[harmomelodic]

Opening pc_settings, I get an error 'this app can't open, try refresh' refresh does nothing except to say some files are missing...use recovery CD

holding down F8 on reboot for safe mode does nothing.

 

files attached...a bunch of core windows processes do not have signatures...???

 

(I found this when trying to update iTunes, it was repeatedly failing to update)

 

I'm using Kaspersky.  It has yet to show anything.

I updated signatures, and did a quick scan already.  I'm stating a full scan now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by Chad (administrator) on TEGLON (01-04-2017 13:02:06)

Running from C:\Users\Chad\Downloads

Loaded Profiles: Chad (Available Profiles: Chad)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

HKU\S-1-5-21-985218096-2591489430-401931631-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)

HKU\S-1-5-21-985218096-2591489430-401931631-1001\...\MountPoints2: {7c396f6d-a881-11e5-827b-001fbc119acd} - "H:\LaunchU3.exe" 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-12-27]

ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{398B59D8-A2F1-49A7-9E30-547D15B8512B}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKU\S-1-5-21-985218096-2591489430-401931631-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)

BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-08] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-08] (Oracle Corporation)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

 

FireFox:

========

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-06]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-08] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-08] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-02] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Chad\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-12-04] (Cisco WebEx LLC)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://www.google.com/

CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]

CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]

CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]

CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]

CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]

CHR Extension: (Adblock Plus) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]

CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]

CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]

CHR Extension: (Kaspersky Protection) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-11]

CHR Extension: (Google Docs Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]

CHR Extension: (Prodigy Math Game) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndgjbjghbnahgfhcmhkkoibbgdemlia [2016-03-20]

CHR Extension: (Cisco WebEx Extension) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-03-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]

CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]

CHR Extension: (Chrome Media Router) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)

S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)

S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [548352 2016-02-10] (Intel Corporation)

R3 e1rexpress; C:\Windows\system32\DRIVERS\e1r64x64.sys [467216 2013-05-03] (Intel Corporation)

R0 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [96552 2014-06-05] (Intel Corporation)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)

R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)

R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [196376 2017-03-13] (AO Kaspersky Lab)

R1 klhk; C:\Windows\System32\drivers\klhk.sys [509728 2017-03-13] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1017624 2017-03-13] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2016-12-06] (AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)

R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)

R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-13] (AO Kaspersky Lab)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-03-13] (AO Kaspersky Lab)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)

R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2016-05-10] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)

R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)

R3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-04-01 13:02 - 2017-04-01 13:02 - 00017044 _____ C:\Users\Chad\Downloads\FRST.txt

2017-04-01 13:02 - 2017-04-01 13:02 - 00000000 ____D C:\FRST

2017-04-01 13:01 - 2017-04-01 13:01 - 02424832 _____ (Farbar) C:\Users\Chad\Downloads\FRST64.exe

2017-03-31 13:46 - 2017-03-31 13:46 - 00047194 _____ C:\Users\Chad\Downloads\2016 K1 Documents (Estate of Diane L Char) (1).pdf

2017-03-31 12:43 - 2017-03-31 12:43 - 00047194 _____ C:\Users\Chad\Downloads\2016 K1 Documents (Estate of Diane L Char).pdf

2017-03-24 15:49 - 2017-03-27 22:02 - 00000000 ____D C:\Users\Chad\Documents\2017 fin aid amelia

2017-03-20 21:11 - 2017-03-20 21:11 - 00056197 _____ C:\Users\Chad\Downloads\LOX - Address.pdf

2017-03-19 08:25 - 2017-04-01 12:35 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForChad.job

2017-03-19 08:25 - 2017-04-01 02:47 - 00003154 _____ C:\Windows\System32\Tasks\HPCeeScheduleForChad

2017-03-19 08:25 - 2017-03-19 08:25 - 00000000 ____D C:\Users\Chad\AppData\Local\HP_Development_Company,_L

2017-03-17 14:56 - 2017-03-17 14:56 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Hewlett-Packard

2017-03-17 14:51 - 2017-03-24 15:21 - 00000000 ____D C:\Users\Chad\AppData\Roaming\HpUpdate

