Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer may be infected with TR/Dropper? [Closed]


  • This topic is locked This topic is locked

#1
DoubleChinLegion

DoubleChinLegion

    New Member

  • Member
  • Pip
  • 8 posts

Hi there,  A week ago or two, I received a little surprise in a download.  I wasn't too surprised because I was suspicious already of the download, and sure enough, Avira detected something.  I clicked "remove" and it cleaned things up, or so I thought. Skip ahead a few hours and I get an alert that something was detected in /Temp. Avira removes the bad file and that's that.  Unfortunately, I've been getting different detections of different names in /Temp, and Avira says it's gotten rid of them.  The most common is 'TR/Dropper.ljhf' [trojan].  I've run full scans with Avira and Malwarebytes, but to no avail.  The logs from Farbar are below...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by cwfix (administrator) on DESKTOP-C1OUR8G (23-03-2016 19:00:38)
Running from C:\Users\cwfix\Desktop
Loaded Profiles: cwfix &  (Available Profiles: cwfix)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Scarlet.Crush Productions) C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RohosLogon] => "C:\Program Files (x86)\Rohos\welcome-user.exe" per-user
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{022bbbb6-9728-4b66-a38c-a1a85ecd81f2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6216f023-47ad-4d63-9a6b-81a922b10b73}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP36616A69-DD62-47D8-8B41-A85E06E1756F&SSPV=","hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-01]
CHR Extension: (Google Docs) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-01]
CHR Extension: (Google Drive) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (Photos - Google Photos) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blckliiiahkijfikcfmbncibcefakemp [2016-01-01]
CHR Extension: (YouTube) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-01]
CHR Extension: (GeoGebra) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-01-01]
CHR Extension: (Google Search) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (Sumo Paint) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2016-03-13]
CHR Extension: (Perk for Chrome) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpaeddemekchnbmjmcjplbbeeheionp [2016-01-21]
CHR Extension: (Google Sheets) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-01]
CHR Extension: (Avira Browser Safety) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-15]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-17]
CHR Extension: (Inbox) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdbgcjkoinbbkebiinegogimaehanpk [2016-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-17]
CHR Extension: (Treasure Arena) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hedpcboianohjgdhoblpcpgapknkoojm [2016-01-01]
CHR Extension: (codedoodl.es) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfnbfhcojlgbojpphigjibpjkccfikh [2016-03-04]
CHR Extension: (AllCast Receiver) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2016-01-01]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2016-01-01]
CHR Extension: (Clock) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoihofapbdnldlhecnhefifbcddgdkhm [2016-01-01]
CHR Extension: (WHA) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjepdmpnjibnpjadgmnhdnbndmghdme [2016-01-01]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-03-17]
CHR Extension: (Open Port Check Tool) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefghalnfhaklfbndadklndcndabkadb [2016-02-10]
CHR Extension: (Skype) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-14]
CHR Extension: (Sumon) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf [2016-01-01]
CHR Extension: (Webutation) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2016-01-01]
CHR Extension: (Smart QrCode Generator) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnbjbobhhoaekejilcmdkfomkndikho [2016-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-01]
CHR Extension: (My Chrome Theme) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-01-01]
CHR Extension: (Skype) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonccmmafcaodljbcgobdbknmbljiafh [2016-01-01]
CHR Extension: (Gmail) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-01]
CHR Extension: (APEXvj) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgmjhfhhlkcdaokajkfjimjieapgpao [2016-01-01]
CHR Extension: (Secure Shell) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2016-02-10]
CHR Extension: (Space Planet) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2016-01-01]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-25] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2015-09-04] (Scarlet.Crush Productions) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-01-03] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 Rohos; C:\Program Files (x86)\Rohos\ntserv.exe [X]
S3 vncserver; "C:\Program Files\RealVNC\VNC Server\vncserver.exe" -service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-10] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2016-01-01] ()
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [158272 2016-02-13] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2016-01-01] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3870464 2016-01-01] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions)
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2016-01-22] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-23 19:00 - 2016-03-23 19:00 - 00034871 _____ C:\Users\cwfix\Desktop\FRST.txt
2016-03-23 19:00 - 2016-03-23 19:00 - 00000000 ____D C:\FRST
2016-03-23 18:59 - 2016-03-23 19:00 - 02374144 _____ (Farbar) C:\Users\cwfix\Desktop\FRST64.exe
2016-03-23 18:59 - 2016-03-23 18:59 - 02374144 _____ (Farbar) C:\Users\cwfix\Downloads\FRST64.exe
2016-03-23 18:44 - 2016-03-23 18:44 - 00256264 ____T (CrowdStrike, Inc.) C:\Users\cwfix\Desktop\crowdinspect64.exe
2016-03-23 18:43 - 2016-03-23 18:43 - 00245486 _____ C:\Users\cwfix\Downloads\CrowdInspect.zip
2016-03-23 17:59 - 2016-03-23 17:59 - 00000222 _____ C:\Users\cwfix\Desktop\Forbidden planet.url
2016-03-23 17:31 - 2016-03-23 17:31 - 00071662 _____ C:\Users\cwfix\Downloads\Bring_Him_Home.pdf
2016-03-23 14:49 - 2016-03-23 14:50 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\The Last Frontier
2016-03-23 14:41 - 2016-03-23 14:45 - 00000000 ____D C:\Users\cwfix\Desktop\TheLastFrontier
2016-03-23 14:41 - 2016-03-23 14:41 - 00000000 ____D C:\Users\cwfix\AppData\Local\Solid State Networks
2016-03-23 14:40 - 2016-03-23 14:40 - 17333385 _____ C:\Users\cwfix\Downloads\TheLastFrontier.zip
2016-03-23 06:53 - 2016-03-23 06:53 - 00000000 ___HD C:\OneDriveTemp
2016-03-22 15:12 - 2016-03-22 15:17 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Audacity
2016-03-22 15:12 - 2016-03-22 15:12 - 26496761 _____ (Audacity Team ) C:\Users\cwfix\Downloads\audacity-win-2.1.2.exe
2016-03-22 15:12 - 2016-03-22 15:12 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-03-22 15:12 - 2016-03-22 15:12 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-03-22 15:12 - 2016-03-22 15:12 - 00000000 ____D C:\Users\cwfix\AppData\Local\Audacity
2016-03-22 15:12 - 2016-03-22 15:12 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-03-21 21:41 - 2016-03-21 21:41 - 00125583 _____ C:\Users\cwfix\Desktop\Agony_from_Into_the_Woods.pdf
2016-03-21 21:39 - 2016-03-23 17:32 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\MuseScore
2016-03-21 21:39 - 2016-03-21 21:39 - 00017547 _____ C:\Users\cwfix\Downloads\Agony_from_Into_the_Woods.mscz
2016-03-21 21:39 - 2016-03-21 21:39 - 00001126 _____ C:\Users\cwfix\Desktop\MuseScore 2.lnk
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Users\cwfix\Documents\MuseScore2
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Users\cwfix\AppData\Local\MuseScore
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2016-03-21 21:38 - 2016-03-21 21:38 - 55488512 _____ C:\Users\cwfix\Downloads\MuseScore-2.0.2.msi
2016-03-19 00:45 - 2016-03-19 00:45 - 16933971 _____ (The qBittorrent project) C:\Users\cwfix\Downloads\qbittorrent_3.3.3_setup.exe
2016-03-19 00:44 - 2016-03-19 00:45 - 00000000 ____D C:\Users\cwfix\Desktop\New folder
2016-03-18 20:49 - 2016-03-18 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-18 16:36 - 2016-03-18 16:36 - 00015115 _____ C:\Users\cwfix\Downloads\House-Size-Study-Final.xlsx
2016-03-17 23:26 - 2016-03-23 14:49 - 00000000 ____D C:\Users\cwfix\Documents\My Games
2016-03-17 23:19 - 2016-03-17 23:19 - 00000000 ____D C:\Users\cwfix\Documents\Zen Studios
2016-03-17 20:03 - 2016-03-17 20:03 - 00000222 _____ C:\Users\cwfix\Desktop\HAWKEN.url
2016-03-17 20:01 - 2016-03-17 20:01 - 00000222 _____ C:\Users\cwfix\Desktop\Pinball FX2.url
2016-03-17 00:23 - 2016-03-23 18:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 00:22 - 2016-03-17 00:22 - 22908888 _____ (Malwarebytes ) C:\Users\cwfix\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-17 00:22 - 2016-03-17 00:22 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-17 00:22 - 2016-03-17 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-17 00:22 - 2016-03-17 00:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 00:22 - 2016-03-17 00:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-17 00:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-17 00:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-17 00:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-17 00:20 - 2016-03-17 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-17 00:20 - 2016-03-17 00:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-17 00:20 - 2016-03-08 02:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-17 00:20 - 2016-02-13 21:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-17 00:20 - 2016-02-13 21:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-17 00:20 - 2016-02-13 21:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-17 00:20 - 2016-02-13 21:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-17 00:19 - 2016-03-08 06:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00545632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-17 00:19 - 2016-03-08 06:27 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-16 21:34 - 2016-03-16 21:34 - 02598355 _____ C:\Users\cwfix\Downloads\howto_avira_rescue_system_en.pdf
2016-03-16 21:34 - 2016-03-16 21:34 - 00626182 _____ C:\Users\cwfix\Downloads\man_avira_rescue_system_en.pdf
2016-03-16 21:31 - 2016-03-16 21:34 - 660373480 _____ (Avira GmbH) C:\Users\cwfix\Downloads\rescue-system.exe
2016-03-16 11:11 - 2016-03-16 11:11 - 00000000 ____D C:\Users\cwfix\AppData\Local\Uber Entertainment
2016-03-16 10:46 - 2016-03-23 17:59 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-16 10:46 - 2016-03-16 10:46 - 00000222 _____ C:\Users\cwfix\Desktop\Planetary Annihilation.url
2016-03-15 05:07 - 2016-03-15 05:07 - 00049910 _____ C:\Users\cwfix\AppData\Roaming\slides-table.css
2016-03-15 05:07 - 2016-03-15 05:07 - 00002220 _____ C:\Users\cwfix\AppData\Roaming\LurPerusalStairhead
2016-03-12 19:58 - 2016-03-12 19:58 - 00000906 _____ C:\Users\cwfix\Desktop\Dungeon of the Endless.lnk
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Users\cwfix\Documents\Dungeon of the Endless
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Dungeon of the Endless
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\AMPLITUDE Studios
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Games
2016-03-12 19:42 - 2016-03-12 19:42 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\uTorrent
2016-03-12 19:33 - 2016-03-12 19:33 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\Robot Gentleman Studios
2016-03-12 19:33 - 2016-03-12 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\60 Seconds
2016-03-12 19:32 - 2016-03-12 19:32 - 00003476 _____ C:\WINDOWS\System32\Tasks\IntelMemoryDiagnostic
2016-03-10 15:54 - 2016-03-10 15:54 - 09972720 _____ C:\Users\cwfix\Downloads\17Home04SecondFloorDoorDim.wmv
2016-03-10 15:33 - 2016-03-10 15:34 - 28895232 _____ C:\Users\cwfix\Downloads\20Home04SecondFloorWindows.wmv
2016-03-10 15:33 - 2016-03-10 15:34 - 24060694 _____ C:\Users\cwfix\Downloads\19Home04Stairs.wmv
2016-03-10 15:33 - 2016-03-10 15:34 - 12085106 _____ C:\Users\cwfix\Downloads\18Home04SecondFloorRails.wmv
2016-03-09 10:08 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 10:08 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 10:08 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 10:08 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 10:08 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 10:08 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 10:08 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 10:08 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 10:08 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 10:08 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 10:08 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 10:08 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 10:08 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 10:08 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 10:08 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 10:08 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 10:08 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 10:08 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 10:08 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 10:08 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 10:08 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 10:08 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 10:08 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 10:08 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 10:08 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 10:08 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 10:08 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 10:08 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 10:08 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 10:08 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 10:08 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 10:08 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 10:08 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 10:08 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 10:08 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 10:08 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 10:08 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 10:08 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 10:08 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 10:08 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 10:08 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 10:08 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 10:08 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 10:08 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 10:08 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 10:08 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 10:08 - 2016-02-24 03:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-09 10:08 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 10:08 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 10:08 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 10:08 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 10:08 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 10:08 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 10:08 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 10:08 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 10:08 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 10:08 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 10:08 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 10:08 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 10:08 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 10:08 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 10:08 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 10:08 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 10:08 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 10:08 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 10:08 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 10:08 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 10:08 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 10:08 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 10:08 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 10:08 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 10:08 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 10:08 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 10:08 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 10:08 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 10:08 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 10:08 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 10:08 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 10:08 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 10:08 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 10:08 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 10:08 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 10:08 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 10:08 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 10:08 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 10:08 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 10:08 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 10:08 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 10:08 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 10:08 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 10:08 - 2016-02-24 02:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-09 10:08 - 2016-02-24 02:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-09 10:08 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 10:08 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 10:08 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 10:08 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 10:08 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 10:08 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 10:08 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 10:08 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 10:08 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 10:08 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 10:08 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 10:08 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 10:08 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 10:08 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 10:08 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 10:08 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 10:08 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 10:08 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 10:08 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 10:08 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 10:08 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 10:08 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 10:08 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 10:08 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 10:08 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 10:08 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 10:08 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 10:08 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 10:08 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 10:08 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 10:08 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 10:08 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 10:08 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 10:08 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 10:08 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 10:08 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 10:08 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 10:08 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 10:08 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 10:08 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 10:08 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 10:08 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 10:08 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 10:08 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 10:08 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 10:08 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-09 10:08 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 10:08 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 10:08 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 10:08 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 10:08 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 10:08 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 10:08 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 10:08 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 10:08 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 10:08 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 17:07 - 2016-03-08 17:07 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2016-03-08 17:07 - 2012-09-21 06:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBL.DLL
2016-03-08 09:15 - 2016-03-08 09:15 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-03-08 09:15 - 2012-09-20 06:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBL.DLL
2016-03-02 14:08 - 2016-03-02 14:08 - 00002315 _____ C:\Users\cwfix\Desktop\Avira Scout.lnk
2016-03-02 14:08 - 2016-03-02 14:08 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-02 14:08 - 2016-03-02 14:08 - 00000000 ____D C:\Users\cwfix\AppData\Local\Package Cache
2016-03-02 14:08 - 2016-03-02 14:08 - 00000000 ____D C:\Users\cwfix\AppData\Local\Avira-Scout
