>          WinStore
05/06/2017  09:43 PM    <DIR>          WinSxS
02/05/2013  10:56 PM           322,048 WLXPGSS.SCR
06/18/2013  07:54 AM           316,640 WMSysPr9.prx
10/28/2014  07:34 PM            11,264 write.exe
08/07/2017  08:11 PM           559,322 ZAM.krnl.trace
08/08/2017  06:10 AM           664,592 ZAM_Guard.krnl.trace
10/11/2015  03:16 PM           355,899 _detmp.1
11/09/1998  12:12 AM            51,712 _detmp.2
              43 File(s)    408,944,567 bytes
              73 Dir(s)  304,106,237,952 bytes free

========= End of CMD: =========


========= dir C:\Windows\system32\drivers =========

 Volume in drive C is Windows
 Volume Serial Number is 5085-9965

 Directory of C:\Windows\system32\drivers

09/20/2017  04:31 PM    <DIR>          .
09/20/2017  04:31 PM    <DIR>          ..
08/22/2013  04:38 AM           231,424 1394ohci.sys
08/22/2013  05:43 AM           108,896 3ware.sys
09/20/2017  04:31 PM           253,888 737251EC.sys
10/06/2014  11:44 PM           533,824 acpi.sys
08/22/2013  05:49 AM            79,712 acpiex.sys
08/22/2013  04:38 AM            10,240 acpipagr.sys
08/22/2013  04:38 AM            12,288 acpipmi.sys
08/22/2013  04:38 AM            10,752 acpitime.sys
08/22/2013  05:43 AM           782,176 adp80xx.sys
10/13/2015  10:10 AM           559,616 afd.sys
07/07/2016  03:32 PM            95,744 agilevpn.sys
08/22/2013  05:43 AM            62,304 AGP440.sys
03/19/2015  06:56 PM            80,384 ahcache.sys
08/22/2013  01:46 AM            95,744 amdk8.sys
05/22/2013  05:38 AM            36,096 amdkmpfd.sys
08/22/2013  01:46 AM            98,816 amdppm.sys
08/22/2013  05:43 AM            79,200 amdsata.sys
08/22/2013  05:43 AM           259,424 amdsbs.sys
08/22/2013  05:43 AM            25,952 amdxata.sys
08/01/2017  11:49 AM            83,656 amd_sata.sys
08/01/2017  11:49 AM            23,752 amd_xata.sys
07/18/2013  04:00 PM            83,224 AmUStor.sys
10/28/2014  07:46 PM            82,944 appid.sys
07/29/2014  04:41 PM             1,984 AQFileRestore.inf
07/20/2015  09:18 PM            22,096 AQFileRestore.sys
08/22/2013  05:43 AM           114,016 arcsas.sys
08/22/2013  04:38 AM            26,624 asyncmac.sys
08/22/2013  05:43 AM            26,464 atapi.sys
08/22/2013  05:43 AM           199,520 ataport.sys
08/01/2017  11:55 AM            43,520 ati2erec.dll
06/23/2013  01:49 AM           138,240 AtihdWB6.sys
08/01/2017  11:55 AM        13,956,096 atikmdag.sys
08/01/2017  11:55 AM           632,320 atikmpag.sys
09/11/2016  06:45 PM           303,616 atksgt.sys
08/22/2013  04:39 AM            50,688 BasicDisplay.sys
02/22/2014  05:14 AM            33,280 BasicRender.sys
08/22/2013  05:49 AM            35,168 battc.sys
08/12/2013  04:25 PM            17,624 bcmfn2.sys
12/12/2011  05:37 PM         1,229,568 bcmwlhigh664.sys
08/22/2013  04:40 AM             7,680 beep.sys
10/04/2016  01:39 PM           101,376 bowser.sys
10/28/2014  07:45 PM           115,712 bridge.sys
11/23/2013  12:13 AM            19,456 BtaMPM.sys
08/22/2013  04:38 AM            36,992 BthAvrcpTg.sys
03/08/2015  07:02 PM            57,856 bthhfenum.sys