2017-03-17 14:51 - 2017-03-17 14:52 - 00000000 ____D C:\Users\Chad\AppData\Local\HP

2017-03-17 14:51 - 2017-03-17 14:51 - 00000164 _____ C:\Windows\system32\AddPort.ini

2017-03-17 14:51 - 2017-03-17 14:51 - 00000000 ____D C:\Users\Chad\Desktop\HP

2017-03-17 14:51 - 2017-03-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2017-03-17 14:50 - 2017-04-01 12:39 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2017-03-17 14:50 - 2017-03-17 14:51 - 00000000 ____D C:\Program Files (x86)\HP

2017-03-17 14:50 - 2017-03-17 14:50 - 00002243 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk

2017-03-17 14:50 - 2017-03-17 14:50 - 00000000 ____D C:\System.sav

2017-03-17 14:50 - 2017-03-17 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2017-03-17 14:49 - 2017-04-01 12:39 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard

2017-03-17 14:49 - 2017-03-17 14:49 - 00000000 ____D C:\Users\Chad\Downloads\HP Downloads

2017-03-17 14:49 - 2017-03-17 14:49 - 00000000 ____D C:\Users\Chad\AppData\Roaming\hpqLog

2017-03-17 14:49 - 2017-03-17 14:49 - 00000000 ____D C:\Users\Chad\AppData\Local\Hewlett-Packard

2017-03-17 14:49 - 2017-03-17 14:49 - 00000000 ____D C:\ProgramData\HP

2017-03-17 14:49 - 2017-03-17 14:49 - 00000000 ____D C:\HP_Color_LaserJet_Enterprise_M553

2017-03-17 14:49 - 2016-03-21 01:09 - 00311296 _____ (Hewlett-Packard) C:\Windows\system32\hpbcoinsx64.dll

2017-03-17 14:48 - 2017-03-17 14:50 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2017-03-17 14:47 - 2017-03-17 14:47 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\Chad\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-04-01 12:56 - 2014-03-18 06:03 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI

2017-04-01 12:56 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf

2017-04-01 12:54 - 2016-10-20 23:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2017-04-01 12:52 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-04-01 12:45 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2017-04-01 12:34 - 2014-12-29 04:59 - 00000000 ____D C:\Program Files (x86)\Steam

2017-04-01 12:34 - 2014-12-27 03:11 - 00000000 ____D C:\Users\Chad

2017-03-31 09:19 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\FxsTmp

2017-03-30 17:11 - 2014-12-31 14:38 - 00002254 ____H C:\Users\Chad\Documents\Default.rdp

2017-03-18 13:31 - 2016-10-20 23:07 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2017-03-18 13:16 - 2013-08-22 10:44 - 00484952 _____ C:\Windows\system32\FNTCACHE.DAT

2017-03-17 14:49 - 2014-12-27 03:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-03-14 21:16 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp

2017-03-13 09:44 - 2016-10-20 23:07 - 01017624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys

2017-03-13 09:44 - 2016-10-20 23:07 - 00196376 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys

2017-03-13 09:44 - 2016-09-12 23:03 - 00509728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys

2017-03-13 09:44 - 2016-09-12 23:03 - 00136416 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys

2017-03-13 09:44 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys

2017-03-13 09:44 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2017-03-02 09:37 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-03-02 09:36 - 2015-01-02 16:09 - 00000000 ____D C:\Program Files\Microsoft Office 15

 

==================== Files in the root of some directories =======

 

2014-12-27 03:46 - 2014-12-27 03:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

2016-12-08 18:42 - 2016-12-08 18:42 - 0737856 _____ (Oracle Corporation) C:\Users\Chad\AppData\Local\Temp\jre-8u111-windows-au.exe

2014-12-27 04:31 - 2016-03-08 02:16 - 0721952 _____ (NVIDIA Corporation) C:\Users\Chad\AppData\Local\Temp\nvSCPAPI.dll