2016-03-02 09:12 - 2016-02-23 07:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 09:12 - 2016-02-23 07:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 09:12 - 2016-02-23 07:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 09:12 - 2016-02-23 07:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 09:12 - 2016-02-23 07:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 09:12 - 2016-02-23 07:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 09:12 - 2016-02-23 07:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 09:12 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 09:12 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 09:12 - 2016-02-23 07:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 09:12 - 2016-02-23 06:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 09:12 - 2016-02-23 06:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 09:12 - 2016-02-23 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 09:12 - 2016-02-23 06:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 09:12 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 09:12 - 2016-02-23 06:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 09:12 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 09:12 - 2016-02-23 06:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 09:12 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 09:12 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 09:12 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 09:12 - 2016-02-23 05:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 09:12 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 09:12 - 2016-02-23 05:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 09:12 - 2016-02-23 05:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 09:12 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 09:12 - 2016-02-23 05:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 09:12 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 09:12 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 09:12 - 2016-02-23 05:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 09:12 - 2016-02-23 05:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 09:12 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 09:12 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 09:12 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 09:12 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 09:12 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 09:12 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 09:12 - 2016-02-23 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 09:12 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 09:12 - 2016-02-23 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 09:12 - 2016-02-23 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 09:12 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 09:12 - 2016-02-23 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 09:12 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 09:12 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 09:12 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 09:12 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 09:12 - 2016-02-23 04:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 09:12 - 2016-02-23 04:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-02 09:12 - 2016-02-23 04:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 09:12 - 2016-02-23 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 09:12 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 09:12 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 09:12 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 09:12 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 09:12 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 09:12 - 2016-02-23 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 09:12 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 09:12 - 2016-02-23 04:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 09:12 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 09:12 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 09:12 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 09:12 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 09:12 - 2016-02-23 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 09:12 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 09:12 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 09:12 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 09:12 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 09:12 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 09:12 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 09:12 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:12 - 2016-02-23 04:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 09:12 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 09:12 - 2016-02-23 04:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 09:12 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 09:12 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 09:12 - 2016-02-23 04:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 09:12 - 2016-02-23 04:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 09:12 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 09:12 - 2016-02-23 04:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 09:12 - 2016-02-23 04:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 09:12 - 2016-02-23 04:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 09:12 - 2016-02-23 04:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 09:12 - 2016-02-23 04:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 09:12 - 2016-02-23 04:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 09:12 - 2016-02-23 04:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 09:12 - 2016-02-23 04:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 09:12 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 09:12 - 2016-02-23 04:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 09:12 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 09:12 - 2016-02-23 04:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 09:12 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 09:12 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 09:12 - 2016-02-23 04:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 09:12 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 09:12 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 09:12 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 09:12 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 09:12 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 09:12 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 09:12 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 09:12 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 09:12 - 2016-02-23 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 09:12 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 09:12 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 03:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:12 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 09:12 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 09:12 - 2016-02-23 03:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 09:12 - 2016-02-23 03:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 09:12 - 2016-02-23 03:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 09:12 - 2016-02-23 03:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 09:12 - 2016-02-23 03:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 09:12 - 2016-02-23 03:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 09:12 - 2016-02-23 03:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 09:12 - 2016-02-23 03:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 09:12 - 2016-02-23 03:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 09:12 - 2016-02-23 03:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 09:12 - 2016-02-23 03:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 09:12 - 2016-02-23 03:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 09:12 - 2016-02-23 03:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 09:12 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 09:12 - 2016-02-23 02:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 09:12 - 2016-02-23 02:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 09:12 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 09:12 - 2016-02-23 02:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 09:12 - 2016-02-23 02:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 09:12 - 2016-02-23 02:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 09:12 - 2016-02-23 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 09:12 - 2016-02-23 02:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 09:12 - 2016-02-23 02:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 09:12 - 2016-02-23 02:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 09:12 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 09:12 - 2016-02-23 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 09:12 - 2016-02-23 02:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 09:12 - 2016-02-23 02:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 09:12 - 2016-02-23 02:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 09:12 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 09:12 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 09:12 - 2016-02-23 02:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 09:12 - 2016-02-23 02:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 09:12 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 09:12 - 2016-02-09 00:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 09:12 - 2016-02-09 00:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 09:12 - 2016-02-08 23:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 09:12 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 09:12 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 09:12 - 2016-02-08 23:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 09:12 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 09:12 - 2016-02-08 23:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-02-27 16:57 - 2016-02-27 16:57 - 00000000 ____D C:\Users\cwfix\Downloads\OneDrive-2016-02-27
2016-02-27 16:56 - 2016-02-27 16:57 - 25894166 _____ C:\Users\cwfix\Downloads\OneDrive-2016-02-27.zip
2016-02-27 15:47 - 2016-02-27 15:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2016-02-27 15:46 - 2016-02-27 15:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-27 15:01 - 2016-02-27 21:15 - 00000000 ____D C:\Users\cwfix\AndroidStudioProjects
2016-02-27 15:01 - 2016-02-27 15:01 - 00000000 ____D C:\Users\cwfix\.gradle
2016-02-27 14:57 - 2016-02-27 14:57 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\JetBrains
2016-02-27 14:57 - 2016-02-27 14:57 - 00000000 ____D C:\Users\cwfix\.AndroidStudio1.5
2016-02-27 14:56 - 2016-03-10 11:59 - 00000000 ____D C:\Users\cwfix\.android
2016-02-27 14:56 - 2016-02-27 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-02-27 14:55 - 2016-02-27 14:55 - 00000000 ____D C:\Program Files\Intel
2016-02-27 14:55 - 2015-01-30 11:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2016-02-27 14:54 - 2016-02-27 14:54 - 00000000 ____D C:\Users\cwfix\AppData\Local\Android
2016-02-27 14:54 - 2016-02-27 14:54 - 00000000 ____D C:\Program Files\Android
2016-02-27 14:49 - 2016-02-27 14:52 - 1209163328 _____ (Google Inc.) C:\Users\cwfix\Downloads\android-studio-bundle-141.2456560-windows.exe
2016-02-26 23:44 - 2016-02-27 01:00 - 00001137 _____ C:\Users\cwfix\Desktop\nativelog.txt
2016-02-26 23:28 - 2016-02-27 00:45 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\.minecraft
2016-02-26 23:28 - 2016-02-26 23:28 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\java
2016-02-26 23:27 - 2016-02-26 23:28 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-02-26 23:27 - 2016-02-26 23:27 - 02314240 _____ C:\Users\cwfix\Downloads\MinecraftInstaller.msi
2016-02-26 23:27 - 2016-02-26 23:27 - 01247112 _____ (Mojang) C:\Users\cwfix\Downloads\Minecraft.exe
2016-02-26 23:27 - 2016-02-26 23:27 - 00001030 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-02-26 23:27 - 2016-02-26 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-02-26 23:17 - 2016-02-26 23:17 - 08320755 _____ C:\Users\cwfix\Downloads\minecraft_server.1.8.9 (1).jar
2016-02-26 23:15 - 2016-02-26 23:15 - 08320755 _____ C:\Users\cwfix\Downloads\minecraft_server.1.8.9.jar
2016-02-26 23:12 - 2016-02-26 23:21 - 00000000 ____D C:\Users\cwfix\Desktop\mcraftserver
2016-02-26 23:12 - 2016-02-26 23:12 - 08714995 _____ C:\Users\cwfix\Downloads\minecraft_server.1.8.9.exe
2016-02-26 22:43 - 2016-02-26 22:43 - 66175723 _____ C:\Users\cwfix\Downloads\googlechrome.dmg
2016-02-26 22:42 - 2016-02-26 22:42 - 17413075 _____ C:\Users\cwfix\Downloads\TeamViewerQS.dmg
2016-02-26 22:37 - 2016-02-26 22:37 - 09738320 _____ (TeamViewer GmbH) C:\Users\cwfix\Downloads\TeamViewer_Setup_en.exe
2016-02-26 22:37 - 2016-02-26 22:37 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-26 22:37 - 2016-02-26 22:37 - 00001104 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-02-26 22:37 - 2016-02-26 22:37 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\TeamViewer
2016-02-26 22:37 - 2016-02-26 22:37 - 00000000 ____D C:\Users\cwfix\AppData\Local\TeamViewer
2016-02-26 22:37 - 2016-02-26 22:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-26 17:23 - 2016-03-11 22:54 - 00000000 ____D C:\Users\cwfix\Documents\BarcodeManager
2016-02-25 14:11 - 2016-02-25 14:11 - 15255202 _____ C:\Users\cwfix\Downloads\12Home04SecondFloor.wmv
2016-02-25 11:58 - 2016-02-25 11:58 - 00002349 _____ C:\Users\cwfix\Downloads\TextDemo.jnlp
2016-02-25 11:46 - 2016-02-25 11:46 - 19089348 _____ C:\Users\cwfix\Downloads\14Home04SecondFloorWalls.wmv
2016-02-25 11:46 - 2016-02-25 11:46 - 16698036 _____ C:\Users\cwfix\Downloads\15Home04SecondFloorWallDim.wmv
2016-02-25 11:46 - 2016-02-25 11:46 - 11972462 _____ C:\Users\cwfix\Downloads\13Home04SecondFloorBalconys.wmv
2016-02-25 11:46 - 2016-02-25 11:46 - 09980072 _____ C:\Users\cwfix\Downloads\16Home04SecondFloorRoomTagss.wmv
2016-02-25 10:40 - 2016-02-27 00:07 - 00000000 ____D C:\Users\cwfix\SigninApplicationFiles
2016-02-25 10:40 - 2016-02-25 10:40 - 00000000 ____D C:\Users\cwfix\.tooling
2016-02-25 10:31 - 2016-03-09 09:22 - 00000000 ____D C:\Users\cwfix\AppData\Local\Eclipse
2016-02-25 10:31 - 2016-02-25 10:31 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\UltraVNC
2016-02-25 10:24 - 2016-03-23 06:54 - 00000000 ___RD C:\Users\cwfix\Dropbox
2016-02-25 10:24 - 2016-02-25 10:24 - 00001303 _____ C:\Users\cwfix\Desktop\Dropbox.lnk
2016-02-25 10:23 - 2016-03-23 18:28 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-25 10:23 - 2016-03-23 09:28 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-25 10:23 - 2016-03-23 06:53 - 00000000 ____D C:\Users\cwfix\AppData\Local\Dropbox
2016-02-25 10:23 - 2016-03-18 20:49 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-25 10:23 - 2016-02-25 10:23 - 00690072 _____ (Dropbox, Inc.) C:\Users\cwfix\Downloads\DropboxInstaller.exe
2016-02-25 10:23 - 2016-02-25 10:23 - 00003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-02-25 10:23 - 2016-02-25 10:23 - 00003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-02-25 10:23 - 2016-02-25 10:23 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Dropbox
2016-02-25 10:23 - 2016-02-25 10:23 - 00000000 ____D C:\ProgramData\Dropbox
2016-02-25 10:21 - 2016-02-25 10:21 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-02-25 10:21 - 2016-02-25 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-25 10:21 - 2016-02-25 10:21 - 00000000 ____D C:\Program Files\Java
2016-02-25 10:20 - 2016-02-25 10:21 - 195911256 _____ (Oracle Corporation) C:\Users\cwfix\Downloads\jdk-8u73-windows-x64.exe
2016-02-25 10:17 - 2016-03-09 09:22 - 00000000 ____D C:\Users\cwfix\Desktop\eclipse
2016-02-25 10:17 - 2016-03-09 09:22 - 00000000 ____D C:\Users\cwfix\.p2
2016-02-25 10:17 - 2016-03-01 11:16 - 00000000 ____D C:\Users\cwfix\.eclipse
2016-02-25 10:16 - 2016-02-25 10:17 - 174218104 _____ C:\Users\cwfix\Downloads\eclipse-java-mars-1-win32-x86_64.zip
2016-02-25 10:05 - 2016-02-25 10:05 - 00001010 _____ C:\Users\cwfix\Desktop\UltraVNC Launcher.lnk
2016-02-25 10:05 - 2016-02-25 10:05 - 00001000 _____ C:\Users\cwfix\Desktop\UltraVNC Viewer.lnk
2016-02-25 10:05 - 2016-02-25 10:05 - 00000995 _____ C:\Users\cwfix\Desktop\UltraVNC Repeater.lnk
2016-02-25 10:05 - 2016-02-25 10:05 - 00000983 _____ C:\Users\cwfix\Desktop\UltraVNC Server.lnk
2016-02-25 10:05 - 2016-02-25 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2016-02-25 10:05 - 2016-02-25 10:05 - 00000000 ____D C:\Program Files\uvnc bvba
2016-02-25 10:04 - 2016-02-25 10:05 - 03442064 _____ (uvnc bvba ) C:\Users\cwfix\Downloads\UltraVNC_1_2_10_X64_Setup.exe
2016-02-25 09:58 - 2016-02-25 10:06 - 00000000 ____D C:\Users\cwfix\AppData\Local\RealVNC
2016-02-25 09:58 - 2016-02-25 09:58 - 18317272 _____ (RealVNC Ltd ) C:\Users\cwfix\Downloads\VNC-5.3.0-Windows.exe
2016-02-25 09:58 - 2016-02-25 09:58 - 00000000 ____D C:\ProgramData\RealVNC-Service
2016-02-25 09:58 - 2016-02-25 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2016-02-25 09:58 - 2015-12-07 10:35 - 00037704 _____ (RealVNC Ltd) C:\WINDOWS\system32\VNCpm.dll
2016-02-24 15:24 - 2016-02-24 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohos
2016-02-24 15:24 - 2016-01-28 16:41 - 00139264 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohosobj.dll
2016-02-24 15:24 - 2016-01-28 16:40 - 00163840 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohosobj_x64.dll
2016-02-24 15:24 - 2016-01-28 16:40 - 00163840 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohosobj.dll
2016-02-24 15:24 - 2016-01-26 12:28 - 00835584 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohos_cp.dll
2016-02-24 15:24 - 2016-01-26 12:28 - 00761856 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohos_cp_x64.dll
2016-02-24 15:24 - 2016-01-26 12:02 - 00999424 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohos_ui.dll
2016-02-24 15:24 - 2015-11-23 16:54 - 00054272 _____ C:\WINDOWS\system32\rohos_phone_x64.dll
2016-02-24 15:24 - 2015-11-23 16:51 - 00053248 _____ C:\WINDOWS\SysWOW64\rohos_phone.dll
2016-02-24 15:24 - 2015-10-21 11:53 - 00044032 _____ C:\WINDOWS\system32\rohos_jcardv2_x64.dll
2016-02-24 15:24 - 2015-10-21 11:53 - 00033792 _____ C:\WINDOWS\SysWOW64\rohos_jcardv2.dll
2016-02-24 15:24 - 2015-07-29 14:11 - 00114688 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohos_pkcs.dll
2016-02-24 15:24 - 2015-07-29 14:10 - 00129024 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohos_pkcs_x64.dll
2016-02-24 15:24 - 2015-06-03 14:49 - 00163840 _____ C:\WINDOWS\SysWOW64\rohos_btkey.dll
2016-02-24 15:24 - 2015-06-03 14:32 - 00219136 _____ C:\WINDOWS\system32\rohos_btkey.dll
2016-02-24 15:24 - 2015-05-18 18:36 - 00034304 _____ C:\WINDOWS\SysWOW64\rohos_mifare.dll
2016-02-24 15:24 - 2015-05-11 15:18 - 00043008 _____ C:\WINDOWS\system32\rohos_mifare_x64.dll
2016-02-24 15:24 - 2015-04-02 16:32 - 00061952 _____ C:\WINDOWS\system32\rohos_otp_x64.dll
2016-02-24 15:24 - 2015-04-02 16:20 - 00057344 _____ C:\WINDOWS\SysWOW64\rohos_otp.dll
2016-02-24 15:24 - 2015-03-03 12:44 - 00537608 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohos_ui_amd64.dll
2016-02-24 15:24 - 2014-09-16 12:06 - 00028672 _____ C:\WINDOWS\SysWOW64\rohos_ed-fs-2044.dll
2016-02-24 15:24 - 2014-09-16 11:55 - 00037888 _____ C:\WINDOWS\system32\rohos_ed-fs-2044_x64.dll
2016-02-24 15:24 - 2013-09-13 10:34 - 00102400 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohos_ybk.dll
2016-02-24 15:24 - 2013-09-13 10:33 - 00090624 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohos_ybk.dll
2016-02-24 15:24 - 2013-08-13 13:37 - 00025600 _____ C:\WINDOWS\SysWOW64\rohos_cr10mw.dll
2016-02-24 15:24 - 2013-05-29 12:44 - 00025088 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohos_vson.dll
2016-02-24 15:24 - 2013-05-29 12:21 - 00030208 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohos_vson_x64.dll
2016-02-24 15:24 - 2011-05-05 12:23 - 00090112 _____ C:\WINDOWS\SysWOW64\rohos_btkey2.dll
2016-02-24 15:24 - 2009-04-01 11:50 - 00075624 _____ (Tesline-Service SRL) C:\WINDOWS\SysWOW64\rohos_swk.dll
2016-02-24 15:24 - 2008-05-06 16:01 - 00920576 _____ (Tesline-Service SRL) C:\WINDOWS\system32\rohos_ui_ia64.dll
2016-02-24 15:24 - 2006-04-12 11:40 - 00270336 _____ (Pizzolato Davide - www.xdp.it) C:\WINDOWS\SysWOW64\cximagecrt.dll
2016-02-23 14:35 - 2016-02-23 14:35 - 00060733 _____ C:\Users\cwfix\Documents\%difference.pdf
2016-02-22 14:18 - 2016-02-09 04:25 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436191.dll
2016-02-22 14:18 - 2016-02-09 04:25 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436191.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-23 18:44 - 2016-01-13 13:35 - 00530232 _____ (CrowdStrike, Inc.) C:\Users\cwfix\Desktop\CrowdInspect.exe
2016-03-23 18:42 - 2016-01-01 22:00 - 00000000 ___RD C:\Users\cwfix\OneDrive
2016-03-23 18:27 - 2016-01-12 23:59 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Skype
2016-03-23 18:14 - 2016-01-01 22:04 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 18:14 - 2016-01-01 22:04 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-23 18:03 - 2016-01-03 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-23 17:32 - 2016-01-09 21:17 - 00000000 ____D C:\Users\cwfix\AppData\Local\CrashDumps
2016-03-23 13:22 - 2016-01-01 22:08 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{620EB2EB-7944-423B-BFE5-FE3D1FB8C991}
2016-03-23 07:50 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-23 06:58 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-23 06:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-22 07:49 - 2016-02-09 09:03 - 00001200 _____ C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2016-03-22 07:49 - 2016-01-05 09:33 - 00001200 _____ C:\Users\cwfix\Desktop\GP5.lnk
2016-03-22 07:49 - 2016-01-05 09:33 - 00001200 _____ C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2016-03-19 00:45 - 2016-01-31 04:39 - 00000000 ____D C:\Users\cwfix
2016-03-17 23:26 - 2016-01-18 17:42 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\NVIDIA
2016-03-17 21:47 - 2016-01-01 22:03 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-17 21:47 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-17 21:41 - 2016-01-31 04:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-17 21:41 - 2016-01-31 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-17 21:41 - 2015-10-15 09:45 - 00000091 _____ C:\HaxLogs.txt
2016-03-17 21:40 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-17 00:20 - 2016-01-31 04:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-17 00:20 - 2016-01-01 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-17 00:16 - 2016-01-01 22:23 - 00000000 ____D C:\Users\cwfix\AppData\Local\NVIDIA Corporation
2016-03-17 00:16 - 2016-01-01 22:09 - 00001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-17 00:16 - 2016-01-01 22:09 - 00000000 ____D C:\Users\cwfix\AppData\Local\NVIDIA
2016-03-16 18:39 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 11:11 - 2016-01-01 22:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-15 17:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-15 16:33 - 2016-02-07 18:20 - 00000000 ____D C:\Users\cwfix\AppData\Local\Deployment
2016-03-14 21:14 - 2016-01-01 22:05 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 21:14 - 2016-01-01 22:05 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-14 08:50 - 2016-01-15 17:42 - 00000000 ____D C:\Users\cwfix\Desktop\Traktor#stuff
2016-03-13 08:05 - 2016-01-31 04:38 - 00211808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 11:25 - 2016-01-01 22:00 - 00002367 _____ C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 04:35 - 2016-01-01 21:59 - 00000000 ____D C:\Users\cwfix\AppData\Local\Packages
2016-03-10 16:49 - 2016-01-11 23:04 - 00042000 _____ C:\Users\cwfix\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-10 16:14 - 2015-10-30 03:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-10 16:14 - 2015-10-30 03:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-10 16:14 - 2015-10-30 03:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-10 16:14 - 2015-10-30 03:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-10 13:37 - 2016-01-27 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-10 13:36 - 2016-01-27 18:39 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-03-10 13:36 - 2016-01-27 18:39 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-03-10 13:36 - 2016-01-27 18:39 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-03-10 11:28 - 2016-01-01 22:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 11:26 - 2016-01-01 22:17 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 23:19 - 2016-01-01 22:17 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-08 06:27 - 2016-01-01 22:17 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 02:42 - 2016-01-31 04:38 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-08 02:42 - 2016-01-31 04:38 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-07 00:22 - 2016-01-31 04:38 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-06 18:07 - 2016-01-19 09:19 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2016-03-04 17:05 - 2016-01-01 21:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-04 17:03 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-04 17:03 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-04 17:03 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-03 22:35 - 2016-01-03 16:26 - 00282296 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2016-03-03 22:35 - 2016-01-03 16:26 - 00282296 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-03-03 22:34 - 2016-01-03 16:26 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-02 14:08 - 2016-01-27 18:45 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Avira
2016-03-02 09:03 - 2016-01-27 18:38 - 00001207 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-27 15:46 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-27 14:52 - 2016-01-01 22:08 - 00000000 ____D C:\Users\cwfix\.oracle_jre_usage
2016-02-25 10:21 - 2016-01-01 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 09:12 - 2016-01-11 22:27 - 00001802 _____ C:\Users\Public\Desktop\Revit 2016.lnk
2016-02-23 09:12 - 2016-01-11 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-02-23 09:10 - 2016-01-11 22:33 - 00000000 ____D C:\Users\cwfix\Documents\Autodesk Application Manager
2016-02-23 09:10 - 2016-01-11 22:27 - 00000000 ____D C:\Program Files\Autodesk
2016-02-23 09:08 - 2016-01-05 09:33 - 00000000 ____D C:\Users\cwfix\Documents\gp5
 
