Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svcvmx client virus & "the requested resource is in use" for rkill


  • This topic is locked This topic is locked
17 replies to this topic

#1 SilasTheVirus

SilasTheVirus

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 September 2017 - 05:26 PM

Windows 10 Home Edition 64-bit

 

I've googled & read countless forums all telling me the same thing, using the same steps.

 

My problem is: I can't do any of the steps because when I try to run rKill or software like it, I get the "the requested resource is in use" error.  

 

When I google how to fix this error, every forum tells me the same thing: run Malwarebytes anti-rootkit beta. That doesn't work either. Malwarebytes anti-rootkit beta ALWAYS freezes, and I'm never able to finish.

 

Please help, I'm at my wits end. Keep in mind that I can't run rKill, Malwarebytes anti-rootkit, hijackthis.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 11 September 2017 - 06:14 PM

Hi SilasTheVirus :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread

This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. MBAR won't freeze if you only leave the Drivers option checked. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-DATE-(TIME).txt" log that is located in the MBAR folder here after.


Edited by britechguy, 11 September 2017 - 06:17 PM.
Moved to Malware Removal Logs forum per staff request

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 September 2017 - 06:18 PM

I assume this is an auto-reply because I specifically said that I cannot run MBAR, yet that is exactly what you tell me to do.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 11 September 2017 - 06:20 PM

This is what you told me in the first post:

That doesn't work either. Malwarebytes anti-rootkit beta ALWAYS freezes, and I'm never able to finish.


This is a known issue when you run MBAR against a SmartService infection with all the options checked. Hence why I specified this:

MBAR won't freeze if you only leave the Drivers option checked.


Which is also specified in the tutorial I linked you and asked you to follow (and I also precised to use the version of MBAR linked in it) :)

Let me know how it goes. IF you already tried MBAR with only the Drivers option check and it still freezes, then it's another story. But with only that option enabled, the scan should go through.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 September 2017 - 06:30 PM

Ok, I downloaded mbar from the link provided, installed, and ran it.

 

I made sure only "drivers" was selected.

 

It froze and said "not responding" a couple seconds after I clicked the scan button.

 

When I tried to run the program again I got the "the requested resource is in use" error.


Edited by SilasTheVirus, 11 September 2017 - 06:31 PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 11 September 2017 - 06:31 PM

Did you uncheck Sectors and System and only leave Drivers enabled? If not, launch MBAR using the mbar.cmd file in the MBAR folder and it should go through, and make sure to use the settings I just listed.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 September 2017 - 08:19 AM

Yes, I unchecked Sectors and System and only left Drivers enabled.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 12 September 2017 - 08:21 AM

And it still freezes?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 September 2017 - 09:08 AM

Yes.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 12 September 2017 - 09:11 AM

Alright, in that case, you'll need a USB Flash Drive to remove that infection. Do you have one? If so, how big is it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 September 2017 - 12:30 PM

I have an 8gb usb drive.

 

I've already tried getting a usb to autorun rkill, but was unsuccessful. Isn't that feature disabled for windows 10? I've read from multiple sites that Microsoft disabled the ability to create autorun usb's, and my own lack of success lead me to believe it was true.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 12 September 2017 - 12:35 PM

We'll use that USB Flash Drive to remove the infection from the RE. Follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 September 2017 - 05:51 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2017
Ran by Jeff (12-09-2017 18:52:01) Run:1
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available Profiles: Jeff)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= dir C:\Windows =========
 
 Volume in drive C is Windows
 Volume Serial Number is 1016-342A
 
 Directory of C:\Windows
 
09/12/2017  06:51 PM    <DIR>          .
09/12/2017  06:51 PM    <DIR>          ..
03/18/2017  05:03 PM    <DIR>          addins
07/23/2017  02:30 PM    <DIR>          appcompat
08/11/2017  11:16 AM    <DIR>          AppPatch
09/12/2017  09:12 AM    <DIR>          AppReadiness
03/18/2017  05:03 PM    <DIR>          bcastdvr
07/17/2017  10:03 AM            64,512 bfsvc.exe
03/18/2017  05:03 PM    <DIR>          Boot
03/18/2017  05:03 PM    <DIR>          Branding
04/11/2007  10:11 AM           511,328 capicom.dll
08/15/2017  09:38 PM    <DIR>          CbsTemp
09/03/2015  04:00 AM    <DIR>          Cnxt
09/02/2015  11:13 AM                 5 core.ver
03/18/2017  04:59 PM            34,390 Core.xml
07/10/2015  07:00 AM            31,816 CoreSingleLanguage.xml
09/02/2015  10:58 AM                12 csup.txt
03/18/2017  05:03 PM    <DIR>          Cursors
08/09/2017  12:34 PM    <DIR>          debug
07/17/2017  07:15 AM             7,623 diagerr.xml
03/18/2017  05:03 PM    <DIR>          diagnostics
07/17/2017  07:15 AM             7,623 diagwrn.xml
03/18/2017  10:29 PM    <DIR>          DigitalLocker
12/31/2015  06:14 PM    <DIR>          Downloaded Installations
08/09/2017  01:49 PM             7,448 DPINST.LOG
03/18/2017  10:29 PM    <DIR>          en-US
07/17/2017  10:18 AM         4,847,424 explorer.exe
06/23/2017  05:24 PM    <DIR>          FOOK2
03/18/2017  05:03 PM    <DIR>          GameBarPresenceWriter
03/18/2017  05:03 PM    <DIR>          Globalization
03/18/2017  10:29 PM    <DIR>          Help
07/17/2017  10:03 AM           975,360 HelpPane.exe
03/18/2017  04:57 PM            18,432 hh.exe
07/17/2017  07:09 AM    <DIR>          HoloShell
03/18/2017  10:29 PM    <DIR>          IME
08/11/2017  11:16 AM    <DIR>          ImmersiveControlPanel
08/26/2017  10:43 AM    <DIR>          INF
03/18/2017  05:03 PM    <DIR>          InfusedApps
03/18/2017  05:03 PM    <DIR>          InputMethod
11/10/2016  07:26 PM    <DIR>          IObit
03/18/2017  05:03 PM    <DIR>          L2Schemas
04/30/2016  11:39 AM           126,976 lcmmfu.cpl
08/03/2017  03:15 PM    <DIR>          LiveKernelReports
09/01/2017  05:27 PM    <DIR>          Logs
09/03/2015  04:23 AM             1,150 machineinfo.sav
03/18/2017  04:57 PM            43,131 mib.bin
09/12/2017  09:57 AM    <DIR>          Microsoft.NET
03/18/2017  05:03 PM    <DIR>          Migration
03/18/2017  10:29 PM    <DIR>          MiracastView
04/30/2016  11:39 AM            45,056 mmfs.dll
03/18/2017  05:03 PM    <DIR>          ModemLogs
03/18/2017  04:58 PM           246,784 notepad.exe
03/18/2017  10:30 PM    <DIR>          OCR
03/18/2017  05:03 PM    <DIR>          Offline Web Pages
09/03/2015  04:05 AM    <DIR>          Options
07/24/2017  07:18 PM    <DIR>          Panther
09/03/2015  04:19 AM             3,121 PEIS_PreloadData.ini
03/18/2017  05:03 PM    <DIR>          Performance
08/25/2017  01:51 PM             7,974 PFRO.log
03/18/2017  05:03 PM    <DIR>          PLA
03/18/2017  10:31 PM    <DIR>          PolicyDefinitions
08/03/2017  06:55 PM    <DIR>          Prefetch
03/18/2017  10:29 PM    <DIR>          PrintDialog
07/17/2017  10:06 AM    <DIR>          Provisioning
03/18/2017  04:57 PM           321,024 regedit.exe
08/09/2017  12:44 PM    <DIR>          Registration
08/17/2017  05:59 PM    <DIR>          rescache
03/18/2017  05:03 PM    <DIR>          Resources
04/30/2016  11:39 AM             2,560 Runservice.exe
03/18/2017  05:03 PM    <DIR>          SchCache
03/18/2017  05:03 PM    <DIR>          schemas
03/18/2017  05:03 PM    <DIR>          security
07/17/2017  06:30 AM    <DIR>          ServiceProfiles
03/18/2017  10:29 PM    <DIR>          servicing
07/17/2017  10:23 AM    <DIR>          Setup
09/09/2017  10:32 PM             4,032 setupact.log
08/04/2017  11:25 AM                 0 setuperr.log
08/11/2017  11:16 AM    <DIR>          ShellExperiences
09/11/2017  06:51 PM    <DIR>          ShellNew
03/18/2017  10:30 PM    <DIR>          SKB
07/17/2017  07:15 AM    <DIR>          SoftwareDistribution
03/18/2017  05:03 PM    <DIR>          Speech
03/18/2017  05:03 PM    <DIR>          Speech_OneCore
03/18/2017  04:58 PM           130,560 splwow64.exe
03/18/2017  05:03 PM    <DIR>          System
07/10/2015  07:02 AM               219 system.ini
08/23/2017  08:29 AM    <DIR>          System32
03/18/2017  10:31 PM    <DIR>          SystemApps
03/18/2017  10:31 PM    <DIR>          SystemResources
08/11/2017  11:16 AM    <DIR>          SysWOW64
03/18/2017  05:03 PM    <DIR>          TAPI
07/23/2017  01:16 PM    <DIR>          Tasks
09/12/2017  06:48 PM    <DIR>          Temp
03/18/2017  05:03 PM    <DIR>          tracing
04/29/2016  07:04 AM            14,539 TWAINSP_Lenovo_EasyCamera.ini
06/22/2015  05:30 AM             7,408 TWAINSP_Lenovo_EasyCamera.src
07/17/2017  07:28 AM    <DIR>          twain_32
03/18/2017  04:58 PM            65,536 twain_32.dll
07/21/2017  08:09 AM            51,624 uninstaller.dat
03/18/2017  05:03 PM    <DIR>          Vss
03/18/2017  05:03 PM    <DIR>          Web
02/20/2017  05:14 PM               230 win.ini
09/12/2017  06:46 PM               275 WindowsUpdate.log
03/18/2017  04:58 PM            10,240 winhlp32.exe
09/01/2017  05:34 PM    <DIR>          WinSxS
03/18/2017  04:56 PM           316,640 WMSysPr9.prx
03/18/2017  04:58 PM            11,264 write.exe
              34 File(s)      7,916,316 bytes
              73 Dir(s)  141,368,344,576 bytes free
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C is Windows
 Volume Serial Number is 1016-342A
 