2014-12-27 04:31 - 2016-03-08 02:16 - 0842272 _____ (NVIDIA Corporation) C:\Users\Chad\AppData\Local\Temp\nvSCPAPI64.dll

2014-12-29 04:11 - 2016-03-08 02:15 - 0324032 _____ (NVIDIA Corporation) C:\Users\Chad\AppData\Local\Temp\nvStInst.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-03-26 04:01

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by Chad (01-04-2017 13:02:24)

Running from C:\Users\Chad\Downloads

Windows 8.1 (Update) (X64) (2014-12-27 07:11:20)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-985218096-2591489430-401931631-500 - Administrator - Disabled)

Chad (S-1-5-21-985218096-2591489430-401931631-1001 - Administrator - Enabled) => C:\Users\Chad

Guest (S-1-5-21-985218096-2591489430-401931631-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-985218096-2591489430-401931631-1003 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Ashes of the Singularity (HKLM\...\Steam App 228880) (Version:  - Oxide Games)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Cisco WebEx Meetings (HKU\S-1-5-21-985218096-2591489430-401931631-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)

Dishonored 2 (HKLM\...\Steam App 403640) (Version:  - Arkane Studios)

DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)

Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)

GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.)

GIGABYTE OC_GURU II (x32 Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

HP Color LaserJet Enterprise M553 (HKLM-x32\...\{04eddfdb-3203-4605-aa4b-42659b357884}) (Version: 14.0.16124.472 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)

HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPCLJEnterpriseM553 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HPDXP (x32 Version: 3.0.26.30 - HP) Hidden

Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)

iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)

LJDXPHelperUI (x32 Version: 140.069.007 - HP) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4903.1002 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)

NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 364.51 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden

Offworld Trading Company (HKLM\...\Steam App 271240) (Version:  - Mohawk Games)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)

Radium (HKLM-x32\...\Steam App 355410) (Version:  - Lukas Jaeckel)

Razer Surround Driver Installer version 1.5 (HKLM-x32\...\{11B11FA5-41ED-43C1-AB4B-905DDEDC72A2}_is1) (Version: 1.5 - inXile Entertainment)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29092 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden

Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)

Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)

Sid Meier's Starships (HKLM-x32\...\Steam App 282210) (Version:  - Firaxis Games)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)

Torment: Tides of Numenera - Alpha Systems Test (HKLM-x32\...\Steam App 342210) (Version:  - )

Torment: Tides of Numenera (HKLM-x32\...\Steam App 272270) (Version:  - inXile Entertainment)

Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)

Undertale (HKLM\...\Steam App 391540) (Version:  - tobyfox)

VanDyke Software SecureCRT and SecureFX 7.2 (HKLM\...\{B0DBE649-D31A-4D5A-8D25-B0036A27B163}) (Version: 7.2.3 - VanDyke Software, Inc.)

Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)

Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {2DB5CF7C-D427-473B-8377-2053DF91BF43} - System32\Tasks\HPCeeScheduleForChad => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)

Task: {3257EA91-AAD3-4D38-8D02-2A573A1F66DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)

Task: {3F24D2F4-E135-4A4E-8EB5-96460DB1964E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {4F63F209-BDB6-4A5A-96D5-E48C42644276} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)

Task: {573843F5-E04E-4146-AF81-C83A52B2437D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {6D4CF4DF-896F-4A64-B124-86E11E62A82E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)

Task: {79D3C387-CDCC-45C5-A138-792A542374D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)

Task: {7CA2B428-FF82-4236-A8C0-9F4A313233FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {7E17418A-1572-4E23-AEBE-882C99696E57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {9BA2270A-56E1-4BD7-8DAC-BFD653347262} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)

Task: {B2C3E9C9-2DD6-40BF-9838-ACBDD6961914} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {B8C81677-5B9A-425E-A83F-3F332319BFE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {D7E38BA9-87F8-47FA-8CFF-88D5757048D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {D962BA15-9EAC-4B91-8F57-DA96015899FC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)

Task: {E1BAB7B0-8524-42BE-A4E0-A818AECFC928} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)