==================== Files in the root of some directories =======
 
2015-08-13 09:41 - 2015-08-13 09:47 - 0047462 ___SH () C:\Users\cwfix\AppData\Roaming\d3dx10.exe
2016-03-15 05:07 - 2016-03-15 05:07 - 0002220 _____ () C:\Users\cwfix\AppData\Roaming\LurPerusalStairhead
2016-03-15 05:07 - 2016-03-15 05:07 - 0049910 _____ () C:\Users\cwfix\AppData\Roaming\slides-table.css
2016-01-09 21:11 - 2016-01-09 21:11 - 0000431 _____ () C:\Users\cwfix\AppData\Roaming\WiinUSoft_prefs.config
2016-01-10 22:31 - 2016-02-19 23:20 - 0007594 _____ () C:\Users\cwfix\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\cwfix\AppData\Local\Temp\avgnt.exe
C:\Users\cwfix\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\cwfix\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\cwfix\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-12 10:05
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by cwfix (2016-03-23 19:00:52)
Running from C:\Users\cwfix\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-31 08:43:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3172003162-2618980517-3255623437-500 - Administrator - Disabled)
cwfix (S-1-5-21-3172003162-2618980517-3255623437-1001 - Administrator - Enabled) => C:\Users\cwfix
DefaultAccount (S-1-5-21-3172003162-2618980517-3255623437-503 - Limited - Disabled)
Guest (S-1-5-21-3172003162-2618980517-3255623437-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk BIM 360 Revit 2016 Add-in 64 bit (HKLM\...\{42801DBD-6B69-4FB3-848A-A12D624841FB}) (Version: 4.37.4474 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.18 - Autodesk)
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit 2016 SP2 (HKLM\...\Autodesk Revit 2016 SP2) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit Content Libraries 2016 (HKLM\...\Autodesk Revit Content Libraries 2016) (Version: 16.0.428.0 - Autodesk)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.3 - Dropbox, Inc.) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Forbidden planet (HKLM\...\Steam App 434610) (Version:  - RandomSpinStudio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GP5 Web Conferencing (HKLM-x32\...\omniview) (Version:  - )
HAWKEN (HKLM\...\Steam App 271290) (Version:  - Reloaded Games)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mayflash WiiU Pro Game Controller Adapter (HKLM-x32\...\{4A168BA0-6E0B-4EA2-98C1-75EC594F3F3D}) (Version: 3.85 - My Company Name)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.9.3.355 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.10.0.13 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pinball FX2 (HKLM\...\Steam App 226980) (Version:  - Zen Studios)
Planetary Annihilation (HKLM\...\Steam App 233250) (Version:  - Uber Entertainment)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden
Revit Content Libraries 2016 (Version: 16.0.428.0 - Autodesk) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VNC Server 5.3.0 (HKLM\...\{9FC6D0C1-137D-4A03-9345-ACB9403BFF69}) (Version: 5.3.0.15303 - RealVNC Ltd)
VNC Viewer 5.3.0 (HKLM\...\{80B5CC59-1240-4ADA-B6AC-C8BA058153A6}) (Version: 5.3.0.15303 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2700 - Broadcom Corporation)
WinRAR 5.31 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {5DDA2293-6D0C-4F72-9305-63138E3D2216} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-01] (Google Inc.)
Task: {911B14D6-ABD5-479A-B467-50793B509F94} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\cwfix\AppData\Roaming\d3dx10.exe [2015-08-13] ()
Task: {9403680E-D64F-4BCC-939F-1FE0A75226D4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-25] (Dropbox, Inc.)
Task: {960BBC66-7DC2-4E3D-967F-41360802052A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {B7009372-D0B8-4A4C-A092-C4ADC90D812F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-01] (Google Inc.)
Task: {BE5B6C5B-0BC8-4DCA-A64F-005BD49A884E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-25] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-03 16:26 - 2016-01-03 16:33 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-03-17 00:16 - 2016-02-17 02:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-01 22:09 - 2016-02-17 02:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-17 00:16 - 2016-02-17 02:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-31 04:38 - 2016-03-08 02:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-02 09:12 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 09:12 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-07 18:20 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 09:12 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-02-07 18:20 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-08 19:25 - 2016-02-08 19:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-01 22:09 - 2016-02-17 03:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-08 19:25 - 2016-02-08 19:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-08 19:25 - 2016-02-08 19:25 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-14 21:14 - 2016-03-07 22:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 21:14 - 2016-03-07 22:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rohos => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\Downloads\wallpapericecream3-19-.jpg
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bench_under_tree_winter-wallpaper-1920x1080.jpg
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{8db45729-a3f6-4fa3-97db-55895983b250}.jpg
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\Downloads\wallpapericecream3-19-.jpg
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\Downloads\wallpapericecream3-19-.jpg
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\Downloads\wallpapericecream3-19-.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "RohosLogon"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\StartupApproved\Run: => "JoystickCurves"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "JoystickCurves"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "JoystickCurves"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "JoystickCurves"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\StartupApproved\Run: => "JoystickCurves"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\StartupApproved\Run: => "JoystickCurves"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5C3DC708-BC0F-4A20-906F-C5015F0DE8FD}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{5A70CBF2-9EDB-4FA6-9293-9DCF15A52473}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{86D9E39B-1A0B-40D5-8CF3-21C2CAE62A53}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{24B942F6-56F5-4FCC-9B74-8A92231533A9}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{B7378969-EDBE-4E29-B4A4-95D2EE789018}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{0E145E49-074A-4676-9BE6-9331059ED7F4}C:\users\cwfix\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cwfix\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4BFFBB29-BF91-458C-897A-A8CDBBA36688}C:\users\cwfix\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cwfix\appdata\local\akamai\netsession_win.exe
FirewallRules: [{168A769D-5FC6-4B46-AD15-5D16E92F4BEB}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{ADC16AB2-2C6C-4507-BA12-F7F60C264CEB}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{8F542578-5F5E-4701-98A5-980514903424}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{AF5E778C-B969-4982-932E-20ADD26703ED}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [UDP Query User{2ED30D5C-2347-4F94-8EFB-8C29A2B2B3D3}C:\program files (x86)\gatherworks\omniview4\gp5.exe] => (Allow) C:\program files (x86)\gatherworks\omniview4\gp5.exe
FirewallRules: [TCP Query User{82482BB6-CAC6-43B4-B793-8CBF4A796CA2}C:\program files (x86)\gatherworks\omniview4\gp5.exe] => (Allow) C:\program files (x86)\gatherworks\omniview4\gp5.exe
FirewallRules: [UDP Query User{C86BC877-E87D-42C8-845F-F9C7F2FB2340}E:\programfiles\steamlibrary\steamapps\common\battlefield bad company 2\bfbc2game.exe] => (Allow) E:\programfiles\steamlibrary\steamapps\common\battlefield bad company 2\bfbc2game.exe
FirewallRules: [TCP Query User{AA13EB3C-56FD-4164-B29A-EECA5A13F520}E:\programfiles\steamlibrary\steamapps\common\battlefield bad company 2\bfbc2game.exe] => (Allow) E:\programfiles\steamlibrary\steamapps\common\battlefield bad company 2\bfbc2game.exe
FirewallRules: [{20F4FADB-8607-4348-AF20-704E93572656}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1B9AF9AE-0E1C-4DFB-8DA2-F3C2671CA147}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1B587287-C9E0-4CAE-A56D-47B7DC313E8E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C2259E16-E6C7-4ABA-BCB4-31A12FF1693E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0DC986AE-11DD-4D3B-88F0-1FE6CC772BDF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A51D8ABA-CE8C-493B-B6DD-B472783E7529}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D96B1AC-2411-47B5-AACA-0445292A6A1B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA170099-AF82-4ED2-AE69-76C22CF371BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B14AA6EF-1AAA-4862-845C-0623B0494423}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B276D0C0-E361-42EA-9B58-8DC82F5C3F19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E838759F-73C2-49AC-9DA1-8166C8D4CCAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{16347648-EC5C-4FEF-9295-BB6DFF3F2359}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{526F0483-4A5B-4DD9-875B-DBD16551300C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A9E763A2-FDCD-40F0-BC17-A4B6F990722C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{651C2A71-4C9C-4240-BF7F-1C8454302B09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3420D10D-E71C-47E6-83F5-EFA769DB20F9}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{0ED8562C-E979-4057-890E-750EECC79290}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{2935A201-C730-44FA-9F32-2F00921D6513}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Airport Madness World Edition\AMWE.exe
FirewallRules: [{D33A041E-863A-4A35-9E55-4C68B6B6A099}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Airport Madness World Edition\AMWE.exe
FirewallRules: [{98F03212-6A1F-4717-A4BF-E771A27A90D9}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{9AFD1E83-86CC-4434-AA64-79F5C710CB15}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{73CA97C9-7AF3-4BBC-98CC-185D624C0CF8}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{9425DB55-1C2E-41AC-9F21-48F66D6DB7CD}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{30DD1102-C190-4B16-9E69-48D604E97C5A}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{35E66C55-2852-407D-8F7C-AB7011AB30CD}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{C4BCE0D8-653F-462F-A4BA-E0425CD1C22E}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{D5903450-EF87-4055-9999-3E05226FCE23}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{F08EF4FB-85C4-4320-B642-BA89D6B54BCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2DD17DAA-7DF3-4012-B1A1-80F04E052467}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{583F0FC5-77EE-4347-B25A-3C128D16A8A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{54247B75-53F9-4241-B99F-6147038FB69B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{69E8283F-8BC8-4764-8F64-53641CF3910D}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{0F0479D6-B3AB-40E9-8D52-77889067E05E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0AC84269-9594-4B6C-80D7-7A0DFD1B250D}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{E4A3972A-6D66-4B0E-971D-BC49783888CA}C:\program files\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\java.exe
FirewallRules: [TCP Query User{103BBB3D-E956-4EAD-B216-49A65B3CEBC9}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{0A44F59D-492B-459F-B899-ECA4AE6D192D}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{A965C83A-CC70-4360-8220-80FD20420E82}C:\program files\java\jdk1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{BF5BFFC7-C0A2-46F5-A876-342D4D9A0CA6}C:\program files\java\jdk1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_73\bin\java.exe
FirewallRules: [{24CA55BA-7BDF-4171-8D46-C8CC45D7106C}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{1965EC10-556F-4D7B-AAE5-F5AB5262B007}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{1F32944F-2E0A-407D-883B-BBDBA38DCD98}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{3B0FA4DB-C3B9-4CC5-93BB-11CD4A7C63E5}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{4407A2DB-1DD5-49ED-A860-85ECCD3EEA2D}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{93D25C7D-60EF-48DF-9E7D-D18CF104EB3D}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{E61218BE-5DE7-4A4D-B86F-CF64C0A243A8}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{6A6AFBBA-08E4-4ABD-9DA2-264D6363AFA3}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [TCP Query User{AA0F2191-FE20-4D27-A7A2-FAAC24C177CC}C:\program files (x86)\gatherworks\omniview4\gp5.exe] => (Allow) C:\program files (x86)\gatherworks\omniview4\gp5.exe
FirewallRules: [UDP Query User{15FDBCDE-CE93-4608-9CB5-CB6AB1AACAD6}C:\program files (x86)\gatherworks\omniview4\gp5.exe] => (Allow) C:\program files (x86)\gatherworks\omniview4\gp5.exe
FirewallRules: [TCP Query User{46A83B36-0E96-4427-B7B1-DD2DC17C2587}C:\users\cwfix\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cwfix\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{09D40D09-3E34-48B2-8F98-3FA494815E86}C:\users\cwfix\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cwfix\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DC645021-327B-42EC-AA6D-23B34A7D3B83}] => (Allow) C:\Users\cwfix\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2A49B4B-D4E2-47D5-9E70-3E3E171D99B9}] => (Allow) C:\Users\cwfix\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EF3E541C-254C-4B7E-AD3E-3A8E2CA66F39}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{24C5A501-DD81-4A5E-BA85-584569E07BDE}] => (Allow) D:\Local Disk\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{6C2CCB05-2007-46AE-B129-567543C3B14F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B3667DEB-3FB2-4AB2-A290-7FD6DC2399DD}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{128531F0-DC48-4AE3-9C4F-C7B6B4FFD943}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{A04B6284-6C4F-4620-A866-6E438079646B}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{05650E89-C04D-43C7-B2F3-E8104E47CBAC}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{0B892F4E-2AFA-461A-A629-28FA2FA53C98}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{1FBFEDB3-DF31-4FA1-9160-879B28E4299F}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{80BC6A58-9723-4254-AD27-3E400F3AC3BE}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{EDE88FC8-02EA-449A-8ECB-80A4AB37D100}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{06205920-324D-4C24-B241-D0AC19E1D58A}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{ED1A43AB-22BC-413E-BA68-6D9C5FCE78B8}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{62DC4209-287C-4F5B-8734-260DBB66F397}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B62DBB04-64A6-4855-92FE-8FD0BCE3C83B}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{55C30A5A-506D-4490-AD33-DC2A716B5C63}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{B2C23D96-3CA8-4A24-8DA9-68A74F928C1A}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{DA82D03D-2085-4038-B0E3-BB720BD320C9}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{B3034CE0-F58F-44AF-A32B-E34E980A18F0}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{4E626B99-A25C-4945-9FA1-166013172F03}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{067A66C3-D020-469B-84F6-E2513053D7EA}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{5D2110FF-D391-48F2-A023-B2BE9689A4BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{DFB9B817-2B35-440F-ACB5-9B5570F3CCE0}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Wind_Forbidden_planet\Forbiddenplanet.exe
FirewallRules: [{2651116E-8867-4D39-949B-51C96CB26BC0}] => (Allow) E:\ProgramFiles\SteamLibrary\steamapps\common\Wind_Forbidden_planet\Forbiddenplanet.exe
 