 Directory of C:\Windows\system32\drivers
 
09/11/2017  09:47 PM    <DIR>          .
09/11/2017  09:47 PM    <DIR>          ..
03/18/2017  04:56 PM           238,080 1394ohci.sys
03/18/2017  04:56 PM           107,424 3ware.sys
05/31/2017  01:57 PM           251,832 7A8B7D8F.sys
07/28/2017  01:23 AM           723,360 acpi.sys
03/18/2017  04:56 PM            20,480 AcpiDev.sys
03/18/2017  04:56 PM           127,392 acpiex.sys
03/18/2017  04:56 PM            12,800 acpipagr.sys
03/18/2017  04:56 PM            14,848 acpipmi.sys
03/18/2017  04:56 PM            14,336 acpitime.sys
06/15/2015  04:00 AM            42,328 AcpiVpc.sys
03/18/2017  04:56 PM         1,135,512 adp80xx.sys
12/25/2015  04:22 PM             8,269 AFA.ini
03/18/2017  04:57 PM           610,712 afd.sys
03/18/2017  04:58 PM           108,544 agilevpn.sys
03/18/2017  04:57 PM           239,616 ahcache.sys
12/25/2015  04:22 PM             1,816 ALTMIXER.INI
03/18/2017  04:56 PM           176,640 amdk8.sys
03/18/2017  04:56 PM           172,544 amdppm.sys
03/18/2017  04:56 PM            83,352 amdsata.sys
03/18/2017  04:56 PM           259,488 amdsbs.sys
03/18/2017  04:56 PM            27,040 amdxata.sys
03/18/2017  04:58 PM           184,736 appid.sys
03/18/2017  04:58 PM            17,920 applockerfltr.sys
03/18/2017  04:56 PM           132,000 arcsas.sys
03/18/2017  04:57 PM            28,672 asyncmac.sys
03/18/2017  04:56 PM            29,088 atapi.sys
03/18/2017  04:56 PM           194,464 ataport.sys
05/25/2017  08:13 PM         4,318,648 athw10x.sys
03/18/2017  04:56 PM            57,344 BasicDisplay.sys
07/17/2017  10:03 AM            35,840 BasicRender.sys
03/18/2017  04:56 PM            36,256 battc.sys
03/18/2017  04:56 PM             9,728 bcmfn2.sys
03/18/2017  04:57 PM            10,240 beep.sys
12/25/2015  04:22 PM             3,657 BIT_CLK.ini
03/18/2017  04:56 PM           101,888 bowser.sys
07/28/2017  12:25 AM           115,712 bridge.sys
03/18/2017  04:56 PM            23,552 BtaMPM.sys
05/25/2017  08:14 PM           609,696 btfilter.sys
03/18/2017  04:56 PM           181,248 BthA2DP.sys
03/18/2017  04:56 PM            43,520 BthAvrcpTg.sys
07/28/2017  12:25 AM           105,472 bthenum.sys
03/18/2017  04:56 PM            47,104 BthHfAud.sys
07/28/2017  12:08 AM            97,792 bthhfenum.sys
03/18/2017  04:56 PM            32,256 BthhfHid.sys
03/18/2017  04:56 PM            66,560 bthmodem.sys
07/17/2017  10:17 AM           130,048 bthpan.sys
07/28/2017  12:20 AM           982,016 bthport.sys
03/18/2017  04:56 PM            85,504 BTHUSB.SYS
03/18/2017  04:56 PM            39,424 buttonconverter.sys
03/18/2017  04:56 PM           533,920 bxvbda.sys
03/18/2017  04:56 PM            53,664 CAD.sys
03/18/2017  04:56 PM           122,880 capimg.sys
03/18/2017  04:57 PM            93,184 cdfs.sys
03/18/2017  04:56 PM           160,256 cdrom.sys
03/18/2017  04:57 PM            77,216 CEA.sys
12/25/2015  04:22 PM         1,561,728 CHDRT64.sys
03/18/2017  04:56 PM           102,816 cht4dx64.sys
03/18/2017  04:56 PM           347,032 cht4sx64.sys
03/18/2017  04:56 PM         2,104,224 cht4vx64.sys
03/18/2017  04:56 PM            49,152 circlass.sys
03/18/2017  04:57 PM           391,584 Classpnp.sys
03/18/2017  04:58 PM            12,288 cldflt.sys
07/31/2017  10:38 PM           382,368 clfs.sys
03/18/2017  04:58 PM           877,472 ClipSp.sys
03/18/2017  04:56 PM            30,208 CmBatt.sys
03/18/2017  04:56 PM            28,064 cmimcext.sys
03/18/2017  04:58 PM           642,688 cng.sys
03/18/2017  04:57 PM            39,840 cnghwassist.sys
03/18/2017  04:57 PM            56,224 condrv.sys
03/18/2017  04:57 PM            86,432 crashdmp.sys
11/26/2014  11:01 AM             4,664 CxSfPt.dat
07/17/2017  10:03 AM           112,544 dam.sys
03/18/2017  04:56 PM            45,568 devauthe.sys
03/18/2017  04:57 PM           150,528 dfsc.sys
03/18/2017  04:56 PM           102,816 disk.sys
03/18/2017  04:58 PM            38,816 Diskdump.sys
03/18/2017  04:57 PM            15,360 Dmpusbstor.sys
03/18/2017  04:56 PM            47,104 dmvsc.sys
05/26/2015  04:42 PM            47,096 dptf_acpi.sys
03/18/2017  04:56 PM            97,280 drmk.sys
03/18/2017  04:56 PM            16,232 drmkaud.sys
12/25/2015  04:22 PM           151,791 DS1Parm.ini
06/15/2017  02:09 PM            30,264 dtlitescsibus.sys
06/13/2017  08:08 PM            30,264 dtproscsibus.sys
03/18/2017  04:57 PM            35,744 Dumpata.sys
03/18/2017  04:59 PM            91,152 dumpfve.sys
07/17/2017  10:03 AM           188,824 dumpsd.sys
03/18/2017  04:58 PM            32,256 dumpsdport.sys
03/18/2017  04:57 PM            25,600 Dumpstorport.sys
07/31/2017  10:32 PM         2,444,704 dxgkrnl.sys
07/17/2017  10:03 AM           409,504 dxgmms1.sys
07/31/2017  10:32 PM           712,600 dxgmms2.sys
12/25/2015  04:22 PM            11,842 EdgeEQ.ini
03/18/2017  04:57 PM            88,992 EhStorClass.sys
03/18/2017  04:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  10:31 PM    <DIR>          en-US
03/18/2017  04:56 PM            13,824 errdev.sys
05/26/2015  04:42 PM           251,384 esif_lf.sys
07/17/2017  07:07 AM    <DIR>          etc
03/18/2017  04:56 PM         3,419,040 evbda.sys
03/18/2017  04:57 PM           347,136 exfat.sys
07/17/2017  10:03 AM           363,424 fastfat.sys
09/03/2015  04:14 AM            32,792 FBNetFlt.sys
03/18/2017  04:56 PM            32,768 fdc.sys
03/18/2017  04:56 PM            54,272 filecrypt.sys
03/18/2017  04:57 PM            86,432 fileinfo.sys
03/18/2017  04:57 PM            36,864 filetrace.sys
03/18/2017  04:56 PM            26,624 flpydisk.sys
03/18/2017  04:57 PM           386,464 fltMgr.sys
03/18/2017  04:56 PM            63,904 fsdepends.sys
03/18/2017  04:57 PM            33,688 fs_rec.sys
07/28/2017  01:15 AM           715,168 fvevol.sys
03/18/2017  04:57 PM           419,744 FWPKCLNT.SYS
12/25/2015  04:22 PM             6,312 FXMisc.ini
03/18/2017  04:56 PM            21,504 genericusbfn.sys
03/18/2017  04:57 PM         3,440,660 gm.dls
03/18/2017  04:57 PM               646 gmreadme.txt
03/18/2017  04:58 PM             8,192 gpuenergydrv.sys
07/17/2017  10:17 AM            86,528 hdaudbus.sys
03/18/2017  04:56 PM            38,296 hidbatt.sys
03/18/2017  04:56 PM           106,496 hidbth.sys
03/18/2017  04:56 PM           180,736 hidclass.sys
03/18/2017  04:56 PM            52,224 hidi2c.sys
03/18/2017  04:56 PM            51,104 hidinterrupt.sys
03/18/2017  04:56 PM            46,592 hidir.sys
03/18/2017  04:56 PM            40,960 hidparse.sys
03/18/2017  04:56 PM            40,960 hidusb.sys
12/21/2016  12:13 PM            54,736 hitmanpro37.sys
03/18/2017  04:56 PM            64,416 HpSAMD.sys
08/29/2017  10:34 AM            55,168 hqujrbea.sys
07/17/2017  10:17 AM         1,106,848 http.sys
03/18/2017  04:57 PM            74,648 hvservice.sys
03/18/2017  04:56 PM           118,688 hvsocket.sys
03/18/2017  04:57 PM            29,600 hwpolicy.sys
03/18/2017  04:56 PM            16,896 hyperkbd.sys
03/18/2017  04:56 PM           115,200 i8042prt.sys
03/18/2017  04:56 PM            33,280 iagpio.sys
03/18/2017  04:56 PM            81,408 iai2c.sys
03/18/2017  04:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  04:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  04:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  04:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  04:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  04:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  04:56 PM           673,184 iaStorAV.sys