08/22/2013  04:38 AM            30,720 BthhfHid.sys
08/22/2013  04:36 AM            63,488 bthmodem.sys
08/22/2013  05:43 AM           531,296 bxvbda.sys
08/22/2013  04:40 AM            88,576 cdfs.sys
08/22/2013  01:46 AM           164,352 cdrom.sys
08/22/2013  04:38 AM            44,032 circlass.sys
05/06/2016  02:59 PM           331,608 Classpnp.sys
10/12/2016  01:01 AM           377,176 clfs.sys
08/22/2013  04:39 AM            25,472 CmBatt.sys
05/18/2016  04:18 PM           563,024 cng.sys
08/22/2013  04:38 AM            36,352 CompositeBus.sys
08/22/2013  06:25 AM            43,008 condrv.sys
05/29/2012  03:53 PM            27,456 cpqdfw.sys
08/22/2013  05:43 AM            68,960 crashdmp.sys
08/22/2013  05:50 AM            57,696 dam.sys
09/08/2016  07:00 AM           138,240 dfsc.sys
01/20/2016  03:40 PM            99,672 disk.sys
08/22/2013  05:43 AM            36,192 Diskdump.sys
08/22/2013  04:40 AM            13,312 Dmpusbstor.sys
08/22/2013  04:37 AM            29,696 dmvsc.sys
09/25/2012  12:52 AM           151,968 Dot4.sys
09/25/2012  12:52 AM            27,040 Dot4Prt.sys
09/25/2012  12:52 AM            49,056 Dot4usb.sys
10/28/2014  07:47 PM            89,088 drmk.sys
10/28/2014  08:58 PM            14,528 drmkaud.sys
08/22/2013  05:39 AM            33,632 Dumpata.sys
06/18/2016  01:06 PM            72,408 dumpfve.sys
03/12/2015  09:03 PM           154,432 dumpsd.sys
04/09/2016  10:37 PM         1,549,144 dxgkrnl.sys
10/28/2014  08:57 PM           389,952 dxgmms1.sys
06/18/2013  07:45 AM           460,288 e1i63x64.sys
08/22/2013  05:43 AM            82,784 EhStorClass.sys
08/22/2013  05:43 AM           114,016 EhStorTcgDrv.sys
10/22/2016  05:28 AM    <DIR>          en-US
08/22/2013  04:38 AM            10,240 errdev.sys
08/09/2017  05:15 PM    <DIR>          etc
08/22/2013  05:43 AM         3,357,024 evbda.sys
08/22/2013  04:40 AM           200,704 exfat.sys
08/22/2013  05:49 AM           217,952 fastfat.sys
05/03/2016  07:26 PM            79,064 fbwfh.sys
08/22/2013  04:40 AM            30,720 fdc.sys
02/22/2014  09:00 AM            79,192 fileinfo.sys
08/22/2013  04:39 AM            34,816 filetrace.sys
08/22/2013  04:40 AM            25,088 flpydisk.sys
08/25/2014  08:30 PM           354,112 fltMgr.sys
10/15/2014  01:32 AM            61,248 fsdepends.sys
08/22/2013  06:25 AM            30,048 fs_rec.sys
06/18/2016  01:06 PM           590,688 fvevol.sys
06/11/2015  01:12 PM           428,888 FWPKCLNT.SYS
08/22/2013  01:46 AM            27,136 fxppm.sys
08/22/2013  05:43 AM            65,888 GAGP30KX.SYS
06/18/2013  07:41 AM         3,440,660 gm.dls
06/18/2013  07:41 AM               646 gmreadme.txt
07/24/2014  04:45 AM            76,800 hdaudbus.sys
08/22/2013  04:38 AM           395,776 HdAudio.sys
08/22/2013  04:39 AM            26,624 hidbatt.sys
01/29/2015  08:01 PM            97,792 hidbth.sys
05/13/2016  04:08 PM           111,616 hidclass.sys
08/22/2013  04:37 AM            41,472 hidi2c.sys
08/22/2013  04:39 AM            45,568 hidir.sys
05/13/2016  04:08 PM            32,512 hidparse.sys