==================== Restore Points =========================
 
17-03-2016 23:26:37 Installed DirectX
21-03-2016 21:38:57 Installed MuseScore 2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/23/2016 06:39:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.18.0.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 13f8
 
Start Time: 01d184f2428bf348
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: 0ec819ca-f148-11e5-9be1-5cf37075f663
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/23/2016 05:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MuseScore.exe, version: 0.0.0.0, time stamp: 0x0ddaf808
Faulting module name: kz2asio32.dll, version: 3.1.0.761, time stamp: 0x50d03c66
Exception code: 0xc0000005
Fault offset: 0x0004e4e6
Faulting process id: 0x1f90
Faulting application start time: 0xMuseScore.exe0
Faulting application path: MuseScore.exe1
Faulting module path: MuseScore.exe2
Report Id: MuseScore.exe3
Faulting package full name: MuseScore.exe4
Faulting package-relative application ID: MuseScore.exe5
 
Error: (03/22/2016 01:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.1.56.9119, time stamp: 0x56a8ea7a
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd55ab
Exception code: 0xe0434352
Fault offset: 0x000bdad8
Faulting process id: 0xa10
Faulting application start time: 0xAvira.ServiceHost.exe0
Faulting application path: Avira.ServiceHost.exe1
Faulting module path: Avira.ServiceHost.exe2
Report Id: Avira.ServiceHost.exe3
Faulting package full name: Avira.ServiceHost.exe4
Faulting package-relative application ID: Avira.ServiceHost.exe5
 
Error: (03/21/2016 11:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MuseScore.exe, version: 0.0.0.0, time stamp: 0x0ddaf808
Faulting module name: kz2asio32.dll, version: 3.1.0.761, time stamp: 0x50d03c66
Exception code: 0xc0000005
Fault offset: 0x0004e4e6
Faulting process id: 0x21d0
Faulting application start time: 0xMuseScore.exe0
Faulting application path: MuseScore.exe1
Faulting module path: MuseScore.exe2
Report Id: MuseScore.exe3
Faulting package full name: MuseScore.exe4
Faulting package-relative application ID: MuseScore.exe5
 
Error: (03/21/2016 09:38:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/19/2016 05:50:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PA.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 184c
 
Start Time: 01d18229037e29d6
 
Termination Time: 78
 
Application Path: E:\ProgramFiles\SteamLibrary\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
 
Report Id: 9f1e6371-ee1c-11e5-9be1-5cf37075f663
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/17/2016 11:28:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/17/2016 11:26:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/17/2016 10:11:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x1098
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5
 
Error: (03/17/2016 06:39:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: Cortana.IntentExtraction.dll, version: 0.0.0.0, time stamp: 0x568b1b20
Exception code: 0x80000003
Fault offset: 0x000000000003294f
Faulting process id: 0x1484
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
 
System errors:
=============
Error: (03/23/2016 06:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NIHardwareService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2016 06:41:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Driver Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2016 06:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Autodesk Application Manager Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (03/23/2016 06:40:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Autodesk Application Manager Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2016 06:38:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/23/2016 03:24:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/23/2016 03:21:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/23/2016 08:42:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/23/2016 08:31:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/22/2016 10:50:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_332c316d service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-17 19:50:55.314
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:50:55.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:50:55.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:50:55.296
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:50:55.290
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:50:55.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:49:44.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:49:44.567
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:49:44.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-17 19:49:44.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16335.8 MB
Available physical RAM: 12929.48 MB
Total Virtual: 18767.8 MB
Available Virtual: 14852.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:475.95 GB) (Free:379.16 GB) NTFS
Drive d: (Secondary) (Fixed) (Total:931.39 GB) (Free:730.74 GB) NTFS
Drive e: (2Friends) (Fixed) (Total:931.38 GB) (Free:841.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 476.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
TY so much for your help.

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

Are you still getting the alerts from Avira? I'm not seeing any malware in your logs, just a bit of adware and some orphaned entries. However, let's remove those, empty your temporary files, and run some further scans. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Punkbuster

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

So after you have downloaded the removal tool for PunkBuster Services run it as follows...
  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP36616A69-DD62-47D8-8B41-A85E06E1756F&SSPV=","hxxp://www.google.com"
S2 Rohos; C:\Program Files (x86)\Rohos\ntserv.exe [X]
S3 vncserver; "C:\Program Files\RealVNC\VNC Server\vncserver.exe" -service [X]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
  • Things I need to see in your next post:

    Please post each of these logs as a separate reply in this thread.

    Fixlog.txt Log

    Junkware Removal Tool Log

    AdwCleaner Log

    Fresh FRST.txt Log

    Fresh Addition.txt Log

  • 0

#3
DoubleChinLegion

DoubleChinLegion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

2 intermediate questions while I'm retrieving the logs.

1. I receive different findings from Avira pretty much every day at this point.  Most instantly disappear as soon as they are found so Avira fails in removing them.

2. Punkbuster I believe is required to play my favorite game, Battlefield Bad Company 2....  Do I need to say 'bye bye' to it?  I don't know if this is 100% true...  EDIT: OH I can reinstall once I'm done?  I just saw that... whoops

Thank you for jumping into this well.... :D


Edited by DoubleChinLegion, 29 March 2016 - 08:09 PM.

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

1. I receive different findings from Avira pretty much every day at this point. Most instantly disappear as soon as they are found so Avira fails in removing them. EDIT: OH I can reinstall once I'm done? I just saw that... whoops

2. Punkbuster I believe is required to play my favorite game, Battlefield Bad Company 2.... Do I need to say 'bye bye' to it? I don't know if this is 100% true...