03/18/2017  04:56 PM           412,064 iaStorV.sys
03/18/2017  04:56 PM           526,240 ibbus.sys
09/24/2015  11:53 PM         3,797,424 igdkmd64.sys
03/18/2017  04:58 PM            36,864 IndirectKmd.sys
06/22/2015  11:35 PM           454,416 IntcDAud.sys
07/20/2015  03:45 PM            50,240 intelaud.sys
07/12/2017  06:40 PM           126,064 IntelHaxm.sys
03/18/2017  04:56 PM            19,360 intelide.sys
03/18/2017  04:56 PM            74,840 intelpep.sys
03/18/2017  04:56 PM           193,536 intelppm.sys
03/18/2017  04:57 PM            49,568 iorate.sys
03/18/2017  04:57 PM            87,040 ipfltdrv.sys
03/18/2017  04:56 PM            92,064 IPMIDrv.sys
03/18/2017  04:58 PM           214,528 ipnat.sys
03/18/2017  04:57 PM           120,320 irda.sys
03/18/2017  04:57 PM            19,968 irenum.sys
03/18/2017  04:56 PM            22,944 isapnp.sys
12/25/2015  04:22 PM             6,520 ISAPSII.ini
07/20/2015  03:45 PM            38,976 iwdbus.sys
03/18/2017  04:56 PM            64,416 kbdclass.sys
03/18/2017  04:56 PM            40,448 kbdhid.sys
03/18/2017  04:56 PM            23,040 kdnic.sys
03/18/2017  04:58 PM           390,144 ks.sys
03/18/2017  04:57 PM           136,088 ksecdd.sys
03/18/2017  04:58 PM           170,912 ksecpkg.sys
07/17/2017  10:03 AM            27,136 ksthunk.sys
03/18/2017  04:58 PM            66,560 lltdio.sys
03/18/2017  04:56 PM           108,960 lsi_sas.sys
03/18/2017  04:56 PM           123,808 lsi_sas2i.sys
03/18/2017  04:56 PM           103,328 lsi_sas3i.sys
03/18/2017  04:56 PM            82,848 lsi_sss.sys
03/18/2017  04:57 PM           124,928 luafv.sys
03/18/2017  04:56 PM           405,408 mausbhost.sys
03/18/2017  04:56 PM            51,104 mausbip.sys
09/07/2017  02:45 PM           194,776 MBAMSwissArmy.sys
11/10/2016  07:30 PM            32,736 MBI.sys
03/18/2017  04:57 PM            23,552 mcd.sys
09/11/2017  09:47 PM            55,168 mcpixfix.sys
03/18/2017  04:56 PM            59,808 megasas.sys
03/18/2017  04:56 PM            64,416 MegaSas2i.sys
03/18/2017  04:56 PM           575,904 megasr.sys
12/25/2015  04:22 PM            10,107 MicEQ.ini
12/25/2015  04:22 PM            14,718 MicGain.ini
07/09/2014  02:38 AM             1,081 MicMin.ini
07/28/2017  12:25 AM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
12/25/2015  04:22 PM            30,893 Mixer.ini
03/18/2017  04:56 PM           842,656 mlx4_bus.sys
03/18/2017  04:57 PM            50,688 mmcss.sys
03/18/2017  04:57 PM            42,496 modem.sys
03/18/2017  04:56 PM            39,424 monitor.sys
03/18/2017  04:56 PM            60,320 mouclass.sys
03/18/2017  04:56 PM            33,280 mouhid.sys
03/18/2017  04:57 PM           105,880 mountmgr.sys
03/18/2017  04:58 PM            76,800 mpsdrv.sys
03/18/2017  04:57 PM           144,384 mrxdav.sys
03/18/2017  04:57 PM           467,352 mrxsmb.sys
07/17/2017  10:18 AM           285,696 mrxsmb10.sys
07/17/2017  10:18 AM           228,256 mrxsmb20.sys
03/18/2017  04:57 PM            31,744 msfs.sys
07/16/2016  07:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  04:57 PM           169,888 msgpioclx.sys
03/18/2017  04:56 PM            49,056 msgpiowin32.sys
03/18/2017  04:57 PM             8,704 mshidkmdf.sys
03/18/2017  04:57 PM            12,288 mshidumdf.sys
03/18/2017  04:56 PM            19,352 msisadrv.sys
07/28/2017  01:20 AM           279,968 msiscsi.sys
07/17/2017  10:18 AM            32,768 mskssrv.sys
03/18/2017  04:57 PM            83,456 mslldp.sys
03/18/2017  04:58 PM            10,752 mspclock.sys
03/18/2017  04:58 PM            10,752 mspqm.sys
03/18/2017  04:57 PM           367,000 msrpc.sys
03/18/2017  04:56 PM            44,960 mssmbios.sys
03/18/2017  04:58 PM            12,800 mstee.sys
03/18/2017  04:56 PM            16,896 MTConfig.sys
03/18/2017  04:57 PM           123,808 mup.sys
03/18/2017  04:56 PM            63,904 mvumis.sys
03/18/2017  04:56 PM           108,960 ndfltr.sys
07/17/2017  10:17 AM         1,242,528 ndis.sys
03/18/2017  04:57 PM            50,688 ndiscap.sys
03/18/2017  04:57 PM           128,512 NdisImPlatform.sys
03/18/2017  04:58 PM            27,136 ndistapi.sys
09/03/2013  08:56 PM            80,160 ndistpr64.sys
03/18/2017  04:58 PM            65,536 ndisuio.sys
03/18/2017  04:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  04:58 PM           192,000 ndiswan.sys
03/18/2017  04:58 PM            62,464 ndproxy.sys
03/18/2017  04:58 PM           127,488 Ndu.sys
03/18/2017  04:57 PM           122,368 NetAdapterCx.sys
03/18/2017  04:57 PM            57,760 netbios.sys
03/18/2017  04:57 PM           305,152 netbt.sys
07/17/2017  10:17 AM           519,584 netio.sys
07/17/2017  10:03 AM           118,784 netvsc.sys
03/18/2017  04:57 PM            69,120 npfs.sys
03/18/2017  04:56 PM            27,136 npsvctrig.sys
03/18/2017  04:57 PM            41,984 nsiproxy.sys
07/28/2017  01:24 AM         2,327,456 ntfs.sys
03/18/2017  04:57 PM            20,376 ntosext.sys
03/18/2017  04:57 PM             7,680 null.sys
03/18/2017  04:56 PM            80,896 nvdimmn.sys
03/18/2017  04:56 PM           150,432 nvraid.sys
03/18/2017  04:56 PM           166,304 nvstor.sys
03/18/2017  04:58 PM           549,888 nwifi.sys
12/25/2015  04:22 PM             2,171 OrVerbs.ini
03/18/2017  04:57 PM           152,992 pacer.sys
03/18/2017  04:56 PM            97,792 parport.sys
03/18/2017  04:57 PM           159,648 partmgr.sys
03/18/2017  04:56 PM           353,696 pci.sys
03/18/2017  04:56 PM            16,800 pciide.sys
03/18/2017  04:56 PM            53,656 pciidex.sys
03/18/2017  04:56 PM           120,224 pcmcia.sys
03/18/2017  04:57 PM            52,640 pcw.sys
07/17/2017  10:18 AM           117,664 pdc.sys
03/18/2017  04:58 PM           741,376 PEAuth.sys
03/18/2017  04:56 PM            58,784 percsas2i.sys
03/18/2017  04:56 PM            61,848 percsas3i.sys
03/18/2017  04:56 PM           101,376 pmem.sys
03/18/2017  04:56 PM           373,248 portcls.sys
03/18/2017  04:56 PM           172,032 processr.sys
03/18/2017  04:57 PM            49,664 qwavedrv.sys
03/18/2017  04:57 PM            17,920 rasacd.sys
03/18/2017  04:58 PM           107,008 rasl2tp.sys
03/18/2017  04:57 PM            81,920 raspppoe.sys
03/18/2017  04:58 PM            97,792 raspptp.sys
03/18/2017  04:58 PM            79,872 rassstp.sys
03/18/2017  04:57 PM           434,080 rdbss.sys
03/18/2017  10:31 PM            27,136 rdpbus.sys
03/18/2017  10:31 PM           183,296 rdpdr.sys
03/18/2017  10:31 PM            30,624 rdpvideominiport.sys
03/18/2017  04:57 PM           282,528 rdyboost.sys
03/18/2017  04:57 PM         1,735,584 refs.sys
03/18/2017  04:57 PM           936,864 refsv1.sys
03/18/2017  04:57 PM            14,336 registry.sys
07/31/2017  09:41 PM           180,736 rfcomm.sys
03/18/2017  04:56 PM            40,960 RfxVmt.sys
03/18/2017  04:57 PM           150,016 rmcast.sys
03/18/2017  04:57 PM            34,816 RNDISMP.sys
07/17/2017  10:03 AM            13,312 rootmdm.sys
03/18/2017  04:58 PM            82,432 rspndr.sys
05/27/2015  02:13 AM           402,136 RtsUer.sys
09/30/2013  02:54 PM             1,520 SamSfPa.dat
03/18/2017  04:56 PM           110,496 sbp2port.sys
03/18/2017  04:57 PM            43,520 scfilter.sys
03/18/2017  04:56 PM            91,040 scmbus.sys
03/18/2017  04:57 PM           175,520 scsiport.sys
07/17/2017  10:03 AM           287,648 sdbus.sys
03/18/2017  04:56 PM            31,128 SDFRd.sys
03/18/2017  04:56 PM            98,208 sdport.sys