Task: {EC6A2B8C-D155-4761-8200-64E85DD6F683} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\HPCeeScheduleForChad.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2014-12-27 04:31 - 2016-03-08 02:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-01-02 16:09 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2015-10-30 03:22 - 2016-05-24 12:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2016-07-05 15:22 - 2016-07-05 15:22 - 00313144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll

2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll

2015-04-05 13:39 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-02-26 04:29 - 2016-02-26 04:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-985218096-2591489430-401931631-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{68F4B6B6-9CB8-481A-BE78-35B63300C265}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{DAC5AFAC-222E-4C11-8D12-4147B08CB45D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{695252AE-261C-45D4-86C1-84EAAC006A55}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{348913C1-C597-4923-9367-472ED399A3E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{C366BDA2-7EA8-48D4-B8CD-6C9417B15A50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{EBE9778D-0B24-4729-ADE4-E622B52B4A2C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{D60EADC7-A49B-4051-9928-DF74E92E2021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wasteland 2\Build\WL2.exe

FirewallRules: [{0C42E770-01F4-4C52-B530-823672581EC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wasteland 2\Build\WL2.exe

FirewallRules: [{463B852B-8DB7-4548-B63E-2DF5F7F4B3E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe

FirewallRules: [{CF75EEEB-94AC-4AB8-A618-FBF167BBC3ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe

FirewallRules: [{71B898D0-093B-4FE9-AC08-7C22D58D402C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe

FirewallRules: [{415862B5-5689-400E-BA62-EE521A432B5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe

FirewallRules: [{E6A902D5-4F10-4A7E-9DDA-0E0FE0EDBCB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Starships\Starships64.exe

FirewallRules: [{C0A0FA6C-1400-4CD7-A0CD-97AD1B03826B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Starships\Starships64.exe

FirewallRules: [{5A4CB118-4050-448C-B297-1F026509C36C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Radium\Radium.exe

FirewallRules: [{7B3483A7-C475-4092-B1CD-110D83DE7568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Radium\Radium.exe

FirewallRules: [{758A82A0-DBF0-46A0-B7B6-4CCC090231F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe

FirewallRules: [{1451DD07-1024-4BDC-A91E-1C362C2A8807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe

FirewallRules: [{2CB355FD-56E9-42CD-A9A8-75576BF4FE30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe

FirewallRules: [{83CE318A-8415-4CF4-9AAC-4B02D86D3BFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe

FirewallRules: [{E55105EB-7A60-4F52-8F2A-9BCB8E8F5EA8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{652AE1DE-6969-4819-A572-F9375608B321}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torment Tides of Numenera - Alpha Systems Test\WIN\AST0.exe

FirewallRules: [{4D78C71F-C624-4603-ABC0-260705DACD31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torment Tides of Numenera - Alpha Systems Test\WIN\AST0.exe

FirewallRules: [{DEE0F511-1F7A-448C-ADE0-ED2DA249554E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe

FirewallRules: [{A8281EF8-AC92-4FBC-82ED-786CC68FF032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe

FirewallRules: [{DCF2D7B3-4C68-49F5-BE94-8374C735713F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{11221F4B-7178-4EB0-89DC-75FF617B7B20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{CB9C0C9C-897B-4AF6-A736-4B3DC0FEA2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe

FirewallRules: [{65F7237F-DA0C-4EC2-9751-62292EBA9274}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe

FirewallRules: [{47D670F8-5621-4764-A633-6A479E2E7872}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{2B4AEEA7-C3BD-46CF-AF9F-6620C23B79FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7C43D5E6-B084-4A00-8919-72F76B623243}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E3A4259B-0151-428D-A066-5E4029742151}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{FE8C2610-A4C8-41AB-AD46-8460AED69ACC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{AB8CE729-78F2-40C3-A42E-55EA1395003C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{2B6B5E5B-42A2-47FA-9C7A-98F062D8801C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{4CFFF110-EA9F-4C00-9501-54755A2DF01D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2CD9142E-9925-4BA3-ADBA-3E0152ED23B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{B075D2AD-4FC9-450F-905A-D13A1ABFA2AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe

FirewallRules: [{8F5F6A95-2745-467B-92FE-0483001CC122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe

FirewallRules: [{BF346554-EEE8-45DF-8A47-4165A769DE5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe

FirewallRules: [{8656C4AB-6445-4416-B823-93149761E533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe

FirewallRules: [{DF3CD2AA-5097-4983-B391-8B1DB150DEC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe

FirewallRules: [{4DF01B44-63A0-45C8-8A26-C3EDC85A13FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe

FirewallRules: [{7259F099-FEFA-419E-8D30-A4A8D2143277}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe

FirewallRules: [{5DBF28F2-56F9-48EC-833E-5451C263FC64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe

FirewallRules: [{E12FEFEF-620F-4390-86E4-4A27D6D787B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{B53181F0-C7F5-42BF-AAFC-69C76E9BC150}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{A93A205B-3AD2-4F13-BF6B-370D20D615FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{C33CDCB2-CACF-4C86-8144-775F0D6D576B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe

FirewallRules: [{48D696B3-8ED9-4CB3-824C-C0C42ED11940}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored2\Dishonored2.exe

FirewallRules: [{E4C85C47-5C78-4A11-8E88-C128E1C50F94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe

FirewallRules: [{83DE359A-B92E-48D4-815D-5C658B7C83B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe

FirewallRules: [{A391E80B-273B-410E-A7F1-A63128DE780D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{55BEE292-D25D-4041-BCC9-6A004DC21C21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

FirewallRules: [{B6FE41F8-CD24-40AB-BE6E-8FEFD5C124EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Offworld Trading Company\StardockLauncher.exe

FirewallRules: [{74FF24F4-231A-4F1B-B761-C21994AA9763}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Offworld Trading Company\StardockLauncher.exe

FirewallRules: [{4415FC25-D352-444E-9B33-19D060516F9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{58755441-0BDE-4033-96EA-E4D952EDE671}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe

FirewallRules: [{EEF00477-E552-4461-9CC5-78814A2634A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe

FirewallRules: [{40DF0F58-8628-4081-9892-BEACC21277F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe

FirewallRules: [{AA9528AF-BBB0-4F4D-9D17-886A91EEE8AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe

 

==================== Restore Points =========================

 

06-03-2017 09:27:36 Scheduled Checkpoint

16-03-2017 18:42:36 Scheduled Checkpoint

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/01/2017 12:55:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IAStorDataMgrSvc.exe, version: 13.1.0.1058, time stamp: 0x53642550

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0182680d

Faulting process id: 0xdbc

Faulting application start time: 0x01d2ab089fcc5bd7

Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

Faulting module path: unknown

Report Id: f723a40f-16fb-11e7-82aa-001fbc119acd

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/01/2017 12:55:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: IAStorDataMgrSvc.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.NullReferenceException

Stack:

   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()

   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()

   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

 

Error: (04/01/2017 12:52:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c

Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5726d98c

Exception code: 0xc0000005

Fault offset: 0x0000000000010f73

Faulting process id: 0x12ec

Faulting application start time: 0x01d2ab08577572ec

Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll

Report Id: 966ba460-16fb-11e7-82aa-001fbc119acd

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/01/2017 12:47:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: teglon)

Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (04/01/2017 12:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c

Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5726d98c

Exception code: 0xc0000005

Fault offset: 0x0000000000010f73

Faulting process id: 0xfdc

Faulting application start time: 0x01d2ab078eb99570

Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll

Report Id: cda56b4b-16fa-11e7-82a9-001fbc119acd

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/01/2017 12:43:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: teglon)

Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (04/01/2017 12:39:45 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

 

Error: (04/01/2017 12:38:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: teglon)

Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (04/01/2017 12:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IAStorDataMgrSvc.exe, version: 13.1.0.1058, time stamp: 0x53642550

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x016c6805

Faulting process id: 0x124c

Faulting application start time: 0x01d2ab06459ecd47

Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

Faulting module path: unknown

Report Id: 9d092fc4-16f9-11e7-82a8-001fbc119acd

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/01/2017 12:38:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: IAStorDataMgrSvc.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.NullReferenceException

Stack:

   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()

   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()

   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)

   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

   at System.Threading.ThreadPoolWorkQueue.Dispatch()

   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

 

 

System errors:

=============

Error: (04/01/2017 12:55:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/01/2017 12:47:03 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

Error: (04/01/2017 12:43:39 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

Error: (04/01/2017 12:39:31 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer GALLIFREY

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398B59D8-A2F1-49A7-9E30-547D15B8512B}.