05/13/2016  04:08 PM            32,768 hidusb.sys
08/04/2017  10:15 AM            55,232 hitmanpro37.sys
08/22/2013  05:43 AM            64,352 HpSAMD.sys
02/24/2015  01:32 AM           991,552 http.sys
08/22/2013  05:39 AM            24,416 hwpolicy.sys
08/22/2013  04:37 AM            13,824 hyperkbd.sys
08/22/2013  04:39 AM            22,016 HyperVideo.sys
11/03/2014  11:54 PM           108,544 i8042prt.sys
07/30/2013  11:47 AM            24,568 iaLPSSi_GPIO.sys
07/25/2013  12:05 PM            99,320 iaLPSSi_I2C.sys
08/09/2013  05:39 PM           651,248 iaStorAV.sys
08/22/2013  05:43 AM           412,000 iaStorV.sys
08/22/2013  05:43 AM            18,272 intelide.sys
10/12/2014  07:43 PM            39,744 intelpep.sys
08/22/2013  01:46 AM            98,816 intelppm.sys
08/22/2013  04:35 AM            84,992 ipfltdrv.sys
02/03/2016  08:14 AM            80,896 IPMIDrv.sys
11/27/2013  05:02 AM           142,848 ipnat.sys
08/22/2013  04:37 AM           118,784 irda.sys
08/22/2013  04:38 AM            17,920 irenum.sys
08/22/2013  05:43 AM            21,856 isapnp.sys
11/04/2014  12:25 PM            59,712 kbdclass.sys
11/03/2014  11:54 PM            32,256 kbdhid.sys
08/22/2013  04:38 AM            19,456 kdnic.sys
07/04/2014  05:59 AM           295,424 ks.sys
08/22/2016  09:06 AM           100,184 ksecdd.sys
05/18/2016  04:16 PM           178,016 ksecpkg.sys
08/22/2013  04:39 AM            21,248 ksthunk.sys
09/11/2016  06:43 PM            35,328 lirsgt.sys
08/22/2013  04:36 AM            59,392 lltdio.sys
08/22/2013  05:43 AM           109,408 lsi_sas.sys
08/22/2013  05:43 AM            93,536 lsi_sas2.sys
08/22/2013  05:43 AM            81,760 lsi_sas3.sys
08/22/2013  05:43 AM            82,784 lsi_sss.sys
02/22/2014  05:14 AM           124,416 luafv.sys
08/05/2017  07:28 AM           109,272 mbamchameleon.sys
09/04/2017  11:34 AM           194,776 MBAMSwissArmy.sys
08/22/2013  04:39 AM            22,016 mcd.sys
08/22/2013  05:43 AM            56,672 megasas.sys
08/22/2013  05:43 AM           575,840 megasr.sys
08/22/2013  04:40 AM            40,960 modem.sys
08/22/2013  04:36 AM            30,208 monitor.sys
11/04/2014  12:25 PM            51,008 mouclass.sys
11/03/2014  11:54 PM            30,208 mouhid.sys
07/08/2016  03:35 PM           101,208 mountmgr.sys
07/28/2013  01:24 PM           104,736 mouqwtlo.sys
10/28/2014  07:45 PM            74,240 mpsdrv.sys
09/08/2016  07:00 AM           140,800 mrxdav.sys
08/20/2016  06:01 PM           401,408 mrxsmb.sys
08/20/2016  06:01 PM           284,672 mrxsmb10.sys
08/20/2016  06:03 PM           201,728 mrxsmb20.sys
08/22/2013  06:25 AM            30,208 msfs.sys
06/18/2013  07:52 AM                 3 MsftWdf_Kernel_01013_Inbox_Critical.Wdf
06/18/2013  08:20 AM                 3 MsftWdf_User_01_11_00_Inbox_Critical.Wdf
08/14/2014  05:36 PM           146,752 msgpioclx.sys
08/22/2013  05:43 AM            41,824 msgpiowin32.sys
08/22/2013  04:39 AM             8,192 mshidkmdf.sys
08/22/2013  04:39 AM             9,728 mshidumdf.sys
07/06/2013  01:27 PM            81,696 msidntfs.sys
08/22/2013  05:43 AM            17,248 msisadrv.sys