No worries on the Punkbuster software, you can reinstall once we're finished, definitely. It interferes some times with the tools I utilize to clean your computer. :)

Thank you for jumping into this well.... :D


You're quite welcome, it's my pleasure. :thumbsup:
  • 0

#5
DoubleChinLegion

DoubleChinLegion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Here ya go!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by cwfix (2016-03-30 08:40:33) Run:1
Running from C:\Users\cwfix\Desktop
Loaded Profiles: cwfix (Available Profiles: cwfix)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP36616A69-DD62-47D8-8B41-A85E06E1756F&SSPV=","hxxp://www.google.com"
S2 Rohos; C:\Program Files (x86)\Rohos\ntserv.exe [X]
S3 vncserver; "C:\Program Files\RealVNC\VNC Server\vncserver.exe" -service [X]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
Chrome StartupUrls => removed successfully
Rohos => service removed successfully
vncserver => service removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{1D27B55F-D7DA-4914-8FF4-F109FB24C269} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 1.4 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:40:45 ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by cwfix (Administrator) on Wed 03/30/2016 at  8:45:35.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\cwfix\AppData\Local\ysearchutil (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/30/2016 at  8:46:17.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v5.107 - Logfile created 30/03/2016 at 08:51:41
# Updated 28/03/2016 by Xplode
# Database : 2016-03-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : cwfix - DESKTOP-C1OUR8G
# Running from : C:\Users\cwfix\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
[-] File Deleted : C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
 
***** [ Web browsers ] *****
 
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : metal-gear-solid-v-the-phantom-pain.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : free-keylogger.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : all-in-one-voice-changer.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : pdanet.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : pricegrabber.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : knctr.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : explorelearning.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : micro-keylogger.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : 1and1.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : undercoverxp.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : pc-telephone.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : viber-windows-8.en.softonic.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : flightaware.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : instantlogosearch.com
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP36616A69-DD62-47D8-8B41-A85E06E1756F&SSPV=
[-] [C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kbfnbcaeplbcioakkpcpgfkobkghlhen
 