03/18/2017  04:56 PM            94,624 sdstor.sys
10/18/2016  05:14 PM            21,984 semav6msr64.sys
03/18/2017  04:57 PM            75,680 SerCx.sys
03/18/2017  04:57 PM           154,016 SerCx2.sys
03/18/2017  04:56 PM            26,112 serenum.sys
03/18/2017  04:56 PM            84,480 serial.sys
03/18/2017  04:56 PM            28,672 sermouse.sys
03/18/2017  04:56 PM            18,432 sfloppy.sys
03/18/2017  04:56 PM            44,960 sisraid2.sys
03/18/2017  04:56 PM            81,824 sisraid4.sys
03/18/2017  04:58 PM            32,672 SleepStudyHelper.sys
07/27/2015  03:30 AM            42,184 Smb_driver_AMDASF_Aux.sys
07/27/2015  03:30 AM            42,696 Smb_driver_Intel.sys
07/27/2015  03:30 AM            42,696 Smb_driver_Intel_Aux.sys
03/18/2017  04:57 PM            21,504 smclib.sys
03/18/2017  04:56 PM           167,328 spacedump.sys
03/18/2017  04:56 PM           587,168 spaceport.sys
03/18/2017  10:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  04:57 PM            80,288 SpbCx.sys
12/25/2015  04:22 PM             3,027 SPKVol.ini
04/29/2016  07:11 AM           810,544 SPUVCBv64.sys
06/22/2015  05:34 AM           744,928 SPUVCBv_x64.sys
07/17/2017  10:03 AM           414,208 srv.sys
07/17/2017  10:03 AM           722,944 srv2.sys
03/18/2017  04:57 PM           255,488 srvnet.sys
03/18/2017  04:56 PM            31,136 stexstor.sys
07/17/2017  10:03 AM           144,288 storahci.sys
03/18/2017  04:56 PM            95,648 stornvme.sys
07/17/2017  10:03 AM           546,208 storport.sys
03/18/2017  04:58 PM            79,872 storqosflt.sys
03/18/2017  04:56 PM            36,760 storufs.sys
03/18/2017  04:56 PM            36,768 storvsc.sys
03/18/2017  04:57 PM            75,776 stream.sys
03/18/2017  04:56 PM            18,336 swenum.sys
05/25/2017  08:16 PM            89,688 SynHidI2C_Aux.sys
03/18/2017  04:56 PM            64,512 Synth3dVsc.sys
07/27/2015  03:30 AM           618,696 SynTP.sys
03/18/2017  04:57 PM            31,232 tape.sys
03/18/2017  04:57 PM            28,064 tbs.sys
07/28/2017  01:10 AM         2,679,200 tcpip.sys
03/18/2017  04:57 PM            51,712 tcpipreg.sys
03/18/2017  04:57 PM            40,352 tdi.sys
07/31/2017  10:36 PM           119,712 tdx.sys
03/18/2017  10:31 PM            37,280 terminpt.sys
07/17/2017  10:03 AM           130,464 tm.sys
07/17/2017  10:03 AM           219,040 tpm.sys
03/18/2017  04:56 PM            61,440 TsUsbFlt.sys
03/18/2017  04:56 PM            35,328 TsUsbGD.sys
03/18/2017  04:58 PM           162,304 tunnel.sys
11/10/2016  07:31 PM           148,240 TXEIx64.sys
03/18/2017  04:56 PM            78,752 uaspstor.sys
03/18/2017  04:58 PM           104,448 UcmCx.sys
03/18/2017  04:58 PM           179,200 UcmTcpciCx.sys
07/28/2017  12:27 AM            51,712 UcmUcsi.sys
03/18/2017  04:56 PM           213,920 Ucx01000.sys
03/18/2017  04:56 PM            45,568 Udecx.sys
03/18/2017  04:57 PM           324,096 udfs.sys
03/18/2017  04:56 PM            29,600 uefi.sys
03/18/2017  04:58 PM           263,584 ufx01000.sys
03/18/2017  04:56 PM            98,712 UfxChipidea.sys
03/18/2017  04:56 PM           138,656 ufxsynopsys.sys
03/18/2017  04:56 PM            57,856 umbus.sys
08/11/2017  11:15 AM    <DIR>          UMDF
03/18/2017  04:56 PM            14,336 umpass.sys
03/18/2017  04:56 PM            29,600 urschipidea.sys
03/18/2017  04:58 PM            59,288 urscx01000.sys
03/18/2017  04:56 PM            28,064 urssynopsys.sys
03/18/2017  04:57 PM            23,040 usb8023.sys
03/18/2017  04:57 PM            37,888 USBCAMD2.sys
03/18/2017  04:56 PM           173,984 usbccgp.sys
03/18/2017  04:56 PM           103,424 usbcir.sys
03/18/2017  04:56 PM            32,160 usbd.sys
03/18/2017  04:56 PM            98,200 usbehci.sys
03/18/2017  04:56 PM           511,904 usbhub.sys
07/28/2017  01:15 AM           554,400 USBHUB3.SYS
03/18/2017  04:56 PM            30,720 usbohci.sys
03/18/2017  04:56 PM           466,336 usbport.sys
03/18/2017  04:56 PM            27,136 usbprint.sys
03/18/2017  04:56 PM            32,768 usbrpm.sys
03/18/2017  04:56 PM            71,680 usbser.sys
03/18/2017  04:56 PM           131,488 USBSTOR.SYS
03/18/2017  04:56 PM            35,328 usbuhci.sys
07/17/2017  10:17 AM           264,192 usbvideo.sys
07/17/2017  10:03 AM           388,000 USBXHCI.SYS
03/18/2017  04:56 PM            54,176 vdrvroot.sys
03/18/2017  04:57 PM           215,456 VerifierExt.sys
07/17/2017  10:03 AM           730,016 vhdmp.sys
03/18/2017  04:56 PM            35,328 vhf.sys
03/18/2017  04:57 PM            49,664 videoprt.sys
09/08/2017  08:58 AM            55,168 viyljgso.sys
07/31/2017  10:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:44 PM            83,968 vmbkmclr.sys
03/18/2017  04:56 PM           107,424 vmbus.sys
03/18/2017  04:56 PM            25,088 VMBusHID.sys
09/30/2016  01:12 AM           105,024 vmci.sys
03/18/2017  04:56 PM            13,824 vmgencounter.sys
03/18/2017  04:56 PM            10,240 vmgid.sys
11/11/2016  11:16 PM            52,288 vmkbd.sys
03/18/2017  04:56 PM             9,216 vms3cap.sys
03/18/2017  04:56 PM            47,520 vmstorfl.sys
03/18/2017  04:56 PM            83,360 volmgr.sys
03/18/2017  04:57 PM           373,664 volmgrx.sys
03/18/2017  04:57 PM           397,216 volsnap.sys
03/18/2017  04:56 PM            16,288 volume.sys
03/18/2017  04:56 PM            74,656 vpci.sys
03/18/2017  04:56 PM           166,816 vsmraid.sys
03/18/2017  04:56 PM           305,568 VSTXRAID.SYS
03/18/2017  04:58 PM            27,136 vwifibus.sys
03/18/2017  04:58 PM            77,312 vwififlt.sys
03/18/2017  04:58 PM            41,472 vwifimp.sys
03/18/2017  04:56 PM            30,720 wacompen.sys
03/18/2017  04:58 PM            81,408 wanarp.sys
03/18/2017  04:57 PM            55,808 watchdog.sys
07/17/2017  10:17 AM           142,752 wcifs.sys
03/18/2017  04:57 PM            72,192 wcnfs.sys
03/18/2017  04:56 PM            44,632 WdBoot.sys
03/18/2017  04:57 PM           902,376 Wdf01000.sys
06/18/2013  08:34 AM         1,795,952 WdfCoInstaller01011.dll
03/18/2017  04:56 PM           294,816 WdFilter.sys
03/18/2017  04:57 PM            61,672 WdfLdr.sys
07/17/2017  10:18 AM           757,248 WdiWiFi.sys
03/18/2017  04:56 PM           121,248 WdNisDrv.sys
03/18/2017  04:57 PM            46,488 werkernel.sys
03/18/2017  04:57 PM           164,768 wfplwfs.sys
03/18/2017  04:57 PM            35,744 wimmount.sys
03/18/2017  04:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  04:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  04:56 PM            31,648 winhv.sys
03/18/2017  04:57 PM            55,296 winhvr.sys
03/18/2017  04:56 PM            32,160 winmad.sys
03/18/2017  04:58 PM           217,088 winnat.sys
03/18/2017  04:56 PM            90,112 winusb.sys
03/18/2017  04:56 PM            64,920 winverbs.sys
03/18/2017  04:56 PM            18,432 wmiacpi.sys
03/18/2017  04:57 PM            20,384 wmilib.sys
03/18/2017  04:57 PM           208,288 wof.sys
03/18/2017  04:59 PM            30,624 WpdUpFltr.sys
03/18/2017  04:57 PM            33,184 WppRecorder.sys
03/18/2017  04:57 PM            23,552 ws2ifsl.sys
03/18/2017  04:57 PM           100,864 WUDFPf.sys
03/18/2017  04:57 PM           220,672 WUDFRd.sys
07/17/2017  10:03 AM           277,504 xboxgip.sys
03/18/2017  04:56 PM            46,592 xinputhid.sys
             432 File(s)     90,967,201 bytes
               5 Dir(s)  141,368,311,808 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:52:02 ====