09/09/2016  03:14 PM           275,800 msiscsi.sys
08/22/2013  04:39 AM            10,624 mskssrv.sys
10/28/2014  07:45 PM            66,560 mslldp.sys
08/22/2013  04:39 AM             7,040 mspclock.sys
08/22/2013  04:39 AM             6,784 mspqm.sys
08/22/2013  06:25 AM           366,432 msrpc.sys
08/22/2013  05:49 AM            37,728 mssmbios.sys
08/22/2013  04:38 AM             7,936 mstee.sys
08/22/2013  04:37 AM            13,312 MTConfig.sys
04/06/2016  02:21 PM           114,528 mup.sys
08/22/2013  05:43 AM            63,840 mvumis.sys
07/14/2015  02:59 PM         1,113,944 ndis.sys
10/28/2014  07:46 PM            43,008 ndiscap.sys
10/28/2014  07:45 PM           126,464 NdisImPlatform.sys
10/28/2014  07:47 PM            24,576 ndistapi.sys
08/22/2013  04:37 AM            60,416 ndisuio.sys
08/22/2013  04:36 AM            16,384 NdisVirtualBus.sys
04/05/2016  03:37 PM           205,824 ndiswan.sys
10/28/2014  07:46 PM            72,192 ndproxy.sys
10/28/2014  07:45 PM           103,424 Ndu.sys
10/28/2014  07:47 PM            48,128 netbios.sys
05/13/2016  04:07 PM           281,088 netbt.sys
12/30/2015  01:49 PM           470,360 netio.sys
10/28/2014  07:46 PM            87,040 netvsc63.sys
02/03/2010  11:20 AM            47,632 npf.sys
08/22/2013  06:25 AM            58,880 npfs.sys
08/22/2013  04:38 AM            23,040 npsvctrig.sys
10/28/2014  07:46 PM            39,424 nsiproxy.sys
12/30/2015  02:53 PM         2,017,624 ntfs.sys
08/22/2013  06:25 AM             5,632 null.sys
08/22/2013  05:43 AM           150,368 nvraid.sys
08/22/2013  05:43 AM           168,288 nvstor.sys
08/22/2013  05:43 AM           124,768 NV_AGP.SYS
10/28/2014  07:45 PM           445,440 nwifi.sys
10/28/2014  07:45 PM           151,040 pacer.sys
08/11/2016  11:33 AM            96,256 parport.sys
10/15/2014  01:32 AM            88,896 partmgr.sys
07/24/2014  08:28 AM           280,384 pci.sys
08/22/2013  05:43 AM            14,688 pciide.sys
08/22/2013  05:43 AM            48,992 pciidex.sys
08/22/2013  05:49 AM           114,528 pcmcia.sys
08/22/2013  05:39 AM            50,016 pcw.sys
10/12/2014  07:43 PM            86,336 pdc.sys
02/22/2014  05:09 AM           663,040 PEAuth.sys
10/28/2014  07:46 PM           272,384 portcls.sys
08/22/2013  01:46 AM            92,160 processr.sys
10/28/2014  07:47 PM            47,104 qwavedrv.sys
10/28/2014  07:48 PM            17,408 rasacd.sys
02/02/2016  11:16 AM           112,640 rasl2tp.sys
08/22/2013  04:36 AM            84,992 raspppoe.sys
08/22/2013  04:35 AM           107,520 raspptp.sys
10/28/2014  07:45 PM            93,696 rassstp.sys
04/06/2016  11:20 AM           402,432 rdbss.sys
08/22/2013  04:38 AM            22,528 rdpbus.sys
08/22/2013  12:12 PM           195,584 rdpdr.sys
10/28/2014  08:56 PM            27,456 rdpvideominiport.sys
02/22/2014  09:00 AM           249,688 rdyboost.sys
09/09/2016  03:52 PM           921,944 refs.sys
11/05/2015  01:59 AM           145,408 rmcast.sys
08/22/2013  04:38 AM            32,256 RNDISMP.sys
10/28/2014  07:48 PM            11,776 rootmdm.sys