*************************
 
:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4130 bytes] - [30/03/2016 08:51:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [3862 bytes] - [30/03/2016 08:50:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4276 bytes] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by cwfix (administrator) on DESKTOP-C1OUR8G (30-03-2016 08:53:52)
Running from C:\Users\cwfix\Desktop
Loaded Profiles: cwfix (Available Profiles: cwfix)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Scarlet.Crush Productions) C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\cwfix\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Autodesk Inc.) C:\Users\cwfix\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\System32\BdeUISrv.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RohosLogon] => "C:\Program Files (x86)\Rohos\welcome-user.exe" per-user
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-28] (Valve Corporation)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [Akamai NetSession Interface] => C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [JoystickCurves] => C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Run: [YQCPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\cwfix\AppData\Local\Ujmedia\atiClock.dll
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\RunOnce: [Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{022bbbb6-9728-4b66-a38c-a1a85ecd81f2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6216f023-47ad-4d63-9a6b-81a922b10b73}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001 -> {85DC39B4-4736-490F-ACA0-9D16C87A6F6B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-01]
CHR Extension: (Google Docs) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-01]
CHR Extension: (Google Drive) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-01]
CHR Extension: (Photos - Google Photos) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blckliiiahkijfikcfmbncibcefakemp [2016-01-01]
CHR Extension: (YouTube) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-01]
CHR Extension: (GeoGebra) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-01-01]
CHR Extension: (Google Search) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-01]
CHR Extension: (Sumo Paint) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2016-03-25]
CHR Extension: (Perk for Chrome) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpaeddemekchnbmjmcjplbbeeheionp [2016-01-21]
CHR Extension: (Google Sheets) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-01]
CHR Extension: (Avira Browser Safety) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-15]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-30]
CHR Extension: (Inbox) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdbgcjkoinbbkebiinegogimaehanpk [2016-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-17]
CHR Extension: (Treasure Arena) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hedpcboianohjgdhoblpcpgapknkoojm [2016-01-01]
CHR Extension: (codedoodl.es) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfnbfhcojlgbojpphigjibpjkccfikh [2016-03-04]
CHR Extension: (AllCast Receiver) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2016-01-01]
CHR Extension: (Terms of Service; Didn’t Read) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg [2016-01-01]
CHR Extension: (Clock) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoihofapbdnldlhecnhefifbcddgdkhm [2016-01-01]
CHR Extension: (WHA) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjepdmpnjibnpjadgmnhdnbndmghdme [2016-01-01]
CHR Extension: (Open Port Check Tool) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefghalnfhaklfbndadklndcndabkadb [2016-02-10]
CHR Extension: (Skype) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-14]
CHR Extension: (Sumon) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddpmdmpdcbnnkjfplckngdkhhmmbjaf [2016-01-01]
CHR Extension: (Webutation) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2016-01-01]
CHR Extension: (Smart QrCode Generator) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnbjbobhhoaekejilcmdkfomkndikho [2016-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-01]
CHR Extension: (My Chrome Theme) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-01-01]
CHR Extension: (Skype) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonccmmafcaodljbcgobdbknmbljiafh [2016-01-01]
CHR Extension: (Gmail) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-01]
CHR Extension: (APEXvj) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgmjhfhhlkcdaokajkfjimjieapgpao [2016-01-01]
CHR Extension: (Secure Shell) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2016-02-10]
CHR Extension: (Space Planet) - C:\Users\cwfix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2016-01-01]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-25] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2015-09-04] (Scarlet.Crush Productions) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-10] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2016-01-01] ()
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [158272 2016-02-13] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2016-01-01] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3870464 2016-01-01] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions)
S3 vjoy; C:\Windows\System32\drivers\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2016-01-22] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-30 08:53 - 2016-03-30 08:54 - 00024661 _____ C:\Users\cwfix\Desktop\FRST.txt
2016-03-30 08:47 - 2016-03-30 08:51 - 00000000 ____D C:\AdwCleaner
2016-03-30 08:47 - 2016-03-30 08:47 - 03102208 _____ C:\Users\cwfix\Downloads\AdwCleaner (1).exe
2016-03-30 08:46 - 2016-03-30 08:46 - 03102208 _____ C:\Users\cwfix\Downloads\AdwCleaner.exe
2016-03-30 08:46 - 2016-03-30 08:46 - 03102208 _____ C:\Users\cwfix\Desktop\AdwCleaner.exe
2016-03-30 08:46 - 2016-03-30 08:46 - 00000629 _____ C:\Users\cwfix\Desktop\JRT.txt
2016-03-30 08:45 - 2016-03-30 08:45 - 01610352 _____ (Malwarebytes) C:\Users\cwfix\Downloads\JRT (1).exe
2016-03-30 08:45 - 2016-03-30 08:45 - 01610352 _____ (Malwarebytes) C:\Users\cwfix\Desktop\JRT (1).exe
2016-03-30 08:44 - 2016-03-30 08:44 - 00000000 _____ C:\Users\cwfix\Downloads\JRT.exe
2016-03-30 08:40 - 2016-03-30 08:40 - 00001998 _____ C:\Users\cwfix\Desktop\Fixlog.txt
2016-03-30 08:38 - 2016-03-30 08:38 - 00000000 ___HD C:\OneDriveTemp
2016-03-30 08:35 - 2016-03-30 08:35 - 00912744 _____ C:\Users\cwfix\Downloads\pbsvc.exe
2016-03-30 08:35 - 2016-03-30 08:35 - 00912744 _____ C:\Users\cwfix\Desktop\pbsvc.exe
2016-03-29 19:01 - 2016-03-29 19:19 - 00151950 _____ C:\WINDOWS\ntbtlog.txt
2016-03-29 19:01 - 2016-03-29 19:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-29 18:50 - 2016-03-29 18:52 - 00274570 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_18.50.52_log.txt
2016-03-29 18:50 - 2016-03-29 18:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\cwfix\Downloads\tdsskiller.exe
2016-03-29 18:50 - 2016-03-29 18:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\cwfix\Desktop\tdsskiller.exe
2016-03-29 18:48 - 2016-03-29 18:48 - 00224968 _____ (ESET) C:\Users\cwfix\Downloads\ESETPoweliksCleaner.exe
2016-03-29 18:48 - 2016-03-29 18:48 - 00224968 _____ (ESET) C:\Users\cwfix\Desktop\ESETPoweliksCleaner.exe
2016-03-29 18:48 - 2016-03-29 18:48 - 00000022 _____ C:\Users\cwfix\Desktop\ESETPoweliksCleaner.exe_20160329.184811.10372.zip
2016-03-29 10:40 - 2016-03-29 10:40 - 00490592 _____ C:\Users\cwfix\Downloads\imageusb.zip
2016-03-29 10:40 - 2016-03-29 10:40 - 00490592 _____ C:\Users\cwfix\Desktop\imageusb.zip
2016-03-29 10:40 - 2016-03-29 10:40 - 00000000 ____D C:\Users\cwfix\Desktop\imageusb
2016-03-29 10:29 - 2016-03-29 10:30 - 306856930 _____ C:\Users\cwfix\Downloads\cm-13.0-20160329-NIGHTLY-osprey.zip
2016-03-29 10:29 - 2016-03-29 10:29 - 09644032 _____ C:\Users\cwfix\Downloads\cm-13.0-20160329-NIGHTLY-osprey-recovery.img
2016-03-28 16:55 - 2016-03-28 16:56 - 257775060 _____ C:\Users\cwfix\Downloads\cm-12.1-20151117-SNAPSHOT-YOG7DAO1K2-osprey.zip
2016-03-28 16:32 - 2016-03-28 16:32 - 28380886 _____ C:\Users\cwfix\Desktop\Inst.wav
2016-03-28 16:17 - 2016-03-28 16:19 - 306887726 _____ C:\Users\cwfix\Downloads\cm-13.0-20160325-NIGHTLY-osprey.zip
2016-03-28 16:17 - 2016-03-28 16:18 - 306880515 _____ C:\Users\cwfix\Downloads\cm-13.0-20160326-NIGHTLY-osprey.zip
2016-03-28 16:03 - 2016-03-28 16:02 - 158294901 _____ C:\Users\cwfix\Desktop\open_gapps-arm-6.0-micro-20160328.zip
2016-03-28 16:02 - 2016-03-28 16:02 - 158294901 _____ C:\Users\cwfix\Downloads\open_gapps-arm-6.0-micro-20160328.zip
2016-03-28 15:59 - 2016-03-28 15:59 - 121238284 _____ C:\Users\cwfix\Downloads\open_gapps-arm64-6.0-nano-20160327.zip
2016-03-28 15:27 - 2016-03-28 15:27 - 122493831 _____ C:\Users\cwfix\Downloads\open_gapps-arm-6.0-nano-20160328.zip
2016-03-28 15:09 - 2016-03-28 15:09 - 08165376 _____ C:\Users\cwfix\Downloads\twrp-osprey-3.0.0-r2.img
2016-03-28 14:35 - 2016-03-28 14:35 - 09650176 _____ C:\Users\cwfix\Downloads\cm-13.0-20160328-NIGHTLY-osprey-recovery.img
2016-03-28 13:07 - 2016-03-28 13:15 - 306903688 _____ C:\Users\cwfix\Downloads\cm-13.0-20160328-NIGHTLY-osprey.zip
2016-03-27 16:24 - 2016-03-29 19:01 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-26 09:04 - 2016-03-26 09:04 - 00001303 _____ C:\Users\cwfix\Desktop\ACDBurner.lnk
2016-03-26 09:04 - 2016-03-26 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia
2016-03-26 09:04 - 2016-03-26 09:04 - 00000000 ____D C:\Program Files (x86)\Abyssmedia
2016-03-26 09:03 - 2016-03-26 09:03 - 02107627 _____ (AbyssMedia.com ) C:\Users\cwfix\Downloads\audiocdburner.exe
2016-03-24 18:19 - 2016-03-29 18:13 - 00000000 ____D C:\Users\cwfix\Desktop\Important Stuff
2016-03-24 18:11 - 2016-03-27 16:54 - 00000000 ____D C:\Users\cwfix\Downloads\_oldSetupEXE
2016-03-24 14:17 - 2016-03-24 14:36 - 00000000 ____D C:\Users\cwfix\AppData\Local\RelicHuntersZero
2016-03-24 11:20 - 2016-03-24 11:20 - 00000222 _____ C:\Users\cwfix\Desktop\Relic Hunters Zero.url
2016-03-23 19:00 - 2016-03-30 08:53 - 00000000 ____D C:\FRST
2016-03-23 18:59 - 2016-03-23 19:00 - 02374144 _____ (Farbar) C:\Users\cwfix\Desktop\FRST64.exe
2016-03-23 17:59 - 2016-03-23 17:59 - 00000222 _____ C:\Users\cwfix\Desktop\Forbidden planet.url
2016-03-23 14:49 - 2016-03-23 14:50 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\The Last Frontier
2016-03-23 14:41 - 2016-03-23 14:45 - 00000000 ____D C:\Users\cwfix\Desktop\TheLastFrontier
2016-03-23 14:41 - 2016-03-23 14:41 - 00000000 ____D C:\Users\cwfix\AppData\Local\Solid State Networks
2016-03-22 15:12 - 2016-03-28 17:37 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Audacity
2016-03-22 15:12 - 2016-03-22 15:12 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-03-22 15:12 - 2016-03-22 15:12 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-03-22 15:12 - 2016-03-22 15:12 - 00000000 ____D C:\Users\cwfix\AppData\Local\Audacity
2016-03-22 15:12 - 2016-03-22 15:12 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-03-21 21:41 - 2016-03-21 21:41 - 00125583 _____ C:\Users\cwfix\Desktop\Agony_from_Into_the_Woods.pdf
2016-03-21 21:39 - 2016-03-24 17:39 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\MuseScore
2016-03-21 21:39 - 2016-03-21 21:39 - 00001126 _____ C:\Users\cwfix\Desktop\MuseScore 2.lnk
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Users\cwfix\Documents\MuseScore2
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Users\cwfix\AppData\Local\MuseScore
2016-03-21 21:39 - 2016-03-21 21:39 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2016-03-18 20:49 - 2016-03-18 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 23:26 - 2016-03-23 14:49 - 00000000 ____D C:\Users\cwfix\Documents\My Games
2016-03-17 23:19 - 2016-03-17 23:19 - 00000000 ____D C:\Users\cwfix\Documents\Zen Studios
2016-03-17 20:03 - 2016-03-17 20:03 - 00000222 _____ C:\Users\cwfix\Desktop\HAWKEN.url
2016-03-17 20:01 - 2016-03-17 20:01 - 00000222 _____ C:\Users\cwfix\Desktop\Pinball FX2.url
2016-03-17 00:23 - 2016-03-29 19:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-17 00:22 - 2016-03-27 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-17 00:22 - 2016-03-27 16:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-17 00:22 - 2016-03-17 00:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-17 00:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-17 00:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-17 00:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-17 00:20 - 2016-03-17 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-17 00:20 - 2016-03-17 00:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-17 00:20 - 2016-03-08 02:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-17 00:20 - 2016-02-13 21:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-17 00:20 - 2016-02-13 21:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-17 00:20 - 2016-02-13 21:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-17 00:20 - 2016-02-13 21:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-17 00:19 - 2016-03-08 06:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00545632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-17 00:19 - 2016-03-08 06:27 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-17 00:19 - 2016-03-08 06:27 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-16 11:11 - 2016-03-16 11:11 - 00000000 ____D C:\Users\cwfix\AppData\Local\Uber Entertainment
2016-03-16 10:46 - 2016-03-24 11:20 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-16 10:46 - 2016-03-16 10:46 - 00000222 _____ C:\Users\cwfix\Desktop\Planetary Annihilation.url
2016-03-15 05:07 - 2016-03-15 05:07 - 00049910 _____ C:\Users\cwfix\AppData\Roaming\slides-table.css
2016-03-15 05:07 - 2016-03-15 05:07 - 00002220 _____ C:\Users\cwfix\AppData\Roaming\LurPerusalStairhead
2016-03-12 19:58 - 2016-03-12 19:58 - 00000906 _____ C:\Users\cwfix\Desktop\Dungeon of the Endless.lnk
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Users\cwfix\Documents\Dungeon of the Endless
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Dungeon of the Endless
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\AMPLITUDE Studios
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-12 19:58 - 2016-03-12 19:58 - 00000000 ____D C:\Games
2016-03-12 19:42 - 2016-03-12 19:42 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\uTorrent
2016-03-12 19:33 - 2016-03-12 19:33 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\Robot Gentleman Studios
2016-03-12 19:33 - 2016-03-12 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\60 Seconds
2016-03-12 19:32 - 2016-03-12 19:32 - 00003476 _____ C:\WINDOWS\System32\Tasks\IntelMemoryDiagnostic
2016-03-09 10:08 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 10:08 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 10:08 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 10:08 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 10:08 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 10:08 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 10:08 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 10:08 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 10:08 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 10:08 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 10:08 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 10:08 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 10:08 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 10:08 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 10:08 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 10:08 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 10:08 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 10:08 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 10:08 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 10:08 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 10:08 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 10:08 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 10:08 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 10:08 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 10:08 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 10:08 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 10:08 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 10:08 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 10:08 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 10:08 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 10:08 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 10:08 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 10:08 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 10:08 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 10:08 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 10:08 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 10:08 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 10:08 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 10:08 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 10:08 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 10:08 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 10:08 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 10:08 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 10:08 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 10:08 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 10:08 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 10:08 - 2016-02-24 03:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-09 10:08 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 10:08 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 10:08 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 10:08 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 10:08 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 10:08 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 10:08 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 10:08 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 10:08 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 10:08 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 10:08 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 10:08 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 10:08 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 10:08 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 10:08 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 10:08 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 10:08 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 10:08 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 10:08 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 10:08 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 10:08 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 10:08 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 10:08 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 10:08 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 10:08 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 10:08 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 10:08 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 10:08 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 10:08 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 10:08 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 10:08 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 10:08 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 10:08 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 10:08 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 10:08 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 10:08 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 10:08 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 10:08 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 10:08 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 10:08 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 10:08 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 10:08 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 10:08 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 10:08 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 10:08 - 2016-02-24 02:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-09 10:08 - 2016-02-24 02:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-09 10:08 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 10:08 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 10:08 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 10:08 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 10:08 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 10:08 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 10:08 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 10:08 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 10:08 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 10:08 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 10:08 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 10:08 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 10:08 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 10:08 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 10:08 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 10:08 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 10:08 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 10:08 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 10:08 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 10:08 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 10:08 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 10:08 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 10:08 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 10:08 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 10:08 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 10:08 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 10:08 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 10:08 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 10:08 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 10:08 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 10:08 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 10:08 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 10:08 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 10:08 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 10:08 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 10:08 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 10:08 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 10:08 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 10:08 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 10:08 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 10:08 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 10:08 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 10:08 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 10:08 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 10:08 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 10:08 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 10:08 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-09 10:08 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 10:08 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 10:08 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 10:08 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 10:08 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 10:08 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 10:08 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 10:08 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 10:08 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 10:08 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 17:07 - 2016-03-08 17:07 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2016-03-08 17:07 - 2012-09-21 06:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBL.DLL