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 12 September 2017 - 06:17 PM

Good, and follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 SilasTheVirus

SilasTheVirus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 12 September 2017 - 07:30 PM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2017

Ran by Jeff (administrator) on DESKTOP-RVJE9AO (12-09-2017 20:20:00)
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Windows\Runservice.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\update\UpdateAgent.exe
() C:\Windows\System32\tprdpw64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe
() C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Jeff\AppData\Roaming\Microsoft\Protect\779e2853-6a47-4203-85d4-c865fc83caa6.rs" <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Jeff\AppData\Roaming\Microsoft\Protect\779e2853-6a47-4203-85d4-c865fc83caa6.rs" <==== ATTENTION
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Jeff\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Jeff\AppData\Roaming\Microsoft\Protect\779e2853-6a47-4203-85d4-c865fc83caa6.rs" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Jeff\AppData\Roaming\Microsoft\Protect\779e2853-6a47-4203-85d4-c865fc83caa6.rs" <==== ATTENTION
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-01-18]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.255.0.43 207.255.0.45
Tcpip\..\Interfaces\{05180d8e-7b32-4e02-84c9-f3375dd043a9}: [DhcpNameServer] 150.202.1.3
Tcpip\..\Interfaces\{2f40f912-7df8-468a-aa9c-a833a2aa8470}: [DhcpNameServer] 207.255.0.43 207.255.0.45
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3212995096-598237001-345577293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131452146166478371&GUID=47CA05EB-8B4B-4EA2-AD13-2E602FDA05D8
SearchScopes: HKU\S-1-5-21-3212995096-598237001-345577293-1001 -> DefaultScope {7551E283-A18D-411F-80EA-016DE3C1E344} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-03] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2017-06-12] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2017-06-12] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-03] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: j70n7u4d.default
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default [2017-08-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\j70n7u4d.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\j70n7u4d.default -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\j70n7u4d.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\j70n7u4d.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\j70n7u4d.default -> google.com
FF Extension: (Cleanest Addon Manager) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\cam@sdrocking.com.xpi [2016-12-14]
FF Extension: (Enhancer for YouTube™) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-08-25]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-08-14]
FF Extension: (Memory Restart) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\memoryrestart@teamextension.com.xpi [2016-12-21]
FF Extension: (YouTube Plus) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\particle@particlecore.github.io.xpi [2017-08-14]
FF Extension: (Youtube Watchmarker) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\yourect@coderect.com.xpi [2017-05-26]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (Adblock Plus) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF SearchPlugin: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\j70n7u4d.default\searchplugins\bing-.xml [2015-12-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2017-06-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2017-06-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2007-04-30] (Adobe Systems, Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "about:blank"
CHR NewTab: Default ->  Not-active:"chrome-extension://dbfmnekepjoapopniengjbcpnbljalfg/index.html"
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default [2017-09-12]
CHR Extension: (Google Translate) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-08-07]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-09]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-09]
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2017-09-04]
CHR Extension: (Always Clear Downloads) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbmgiffkljiglnpdbljhlenaikojapc [2017-09-09]
CHR Extension: (Search by Image (by Google)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-08-07]
CHR Extension: (Infinity New Tab) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2017-09-04]
CHR Extension: (HoverCards) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dighmiipfpfdfbfmpodcmfdgkkcakbco [2017-09-01]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2017-07-27]
CHR Extension: (Toolkit For Facebook) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcachklhcihfinmagjnlomehfdhndhep [2017-07-26]
CHR Extension: (HTTPS Everywhere) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-08-31]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-07-31]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-31]
CHR Extension: (Netflix Categories) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnbopcabgddpanjmeabponnjngbmemml [2017-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Material Dark) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\npadhaijchjemiifipabpmeebeelbmpd [2017-07-26]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-07-27]
CHR Extension: (Oddshot) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja [2017-08-19]
CHR Extension: (Flash Blocker Strict) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\opbkpfcicbflpiijbbdfeemknphkplib [2017-07-27]
CHR Extension: (Data Saver) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-07-27]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-09]
CHR Extension: (Google Similar Pages) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2017-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
CHR Extension: (Enhancer for YouTube™) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2017-09-05]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-08-28] (Microsoft Corporation)
R2 Dataup; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-05-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328616 2015-09-24] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Corporation)
R2 LicCtrlService; C:\WINDOWS\runservice.exe [2560 2016-04-30] () [File not signed]
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-09-03] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-17] (Microsoft Corporation)
S2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [30480 2015-07-06] (Lenovo)
S2 windowsmanagementservice; C:\Users\Jeff\AppData\Local\nyzprg\ckwiipbl\ct.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2017-05-25] (Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [609696 2017-05-25] (Qualcomm)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-05-26] (Intel Corporation)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [80160 2013-09-03] () [File not signed] <==== ATTENTION
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-06-15] (Disc Soft Ltd)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-06-13] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-05-26] (Intel Corporation)
S1 hqujrbea; C:\WINDOWS\system32\drivers\hqujrbea.sys [55168 2017-08-29] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-10] (REALiX™)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [194776 2017-09-07] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2016-11-10] (Intel® Corporation)
S1 mcpixfix; C:\WINDOWS\system32\drivers\mcpixfix.sys [55168 2017-09-11] (Microsoft Corporation)
R1 MpKslba7c294e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78275B69-79FB-4A7C-9B31-8D39FF9439C9}\MpKslba7c294e.sys [44928 2017-09-12] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-27] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [810544 2016-04-29] (Sunplus Innovation Technology Inc.)
S3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [148240 2016-11-10] (Intel Corporation)
S1 viyljgso; C:\WINDOWS\system32\drivers\viyljgso.sys [55168 2017-09-08] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 enflcuip; \??\C:\WINDOWS\system32\drivers\enflcuip.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-12 20:20 - 2017-09-12 20:22 - 000022391 _____ C:\Users\Jeff\Desktop\FRST.txt
2017-09-12 18:52 - 2017-09-12 18:52 - 000029504 _____ C:\Users\Jeff\Desktop\Fixlog.txt
2017-09-12 18:51 - 2017-09-12 20:20 - 000000000 ____D C:\FRST
2017-09-12 18:51 - 2017-09-12 18:51 - 002397184 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2017-09-11 21:47 - 2017-09-11 21:47 - 000055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcpixfix.sys
2017-09-11 18:54 - 2017-09-11 18:54 - 000000000 ____D C:\Users\Jeff\AppData\Local\AutoIt v3