The master browser is stopping or an election is being forced.

 

Error: (04/01/2017 12:38:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/01/2017 12:38:20 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

Error: (04/01/2017 12:37:09 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

Error: (04/01/2017 12:37:05 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

Error: (04/01/2017 12:36:48 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

Error: (04/01/2017 12:36:44 PM) (Source: DCOM) (EventID: 10001) (User: teglon)

Description: Unable to start a DCOM Server: microsoft.windows.immersivecontrolpanel as Unavailable/Unavailable. The error:

"15612"

Happened while starting this command:

"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-5930K CPU @ 3.50GHz

Percentage of memory in use: 9%

Total physical RAM: 32691.78 MB

Available physical RAM: 29640.49 MB

Total Virtual: 37555.78 MB

Available Virtual: 33779.73 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:744.7 GB) (Free:394.59 GB) NTFS

Drive d: (Datalore) (Fixed) (Total:1862.89 GB) (Free:1105.61 GB) NTFS

Drive f: (CANON_DC) (Removable) (Total:7.47 GB) (Free:5.13 GB) FAT32

Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:4657.4 GB) (Free:3912.29 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 745.2 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4657.5 GB) (Disk ID: 9AB8C987)

 

Partition: GPT.

 

========================================================

Disk: 4 (Size: 7.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

Attached Files

•  FRST_01-04-2017 13.02.41.txt   23.5KB   172 downloads
•  Addition_01-04-2017 13.02.41.txt   37.14KB   223 downloads
•  svchost_data.TXT   7.33KB   172 downloads

Edited by RKinner, 02 April 2017 - 08:42 PM.

[Advertisements]

You're getting a lot of errors related to 

Intel® Rapid Storage Technology so I would try updating it:

 

https://downloadcent...r?product=55005

 

Then check your file system:

 

Open an elevated command prompt:

 

http://www.eightforu...indows-8-a.html

 

If you open an elevated command prompt it will by default open in c:\Windows\system32

 

Once you have an elevated command prompt:

 

Type(with an Enter after each line):

 

 

DISM  /Online  /Cleanup-Image  /RestoreHealth

 

 (I use two spaces so you can be sure to see where one space goes.)

This will take a while to complete.  Once the prompt returns:

 

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

 

sfc  /scannow

 

 

 

 

 

This will also take a few minutes.  

 

When it finishes it will say one of the following:

 

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

Which do you get?

 

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 

 

Hit Enter.  Then type::

 

notepad  \junk.txt 

 

Hit Enter. 

 

 Copy the text from notepad and paste it into a reply.

 

 

After you finish SFC:

 

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

[RKinner]

You're getting a lot of errors related to 

Intel® Rapid Storage Technology so I would try updating it:

 

https://downloadcent...r?product=55005

 

Then check your file system:

 

Open an elevated command prompt:

 

http://www.eightforu...indows-8-a.html

 

If you open an elevated command prompt it will by default open in c:\Windows\system32

 

Once you have an elevated command prompt:

 

Type(with an Enter after each line):

 

 

DISM  /Online  /Cleanup-Image  /RestoreHealth

 

 (I use two spaces so you can be sure to see where one space goes.)

This will take a while to complete.  Once the prompt returns:

 

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

 

sfc  /scannow

 

 

 

 

 

This will also take a few minutes.  

 

When it finishes it will say one of the following:

 

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

Which do you get?

 

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 

 

Hit Enter.  Then type::

 

notepad  \junk.txt 

 

Hit Enter. 

 

 Copy the text from notepad and paste it into a reply.

 

 

After you finish SFC:

 

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)