2016-03-08 09:15 - 2016-03-08 09:15 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-03-08 09:15 - 2012-09-20 06:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBL.DLL
2016-03-02 14:08 - 2016-03-02 14:08 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-02 14:08 - 2016-03-02 14:08 - 00000000 ____D C:\Users\cwfix\AppData\Local\Package Cache
2016-03-02 14:08 - 2016-03-02 14:08 - 00000000 ____D C:\Users\cwfix\AppData\Local\Avira-Scout
2016-03-02 09:12 - 2016-02-23 07:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-02 09:12 - 2016-02-23 07:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-02 09:12 - 2016-02-23 07:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 09:12 - 2016-02-23 07:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-02 09:12 - 2016-02-23 07:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-02 09:12 - 2016-02-23 07:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-02 09:12 - 2016-02-23 07:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-02 09:12 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-02 09:12 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-02 09:12 - 2016-02-23 07:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-02 09:12 - 2016-02-23 06:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-02 09:12 - 2016-02-23 06:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-02 09:12 - 2016-02-23 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-02 09:12 - 2016-02-23 06:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-02 09:12 - 2016-02-23 06:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-02 09:12 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-02 09:12 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-02 09:12 - 2016-02-23 06:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-02 09:12 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-02 09:12 - 2016-02-23 06:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-02 09:12 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-02 09:12 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-02 09:12 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-02 09:12 - 2016-02-23 05:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-02 09:12 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-02 09:12 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 09:12 - 2016-02-23 05:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-02 09:12 - 2016-02-23 05:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-02 09:12 - 2016-02-23 05:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-02 09:12 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-02 09:12 - 2016-02-23 05:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-02 09:12 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-02 09:12 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-02 09:12 - 2016-02-23 05:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-02 09:12 - 2016-02-23 05:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-02 09:12 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-02 09:12 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-02 09:12 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-02 09:12 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-02 09:12 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-02 09:12 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-02 09:12 - 2016-02-23 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 09:12 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-02 09:12 - 2016-02-23 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-02 09:12 - 2016-02-23 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-02 09:12 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-02 09:12 - 2016-02-23 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-02 09:12 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-02 09:12 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-02 09:12 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-02 09:12 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-02 09:12 - 2016-02-23 04:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-02 09:12 - 2016-02-23 04:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-02 09:12 - 2016-02-23 04:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-02 09:12 - 2016-02-23 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-02 09:12 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-02 09:12 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-02 09:12 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-02 09:12 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-02 09:12 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 09:12 - 2016-02-23 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-02 09:12 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-02 09:12 - 2016-02-23 04:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-02 09:12 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-02 09:12 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-02 09:12 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-02 09:12 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-02 09:12 - 2016-02-23 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-02 09:12 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-02 09:12 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-02 09:12 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-02 09:12 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-02 09:12 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-02 09:12 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-02 09:12 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 04:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:12 - 2016-02-23 04:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-02 09:12 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-02 09:12 - 2016-02-23 04:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-02 09:12 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-02 09:12 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-02 09:12 - 2016-02-23 04:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-02 09:12 - 2016-02-23 04:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-02 09:12 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-02 09:12 - 2016-02-23 04:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-02 09:12 - 2016-02-23 04:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-02 09:12 - 2016-02-23 04:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-02 09:12 - 2016-02-23 04:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-02 09:12 - 2016-02-23 04:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-02 09:12 - 2016-02-23 04:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-02 09:12 - 2016-02-23 04:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-02 09:12 - 2016-02-23 04:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-02 09:12 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-02 09:12 - 2016-02-23 04:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-02 09:12 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-02 09:12 - 2016-02-23 04:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-02 09:12 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-02 09:12 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-02 09:12 - 2016-02-23 04:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-02 09:12 - 2016-02-23 03:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-02 09:12 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-02 09:12 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-02 09:12 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-02 09:12 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-02 09:12 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-02 09:12 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-02 09:12 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-02 09:12 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-02 09:12 - 2016-02-23 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-02 09:12 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-02 09:12 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 09:12 - 2016-02-23 03:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:12 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-02 09:12 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-02 09:12 - 2016-02-23 03:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-02 09:12 - 2016-02-23 03:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 09:12 - 2016-02-23 03:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-02 09:12 - 2016-02-23 03:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-02 09:12 - 2016-02-23 03:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-02 09:12 - 2016-02-23 03:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-02 09:12 - 2016-02-23 03:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-02 09:12 - 2016-02-23 03:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-02 09:12 - 2016-02-23 03:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 09:12 - 2016-02-23 03:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-02 09:12 - 2016-02-23 03:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-02 09:12 - 2016-02-23 03:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-02 09:12 - 2016-02-23 03:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-02 09:12 - 2016-02-23 03:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-02 09:12 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-02 09:12 - 2016-02-23 02:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-02 09:12 - 2016-02-23 02:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-02 09:12 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-02 09:12 - 2016-02-23 02:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-02 09:12 - 2016-02-23 02:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-02 09:12 - 2016-02-23 02:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-02 09:12 - 2016-02-23 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-02 09:12 - 2016-02-23 02:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-02 09:12 - 2016-02-23 02:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-02 09:12 - 2016-02-23 02:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-02 09:12 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-02 09:12 - 2016-02-23 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-02 09:12 - 2016-02-23 02:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-02 09:12 - 2016-02-23 02:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-02 09:12 - 2016-02-23 02:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-02 09:12 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-02 09:12 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-02 09:12 - 2016-02-23 02:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-02 09:12 - 2016-02-23 02:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-02 09:12 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-02 09:12 - 2016-02-09 00:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-02 09:12 - 2016-02-09 00:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-02 09:12 - 2016-02-08 23:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-02 09:12 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-02 09:12 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-02 09:12 - 2016-02-08 23:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-02 09:12 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-02 09:12 - 2016-02-08 23:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-30 08:53 - 2016-02-25 10:24 - 00000000 ___RD C:\Users\cwfix\Dropbox
2016-03-30 08:53 - 2016-02-25 10:23 - 00000000 ____D C:\Users\cwfix\AppData\Local\Dropbox
2016-03-30 08:53 - 2016-01-12 23:59 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Skype
2016-03-30 08:53 - 2016-01-09 21:17 - 00000000 ____D C:\Users\cwfix\AppData\Local\CrashDumps
2016-03-30 08:53 - 2016-01-03 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-30 08:53 - 2016-01-01 22:04 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-30 08:53 - 2016-01-01 22:00 - 00000000 ___RD C:\Users\cwfix\OneDrive
2016-03-30 08:52 - 2016-02-25 10:23 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-30 08:52 - 2016-01-31 04:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-30 08:52 - 2016-01-31 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-30 08:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-30 08:52 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-30 08:52 - 2015-10-15 09:45 - 00000091 _____ C:\HaxLogs.txt
2016-03-30 08:49 - 2016-01-01 22:08 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{620EB2EB-7944-423B-BFE5-FE3D1FB8C991}
2016-03-30 08:47 - 2016-01-01 22:03 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-30 08:47 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-30 08:47 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-30 08:42 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-30 08:40 - 2016-02-12 15:41 - 00000000 ____D C:\Users\cwfix\AppData\LocalLow\Temp
2016-03-30 08:28 - 2016-02-25 10:23 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-29 18:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Vss
2016-03-29 18:14 - 2016-01-01 22:04 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-29 08:16 - 2016-02-09 09:03 - 00001200 _____ C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\GP5.lnk
2016-03-29 08:16 - 2016-01-05 09:33 - 00001200 _____ C:\Users\cwfix\Desktop\GP5.lnk
2016-03-29 08:16 - 2016-01-05 09:33 - 00001200 _____ C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GP5.lnk
2016-03-28 23:05 - 2016-01-03 16:26 - 00282296 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2016-03-28 23:04 - 2016-01-03 16:26 - 00215128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2016-03-27 16:53 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-27 12:07 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-26 17:21 - 2016-02-26 22:37 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-26 17:21 - 2016-02-26 22:37 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-26 17:21 - 2016-02-26 22:37 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-26 00:01 - 2016-01-31 04:39 - 00000000 ____D C:\Users\cwfix
2016-03-24 18:24 - 2016-01-15 17:42 - 00000000 ____D C:\Users\cwfix\Desktop\Traktor#stuff
2016-03-24 18:21 - 2016-01-27 18:50 - 00000000 ____D C:\Users\cwfix\Desktop\qwret
2016-03-18 20:49 - 2016-02-25 10:23 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-17 23:26 - 2016-01-18 17:42 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\NVIDIA
2016-03-17 00:20 - 2016-01-31 04:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-17 00:20 - 2016-01-01 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-17 00:16 - 2016-01-01 22:23 - 00000000 ____D C:\Users\cwfix\AppData\Local\NVIDIA Corporation
2016-03-17 00:16 - 2016-01-01 22:09 - 00001454 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-17 00:16 - 2016-01-01 22:09 - 00000000 ____D C:\Users\cwfix\AppData\Local\NVIDIA
2016-03-16 18:39 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 11:11 - 2016-01-01 22:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-15 17:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-15 16:33 - 2016-02-07 18:20 - 00000000 ____D C:\Users\cwfix\AppData\Local\Deployment
2016-03-14 21:14 - 2016-01-01 22:05 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 21:14 - 2016-01-01 22:05 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-13 08:05 - 2016-01-31 04:38 - 00211808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-12 23:36 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-11 22:54 - 2016-02-26 17:23 - 00000000 ____D C:\Users\cwfix\Documents\BarcodeManager
2016-03-11 11:25 - 2016-01-01 22:00 - 00002367 _____ C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 04:35 - 2016-01-01 21:59 - 00000000 ____D C:\Users\cwfix\AppData\Local\Packages
2016-03-10 16:49 - 2016-01-11 23:04 - 00042000 _____ C:\Users\cwfix\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-10 16:14 - 2015-10-30 03:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-10 16:14 - 2015-10-30 03:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-10 16:14 - 2015-10-30 03:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-10 16:14 - 2015-10-30 03:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-10 16:14 - 2015-10-30 03:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-10 13:37 - 2016-01-27 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-10 13:36 - 2016-01-27 18:39 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-03-10 13:36 - 2016-01-27 18:39 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-03-10 13:36 - 2016-01-27 18:39 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-03-10 11:59 - 2016-02-27 14:56 - 00000000 ____D C:\Users\cwfix\.android
2016-03-10 11:28 - 2016-01-01 22:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 11:26 - 2016-01-01 22:17 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 23:19 - 2016-01-01 22:17 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-09 09:22 - 2016-02-25 10:31 - 00000000 ____D C:\Users\cwfix\AppData\Local\Eclipse
2016-03-09 09:22 - 2016-02-25 10:17 - 00000000 ____D C:\Users\cwfix\Desktop\eclipse
2016-03-09 09:22 - 2016-02-25 10:17 - 00000000 ____D C:\Users\cwfix\.p2
2016-03-08 06:27 - 2016-01-01 22:17 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-08 06:27 - 2016-01-01 22:17 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-08 02:42 - 2016-01-31 04:38 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-08 02:42 - 2016-01-31 04:38 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-08 02:42 - 2016-01-31 04:38 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-07 00:22 - 2016-01-31 04:38 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-06 18:07 - 2016-01-19 09:19 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2016-03-04 17:05 - 2016-01-01 21:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-04 17:03 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-04 17:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-04 17:03 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-04 17:03 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-02 14:08 - 2016-01-27 18:45 - 00000000 ____D C:\Users\cwfix\AppData\Roaming\Avira
2016-03-01 11:16 - 2016-02-25 10:17 - 00000000 ____D C:\Users\cwfix\.eclipse
 