2017-09-11 18:51 - 2017-09-11 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2017-09-11 18:51 - 2017-09-11 18:51 - 000000000 ____D C:\Program Files (x86)\AutoIt3
2017-09-08 08:58 - 2017-09-08 08:58 - 000055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viyljgso.sys
2017-09-07 14:45 - 2017-09-07 14:45 - 000194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-07 14:20 - 2017-09-07 14:22 - 000000000 ____D C:\Users\Jeff\AppData\Local\ApplicationHistory
2017-09-07 14:20 - 2017-09-07 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-05 19:12 - 2017-09-05 19:13 - 000000084 _____ C:\Users\Jeff\Desktop\Greatest Individual TV Seasons.txt
2017-09-05 16:32 - 2017-09-12 12:29 - 000000000 ____D C:\Users\Jeff\AppData\LocalLow\BitTorrent
2017-09-02 11:59 - 2017-09-02 11:59 - 000000000 ____D C:\Users\Jeff\AppData\Local\SWTOR
2017-09-01 23:26 - 2017-09-01 23:26 - 000000000 ____D C:\Users\Public\Documents\BitRaider
2017-09-01 23:26 - 2017-09-01 23:26 - 000000000 ____D C:\Users\Jeff\AppData\Local\SWTORPerf
2017-09-01 23:12 - 2017-09-01 23:12 - 000000000 ____D C:\Users\Jeff\AppData\Local\The Lord of the Rings Online
2017-09-01 19:17 - 2017-09-01 19:17 - 000000120 _____ C:\Users\Jeff\Desktop\MMORPGs to Try.txt
2017-09-01 19:05 - 2017-09-01 19:05 - 000000000 ____D C:\Users\Jeff\AppData\Local\CrashRpt
2017-09-01 19:00 - 2017-09-01 19:00 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outerra
2017-09-01 18:59 - 2017-09-01 19:05 - 000000000 ____D C:\Users\Jeff\Outerra
2017-09-01 18:57 - 2017-09-01 18:57 - 000000000 ____D C:\Program Files (x86)\Outerra
2017-09-01 17:27 - 2017-09-07 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StandingStoneGames
2017-09-01 17:27 - 2017-09-07 14:23 - 000000000 ____D C:\Program Files (x86)\StandingStoneGames
2017-09-01 17:26 - 2017-09-01 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2017-09-01 17:25 - 2017-09-01 17:26 - 000000000 _____ C:\end
2017-09-01 17:25 - 2017-09-01 17:25 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2017-09-01 17:14 - 2017-09-01 17:14 - 000001131 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-09-01 17:14 - 2017-09-01 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-09-01 17:14 - 2017-09-01 17:14 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-09-01 15:37 - 2017-09-07 14:21 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-01 15:10 - 2017-09-07 14:22 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-01 15:10 - 2017-09-01 15:10 - 000001039 _____ C:\Users\Public\Desktop\Steam.lnk
2017-09-01 15:10 - 2017-09-01 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-01 13:09 - 2017-09-01 14:16 - 000000000 ____D C:\Users\Jeff\Downloads\The Elder Scrolls Online
2017-08-31 13:32 - 2017-08-31 13:32 - 000000290 _____ C:\Users\Jeff\Desktop\DC Rebirth comics to read.txt
2017-08-29 10:34 - 2017-08-29 10:34 - 000055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hqujrbea.sys
2017-08-25 08:39 - 2017-08-29 18:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 08:39 - 2017-08-25 08:39 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-25 08:39 - 2017-08-25 08:39 - 000001000 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-25 08:38 - 2017-08-29 18:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-23 20:44 - 2017-08-23 20:44 - 000002436 _____ C:\Users\Jeff\Desktop\Skyrim (SKSE).lnk
2017-08-23 20:43 - 2017-08-23 20:43 - 000000000 ____D C:\Users\Jeff\AppData\Local\Nexus
2017-08-23 20:14 - 2017-08-23 20:14 - 000001477 _____ C:\Users\Public\Desktop\Elder Scrolls V Skyrim Legenday Edition.lnk
2017-08-23 19:40 - 2017-08-23 19:40 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2017-08-21 15:02 - 2017-08-21 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor Identification Utility
2017-08-21 09:58 - 2017-09-07 14:09 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2017-08-21 02:02 - 2017-07-12 18:40 - 000126064 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2017-08-21 01:53 - 2017-08-21 01:53 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\JetBrains
2017-08-21 01:51 - 2017-08-21 01:51 - 000000000 ____D C:\Users\Jeff\.AndroidStudio2.3
2017-08-21 01:44 - 2017-08-21 01:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2017-08-21 01:06 - 2017-08-23 18:05 - 000000000 ____D C:\Users\Jeff\AppData\Local\Android
2017-08-21 00:59 - 2017-08-23 17:58 - 000000000 ____D C:\Program Files\Android
2017-08-21 00:37 - 2017-08-21 00:37 - 000000000 ____D C:\Users\Public\Thunder Network
2017-08-21 00:37 - 2017-08-21 00:37 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\HaiYuInst
2017-08-21 00:37 - 2017-08-21 00:37 - 000000000 ____D C:\ProgramData\Thunder Network
2017-08-21 00:28 - 2017-08-21 00:28 - 000000000 ____D C:\Program Files\Andy
2017-08-14 17:13 - 2017-08-14 17:13 - 000000258 __RSH C:\ProgramData\ntuser.pol
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-12 20:12 - 2017-07-17 07:08 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D2E3BC59-4EFB-4A22-883B-A2CF38AD0FCD}
2017-09-12 18:51 - 2016-01-02 21:11 - 000000000 ___RD C:\Users\Jeff\Desktop\New bleep
2017-09-12 18:46 - 2017-07-17 06:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-12 18:45 - 2015-12-28 04:39 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
2017-09-12 15:54 - 2017-07-23 13:24 - 000003330 _____ C:\WINDOWS\System32\Tasks\IORRT
2017-09-12 12:29 - 2015-12-25 19:05 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\BitTorrent
2017-09-12 10:18 - 2015-12-31 12:59 - 000000853 _____ C:\Users\Jeff\Desktop\To Do.txt
2017-09-12 09:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-11 20:45 - 2017-07-14 12:43 - 000000000 ____D C:\Users\Jeff\AppData\Local\ClassicShell
2017-09-11 19:25 - 2017-07-23 14:28 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-11 18:51 - 2015-10-30 05:07 - 000000000 ____D C:\WINDOWS\ShellNew
2017-09-11 11:42 - 2017-06-30 12:55 - 000000000 ____D C:\Program Files (x86)\Fallout New Vegas Ultimate Edition
2017-09-11 11:30 - 2017-07-17 06:39 - 000000000 ____D C:\Users\Jeff
2017-09-11 11:27 - 2015-12-25 14:53 - 000000000 __SHD C:\Users\Jeff\IntelGraphicsProfiles
2017-09-10 15:26 - 2017-01-06 12:37 - 000000000 ____D C:\Users\Jeff\AppData\Local\LOOT
2017-09-08 16:43 - 2016-11-14 23:59 - 000002146 _____ C:\Users\Jeff\Desktop\statuses.txt
2017-09-07 14:45 - 2017-07-23 14:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-07 14:09 - 2017-08-04 11:53 - 000000000 ____D C:\Users\Jeff\AppData\Local\Bluestacks
2017-09-05 23:52 - 2017-07-22 11:56 - 000000000 ____D C:\Users\Jeff\AppData\Local\ntuserlitelist
2017-09-05 10:26 - 2016-07-21 18:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-03 09:12 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-01 23:26 - 2016-10-27 14:25 - 000000392 _____ C:\Users\Jeff\Desktop\EMAILS.txt
2017-09-01 19:19 - 2017-06-23 16:24 - 000000000 ____D C:\Users\Jeff\AppData\Local\Fallout3
2017-09-01 19:08 - 2016-12-12 16:44 - 000000000 ____D C:\Users\Jeff\AppData\Local\Turbine
2017-09-01 18:58 - 2017-06-23 15:58 - 000000000 ____D C:\Program Files (x86)\Fallout 3 GOTY
2017-08-26 10:43 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-25 14:00 - 2017-06-30 17:41 - 000000000 ____D C:\Users\Jeff\AppData\Local\FalloutNV
2017-08-25 13:51 - 2017-07-17 07:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-25 07:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-24 17:41 - 2016-07-29 13:36 - 000000000 ____D C:\Users\Jeff\Documents\My Games
2017-08-23 20:14 - 2017-06-23 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-08-23 18:05 - 2017-08-09 12:46 - 000000000 ____D C:\Users\Jeff\.android
2017-08-23 13:53 - 2017-01-08 13:56 - 000000938 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-08-23 13:53 - 2017-01-08 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-08-23 13:53 - 2017-01-08 13:56 - 000000000 ____D C:\Program Files\Nexus Mod Manager
2017-08-23 13:43 - 2016-12-31 14:29 - 000000000 ____D C:\Users\Jeff\AppData\Local\Skyrim Special Edition
2017-08-23 13:18 - 2017-06-15 14:09 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\DAEMON Tools Lite
2017-08-23 08:29 - 2017-07-17 07:06 - 002497902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-21 15:41 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-21 02:02 - 2017-07-17 06:37 - 000000000 ____D C:\Program Files\Intel
2017-08-17 19:46 - 2016-01-04 12:37 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-17 19:06 - 2017-01-14 22:17 - 000000000 ____D C:\Users\Jeff\AppData\Local\ElevatedDiagnostics
2017-08-17 18:20 - 2017-01-08 00:34 - 000000171 _____ C:\Users\Jeff\Desktop\Flickchart Charts.txt
2017-08-17 17:59 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-15 21:38 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-14 17:13 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-14 17:13 - 2015-07-10 07:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
 