08/22/2013  04:36 AM            80,384 rspndr.sys
08/01/2017  11:41 AM           958,976 Rt630x64.sys
08/01/2017  11:47 AM         9,124,224 RTAIODAT.DAT
08/01/2017  11:47 AM         5,545,512 RTKVHD64.sys
08/01/2017  11:39 AM           418,784 RtsUer.sys
07/09/2013  02:58 PM           263,896 RtsUStor.sys
08/22/2013  05:39 AM           107,872 sbp2port.sys
10/28/2014  07:46 PM            40,960 scfilter.sys
01/19/2007  06:24 PM            25,312 SCMNdisP.sys
08/22/2013  05:43 AM           170,848 scsiport.sys
03/12/2015  09:03 PM           239,424 sdbus.sys
02/22/2014  08:49 AM            79,192 sdstor.sys
08/22/2013  08:35 AM            23,040 secdrv.sys
08/22/2013  05:43 AM            69,472 SerCx.sys
10/25/2013  06:54 PM           146,776 SerCx2.sys
08/11/2016  11:33 AM            23,040 serenum.sys
08/11/2016  11:33 AM            83,456 serial.sys
11/03/2014  11:55 PM            26,112 sermouse.sys
10/28/2014  06:50 PM            11,776 serscan.sys
08/22/2013  04:40 AM            17,408 sfloppy.sys
08/22/2013  05:43 AM            44,896 sisraid2.sys
08/22/2013  05:43 AM            81,760 sisraid4.sys
08/22/2013  04:40 AM            19,968 smclib.sys
08/10/2016  10:46 PM           420,184 spaceport.sys
08/22/2013  05:43 AM            72,032 SpbCx.sys
08/04/2016  07:17 AM           416,768 srv.sys
08/03/2016  11:06 AM           675,328 srv2.sys
08/03/2016  11:05 AM           243,712 srvnet.sys
08/22/2013  05:43 AM            31,072 stexstor.sys
08/22/2013  05:43 AM           107,872 storahci.sys
06/11/2016  12:52 PM            57,184 stornvme.sys
06/11/2016  12:52 PM           379,232 storport.sys
08/22/2013  05:36 AM            45,888 storvsc.sys
08/22/2013  04:39 AM            67,584 stream.sys
10/28/2014  08:59 PM            14,144 swenum.sys
04/27/2016  12:49 AM            39,464 tap0901t.sys
08/22/2013  04:39 AM            29,696 tape.sys
10/28/2014  09:13 PM            21,824 tbs.sys
03/11/2016  05:49 PM         2,466,136 tcpip.sys
03/06/2014  02:19 AM            49,152 tcpipreg.sys
08/22/2013  06:25 AM            30,208 tdi.sys
10/13/2015  10:10 AM           108,032 tdx.sys
08/22/2013  12:12 PM            37,216 terminpt.sys
09/08/2016  01:41 PM           121,176 tm.sys
09/29/2015  05:24 AM           155,480 tpm.sys
08/18/2017  09:06 PM            28,272 TrueSight.sys
11/04/2014  07:30 PM           389,240 Trufos.sys
08/22/2013  04:37 AM            56,320 TsUsbFlt.sys
10/28/2014  07:46 PM            29,696 TsUsbGD.sys
09/04/2015  12:24 PM           154,112 tunnel.sys
08/22/2013  05:43 AM            64,864 UAGP35.SYS
08/22/2013  05:43 AM            74,080 uaspstor.sys
10/06/2014  11:54 PM           189,248 UCX01000.SYS
03/12/2015  07:02 PM           316,416 udfs.sys
08/22/2013  05:39 AM            26,976 uefi.sys
08/22/2013  05:43 AM            65,888 ULIAGPKX.SYS
08/22/2013  04:38 AM            46,080 umbus.sys
11/27/2015  11:57 PM    <DIR>          UMDF
08/22/2013  04:38 AM            11,776 umpass.sys
04/24/2015  07:25 PM            20,992 usb8023.sys
08/22/2013  04:39 AM            32,512 USBCAMD2.sys
07/24/2014  08:28 AM           143,680 usbccgp.sys