==================== Files in the root of some directories =======
 
2017-08-21 00:37 - 2017-08-21 00:38 - 000001380 _____ () C:\Users\Jeff\AppData\Roaming\droid4xinstaller.log
2015-12-30 18:05 - 2016-02-20 21:39 - 000000668 _____ () C:\Users\Jeff\AppData\Roaming\fastboot.log
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Jeff\AppData\Local\report
2017-07-22 11:53 - 2017-07-22 11:53 - 000003072 _____ () C:\Users\Jeff\AppData\Local\uninstallce.exe
2017-06-18 15:52 - 2017-06-18 15:52 - 000030029 _____ () C:\ProgramData\agent.uninstall.1497815528.bdinstall.bin
2017-07-17 06:34 - 2017-07-17 06:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-09-07 14:08 - 2017-08-16 07:31 - 000838200 _____ (BlueStack Systems, Inc.) C:\Users\Jeff\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-08-09 13:10 - 2016-09-21 07:02 - 000966168 _____ (BlueStack Systems, Inc.) C:\Users\Jeff\AppData\Local\Temp\BluestacksUninstaller.exe
2017-09-07 14:22 - 2017-09-07 14:22 - 000363208 _____ (BitRaider, LLC) C:\Users\Jeff\AppData\Local\Temp\BRSVC_1125133000_hlp.exe
2017-08-09 13:10 - 2016-09-21 07:01 - 000187416 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-LibraryHandler.dll
2017-08-09 13:10 - 2016-09-21 06:59 - 000246808 _____ (BlueStack Systems) C:\Users\Jeff\AppData\Local\Temp\HD-Logger-Native.dll
2017-09-07 14:08 - 2017-08-16 07:30 - 000421400 _____ (CodeTitans) C:\Users\Jeff\AppData\Local\Temp\JSON.dll
2017-08-23 13:52 - 2017-08-23 13:52 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\Jeff\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
2017-08-09 13:54 - 2017-08-09 13:54 - 001214528 _____ (Andy OS, inc.) C:\Users\Jeff\AppData\Local\Temp\SetAPK.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-07 09:27
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2017
Ran by Jeff (12-09-2017 20:23:26)
Running from C:\Users\Jeff\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-17 11:17:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3212995096-598237001-345577293-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3212995096-598237001-345577293-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-3212995096-598237001-345577293-503 - Limited - Disabled)
Guest (S-1-5-21-3212995096-598237001-345577293-501 - Limited - Disabled)
Jeff (S-1-5-21-3212995096-598237001-345577293-1001 - Administrator - Enabled) => C:\Users\Jeff
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
BitTorrent (HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Components (HKLM-x32\...\{1720B0E0-C520-43A6-B677-97A1D80F3B99}) (Version: 1.0.023.00 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Crusader Kings II Conclave (HKLM-x32\...\Crusader Kings II Conclave_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DragonBoost (HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\119) (Version:  - ) <==== ATTENTION
Europa Universalis IV Third Rome (HKLM-x32\...\Europa Universalis IV Third Rome_is1) (Version:  - )
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Fallout 3 GOTY version 1.7.0.3 (HKLM-x32\...\Fallout 3 GOTY_is1) (Version: 1.7.0.3 - Mr DJ)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FOOK2 (HKLM-x32\...\FOOK2 v1.0) (Version: v1.0 - FOOK Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{22676F90-06C7-4DC0-96C2-FAE79AB306F4}) (Version: 6.2.0 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.5.22 - SunplusIT)
LOOT version 0.10.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.10.2 - LOOT Team)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version:  - Electronic Arts)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8326.2096 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.3 (x64 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2096 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.1 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
SciTE4AutoIt3 17.224.935.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 17.224.935.0 - Jos van der Zande)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Updated Unofficial Fallout 3 Patch v2.3.2 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 2.3.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3212995096-598237001-345577293-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-24] (Intel Corporation)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1476C35D-DBD4-409E-B647-9392D8A6FD93} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {247196A9-A5FF-458C-B4D3-EFFC0207AE1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {2BBF20F3-0D5D-4514-90C6-B5366A23EAD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {2FFB3DE2-5F91-4534-A372-D3B83A3BB89F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {3CD2B0D4-65DB-462C-BAEF-1DBA6BA8685E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.)
Task: {8976190B-02B4-48CB-8E3D-A678F3E61DBE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-28] (Microsoft Corporation)
Task: {9D31070C-4888-4923-8E87-34BCF9D3831F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.)
Task: {9FE0DAD7-37AE-4EEC-950E-510E54305763} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {AF3DEF8F-37FE-4817-B551-33D7EAF6CCCB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {B83B84CA-7A04-4DBB-823F-7FCF66264E7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-03] (Microsoft Corporation)
Task: {D95551A2-E11F-4642-8293-59B53AF530DB} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2017-01-29] () <==== ATTENTION
Task: {E6E40D2E-9589-463F-976E-F4982AB31D94} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {ECCAE866-7530-44BA-A20A-23C29D4A957A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-03] ()
Task: {F2FB2959-294E-4F6C-9B7E-C3C4D808B170} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2017-01-29] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-30 11:39 - 2016-04-30 11:39 - 000002560 _____ () C:\WINDOWS\runservice.exe
2015-09-03 04:14 - 2015-09-03 04:14 - 000226216 _____ () C:\Program Files\update\UpdateAgent.exe
2017-05-03 17:11 - 2017-05-03 17:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-20 20:33 - 2017-09-03 09:03 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 000884224 _____ () C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-21 16:28 - 2017-04-21 16:28 - 001080832 ____N () C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-07-26 11:16 - 2017-07-25 03:42 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libglesv2.dll
2017-07-26 11:16 - 2017-07-25 03:42 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libegl.dll
2016-04-30 11:39 - 2016-04-30 11:39 - 000045056 _____ () C:\WINDOWS\mmfs.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 053460992 _____ () C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hqujrbea.sys:changelist [782]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mcpixfix.sys:changelist [1670]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\viyljgso.sys:changelist [388]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2017-07-23 13:34 - 000001153 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
0.0.0.0                   keystone.mwbsys.com
0.0.0.0                   telemetry.malwarebytes.com
0.0.0.0 keystone.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3212995096-598237001-345577293-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\Desktop\New bleep\Pics\morain lake.jpg
DNS Servers: 207.255.0.43 - 207.255.0.45
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3212995096-598237001-345577293-1001\...\StartupApproved\Run: => "direct"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E92A9BC0-F2D3-4C96-9A32-E115A0D9664D}] => (Allow) C:\Program Files (x86)\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{AA37020F-50CB-446F-89A4-CC0FCAFD3F18}] => (Allow) C:\Program Files (x86)\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{34D46AAC-C952-465F-8937-B85A24CBD6A8}] => (Allow) C:\Program Files (x86)\Fallout 3 GOTY\FalloutLauncher.exe
FirewallRules: [{25C3E17D-3376-4060-9C7A-9C8500175698}] => (Allow) C:\Program Files (x86)\Fallout 3 GOTY\FalloutLauncher.exe
FirewallRules: [{4826688E-7972-4B15-BBC7-0F29EAC9AC21}] => (Allow) C:\Program Files (x86)\Fallout 3 GOTY\GeMM\fomm.exe
FirewallRules: [{5EBFC630-572C-484A-86C6-E5CCC2FEFF18}] => (Allow) C:\Program Files (x86)\Fallout 3 GOTY\GeMM\fomm.exe
FirewallRules: [UDP Query User{A15D8028-BD95-4DDF-9F42-2B6C4CDD22F6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D24C19F5-9D97-4F63-93E3-6928F9B47E62}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4127F895-D78A-4EAF-AB8E-1D15B48AA3AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DC905F49-3308-4BB5-BA74-58558594AD0F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{324B9B5E-59DF-4C82-BED2-F930DF757E09}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5DCE6BAC-E4B8-492F-9BCB-BB53EE9FD9C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5B1C8264-0763-4762-92C8-4AF56E4468DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{6D7DC74F-DF72-478E-A0C1-911F91C18512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{7DB72878-2E9F-4988-98A8-52AB36B915BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7733293B-CEC9-4FEC-8091-0FAD9B422EC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A4795AE2-6AFA-4964-A2C4-D6939242C732}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{56E7612A-40D7-42AC-AD01-08FA346B3B1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C8216C98-1526-47F7-BB5F-D7D2D7AB4193}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{531D9A2E-902C-48F6-AD15-C8A722C80E08}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{BAA76EAF-61F8-404D-A6F0-5EBAC88B0DEE}C:\users\jeff\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\jeff\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [TCP Query User{EC57A68F-96E9-4C4D-9BA8-72EF89EB6A1D}C:\users\jeff\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\jeff\appdata\roaming\bittorrent\updates\7.9.9_42974.exe
FirewallRules: [{69F20DDC-7DBA-4E8E-B433-11E270DDD5DF}] => (Allow) C:\Users\Jeff\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{286D8B41-0144-4029-ACE0-F2AF977B90BE}] => (Allow) C:\Users\Jeff\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BA97B068-38B3-4A4D-B1EE-A77C2E4B0A11}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8390869B-5F8D-4D54-AE68-5044B959A957}] => (Allow) C:\Users\Jeff\Desktop\New bleep\ChromeSetup.exe
FirewallRules: [{C07166F5-172A-45FB-9220-F5FA1785309D}] => (Allow) C:\Users\Jeff\Desktop\New bleep\ChromeSetup.exe
FirewallRules: [{C06CAD82-5B65-4CC1-A8B8-E967C42D2FB1}] => (Allow) C:\Users\Jeff\Desktop\New bleep\ChromeSetup.exe
FirewallRules: [{36646AC2-C3E5-4F96-8E2B-F3F099B56D66}] => (Allow) C:\Users\Jeff\Desktop\New bleep\ChromeSetup.exe
FirewallRules: [{08B27C96-5B8F-4FF0-8409-7D85FB649970}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{721E76C4-75B2-4EC2-95FA-B429178A4F87}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{618B06CD-4592-4016-8CDD-B28ABC2E9405}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{5FFE986B-22A4-4946-8FBB-F6338D7C08E6}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{687E4AB9-7602-454E-874F-05306947C189}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{FBE2605C-A1F0-4237-A7D4-34CF0EFF96E9}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{4CF3E3E7-C50F-40B6-AE0E-05287C9193C7}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{C2B77A96-5CE7-4457-8737-ACC25D1A88A0}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{E072B1C3-CC11-4532-836C-76B91513A7BD}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{42B81452-81A0-4AD5-B709-6427F682D1B7}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{7E31A1F5-DA3D-44D8-8C45-45C2B49AD458}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{57F76611-BFC0-4250-A728-3B38055A05D0}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{8BF6CA73-7C88-46F1-BCC8-01B0E6965655}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{BA24EDAA-CEEB-4538-B011-8791D37C3A3F}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{ABEEA07D-2B4C-48C2-A90E-21851B75317A}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{12623007-FCC5-4D26-B373-FD444ACEF65D}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{F755A7B9-C7CB-4EE2-B2DC-8800FFA6F2FE}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{389EFED6-DD1D-43F6-BB88-6BD2A0019419}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46DAA64F-648B-47AC-B9BF-C3E67FCC1A51}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E58C6C9-08FB-42A7-83DB-DB3B6A53F19F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ABDECBD8-01CD-48C9-B22F-2285F6C99F42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0733691D-A26B-4C6F-86A0-6F239641FA59}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{82507AE1-33D9-4F6B-8CE9-4B3EF716DB5C}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{8C4B80A1-366D-4B45-9E6E-3CF21B1E61A3}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [TCP Query User{DAED0F5C-A925-49DC-A8E8-D67B9E52888B}C:\users\jeff\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\jeff\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [UDP Query User{22ABC34C-A39B-4DE8-9AAE-E4952DE9A38E}C:\users\jeff\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\jeff\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{8520FA85-8275-42E8-B328-664E3C3B778E}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{5A0156E9-508D-41A0-B643-58FC272B33CD}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{8BCB6FD4-B8BE-4BAA-899F-636422260852}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{18C37CBF-1DD4-49B7-8DD2-B7C56C3C8E69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3653029E-B013-4CB3-A3F3-61CDFD0F3B9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8E30F9BD-9D2C-4F9B-81BA-52966328A2D5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{CE82B01F-8B45-4FFC-83A1-FC0953301B47}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F2C40255-C22E-4BA4-81F5-4D4BAB8866FE}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D6325EA5-EF65-4163-BEB0-ACA8F2BB45BA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{5569DD0E-4FC2-4918-8ACB-BDD5BD5B1BAE}C:\users\jeff\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jeff\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E9BC654D-D269-413E-AC04-86FC800385E6}C:\users\jeff\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jeff\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F8F163EC-BB43-4BD1-BF61-3437BF9A2AC2}C:\program files (x86)\standingstonegames\the lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\standingstonegames\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{36B43456-6D3D-4F84-B709-1E798A9FF31F}C:\program files (x86)\standingstonegames\the lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\standingstonegames\the lord of the rings online\lotroclient.exe
 
==================== Restore Points =========================
 
04-09-2017 10:26:58 Scheduled Checkpoint
12-09-2017 04:34:41 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Trusted Execution Engine Interface 
Description: Intel® Trusted Execution Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2017 07:13:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0xf24
Faulting application start time: 0x01d32c1c8e25d27b
Faulting application path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 00787b96-018a-4226-9987-d85da0fc86cb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2017 06:48:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2017 06:29:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x2a60
Faulting application start time: 0x01d32c165f85ebcb
Faulting application path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 26aad39a-3c01-4485-bcc6-3ea3f7c630c1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2017 05:52:38 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2017 05:04:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2017 04:33:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x1840
Faulting application start time: 0x01d32c063a7c006d
Faulting application path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 0bfbae5c-0c68-45b7-b91a-8379c6e80a1d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2017 04:00:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x3f4
Faulting application start time: 0x01d32c01a59c326b
Faulting application path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Jeff\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 7ad7c939-9256-4c57-a170-fd3e768f2f8d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2017 03:29:08 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2017 02:28:59 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/12/2017 02:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
 
System errors:
=============
Error: (09/12/2017 06:48:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 05:52:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 05:04:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 03:29:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 02:29:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 02:18:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 01:24:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 01:10:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 12:38:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/12/2017 12:07:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-08 08:59:11.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Jeff\AppData\Roaming\Microsoft\Protect\cbe370-8da371-50ce2912-c284c1-4ed0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-09-08 08:59:10.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Jeff\AppData\Roaming\Microsoft\Protect\cbe370-8da371-50ce2912-c284c1-4ed0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-09-04 09:02:11.542
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Jeff\AppData\Roaming\Microsoft\Protect\57f369-eff370-5bb11312-c2b3f1-bcf0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-08-09 14:18:06.934
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-09 14:18:06.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-09 14:14:55.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-09 14:14:55.290
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-09 12:55:02.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Jeff\AppData\Roaming\Microsoft\Protect\3ef367-7ee368-75af3944-7d5fb1-1aa0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-08-09 12:55:00.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Jeff\AppData\Roaming\Microsoft\Protect\3ef367-7ee368-75af3944-7d5fb1-1aa0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-07-23 12:22:58.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Jeff\AppData\Roaming\Microsoft\Protect\3ef367-7ee368-75af3944-7d5fb1-1aa0.rs that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 60%
Total physical RAM: 3979.22 MB
Available physical RAM: 1565.37 MB
Total Virtual: 7292.02 MB
Available Virtual: 4357.29 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:422.62 GB) (Free:132.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:16.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B811F3EF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users