10/28/2014  07:47 PM            98,304 usbcir.sys
10/10/2015  11:34 PM            27,992 usbd.sys
01/08/2016  06:38 PM            91,992 usbehci.sys
10/10/2015  11:34 PM           462,168 usbhub.sys
10/10/2015  11:34 PM           468,824 USBHUB3.SYS
10/10/2015  11:41 AM            30,208 usbohci.sys
10/10/2015  11:34 PM           443,224 usbport.sys
08/22/2013  04:36 AM            26,112 usbprint.sys
08/22/2013  04:39 AM            30,720 usbrpm.sys
10/28/2014  07:47 PM            44,544 usbscan.sys
01/31/2016  12:16 PM           148,832 USBSTOR.SYS
10/10/2015  11:41 AM            37,376 usbuhci.sys
04/15/2015  11:17 PM           325,464 USBXHCI.SYS
08/22/2013  05:37 AM            37,728 vdrvroot.sys
09/14/2013  07:06 AM           175,960 VerifierExt.sys
10/09/2016  03:59 PM           551,256 vhdmp.sys
08/22/2013  05:43 AM            19,808 viaide.sys
08/22/2013  04:39 AM            49,152 videoprt.sys
10/28/2014  08:56 PM            89,368 vmbkmcl.sys
10/28/2014  08:56 PM            97,048 vmbus.sys
08/22/2013  04:37 AM            21,760 VMBusHID.sys
08/22/2013  04:38 AM            11,264 vmgencounter.sys
08/22/2013  04:38 AM             7,168 vms3cap.sys
10/28/2014  08:56 PM            49,944 vmstorfl.sys
04/10/2016  11:21 PM            74,584 volmgr.sys
08/22/2013  05:39 AM           377,696 volmgrx.sys
03/14/2016  09:50 AM           316,760 volsnap.sys
01/26/2016  12:15 PM            72,024 vpci.sys
08/22/2013  05:43 AM           168,800 vsmraid.sys
08/22/2013  05:43 AM           305,504 VSTXRAID.SYS
08/12/2016  05:03 PM            24,576 vwifibus.sys
08/12/2016  05:02 PM            71,680 vwififlt.sys
08/12/2016  05:01 PM            38,912 vwifimp.sys
08/22/2013  04:39 AM            26,752 wacompen.sys
10/28/2014  07:45 PM            80,896 wanarp.sys
02/22/2014  05:14 AM            54,272 watchdog.sys
08/22/2013  05:31 AM            34,760 WdBoot.sys
08/22/2013  06:25 AM           839,488 Wdf01000.sys
08/22/2013  05:34 AM           265,056 WdFilter.sys
08/22/2013  06:25 AM            60,224 WdfLdr.sys
08/22/2013  05:34 AM           124,256 WdNisDrv.sys
08/22/2013  05:39 AM            38,240 werkernel.sys
11/10/2014  11:06 AM           136,512 wfplwfs.sys
10/28/2014  09:09 PM            33,600 wimmount.sys
10/28/2014  08:56 PM            61,208 winhv.sys
08/22/2013  04:40 AM            16,384 wmiacpi.sys
08/22/2013  06:25 AM            18,272 wmilib.sys
03/13/2014  05:35 AM           157,016 wof.sys
10/28/2014  08:57 PM            54,784 wpcfltr.sys
08/22/2013  05:36 AM            26,976 WpdUpFltr.sys
08/22/2013  06:25 AM            23,392 WppRecorder.sys
08/22/2013  04:40 AM            21,504 ws2ifsl.sys
08/22/2013  04:39 AM            20,992 WSDPrint.sys
10/28/2014  07:46 PM           113,664 WUDFPf.sys
10/28/2014  07:46 PM           226,304 WUDFRd.sys
             341 File(s)     87,062,792 bytes
               5 Dir(s)  304,106,205,184 bytes free

========= End of CMD: =========


==== End of Fixlog 19:16:51 ====

Link to post
Share on other sites

For the next step, you'll need a USB Flash Drive.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.