==================== Files in the root of some directories =======
 
2015-08-13 09:41 - 2015-08-13 09:47 - 0047462 ___SH () C:\Users\cwfix\AppData\Roaming\d3dx10.exe
2016-03-15 05:07 - 2016-03-15 05:07 - 0002220 _____ () C:\Users\cwfix\AppData\Roaming\LurPerusalStairhead
2016-03-15 05:07 - 2016-03-15 05:07 - 0049910 _____ () C:\Users\cwfix\AppData\Roaming\slides-table.css
2016-01-09 21:11 - 2016-01-09 21:11 - 0000431 _____ () C:\Users\cwfix\AppData\Roaming\WiinUSoft_prefs.config
2016-01-10 22:31 - 2016-02-19 23:20 - 0007594 _____ () C:\Users\cwfix\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\cwfix\AppData\Local\Temp\avgnt.exe
C:\Users\cwfix\AppData\Local\Temp\libeay32.dll
C:\Users\cwfix\AppData\Local\Temp\msvcr120.dll
C:\Users\cwfix\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-30 08:28
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by cwfix (2016-03-30 08:54:10)
Running from C:\Users\cwfix\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-31 08:43:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3172003162-2618980517-3255623437-500 - Administrator - Disabled)
cwfix (S-1-5-21-3172003162-2618980517-3255623437-1001 - Administrator - Enabled) => C:\Users\cwfix
DefaultAccount (S-1-5-21-3172003162-2618980517-3255623437-503 - Limited - Disabled)
Guest (S-1-5-21-3172003162-2618980517-3255623437-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Abyssmedia Audio CD Burner 4.5.0.0 (HKLM-x32\...\Abyssmedia Audio CD Burner_is1) (Version: 4.5.0.0 - AbyssMedia.com)
Akamai NetSession Interface (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk BIM 360 Revit 2016 Add-in 64 bit (HKLM\...\{42801DBD-6B69-4FB3-848A-A12D624841FB}) (Version: 4.37.4474 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.18 - Autodesk)
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit 2016 SP2 (HKLM\...\Autodesk Revit 2016 SP2) (Version: 16.0.490.0 - Autodesk)
Autodesk Revit Content Libraries 2016 (HKLM\...\Autodesk Revit Content Libraries 2016) (Version: 16.0.428.0 - Autodesk)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Avira Scout (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.3 - Dropbox, Inc.) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Forbidden planet (HKLM\...\Steam App 434610) (Version:  - RandomSpinStudio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GP5 Web Conferencing (HKLM-x32\...\omniview) (Version:  - )
HAWKEN (HKLM\...\Steam App 271290) (Version:  - Reloaded Games)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JoystickCurves (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\c2061649b891e486) (Version: 0.0.6.15 - JoystickCurves)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mayflash WiiU Pro Game Controller Adapter (HKLM-x32\...\{4A168BA0-6E0B-4EA2-98C1-75EC594F3F3D}) (Version: 3.85 - My Company Name)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.9.3.355 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.10.0.13 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pinball FX2 (HKLM\...\Steam App 226980) (Version:  - Zen Studios)
Planetary Annihilation (HKLM\...\Steam App 233250) (Version:  - Uber Entertainment)
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
Relic Hunters Zero (HKLM\...\Steam App 382490) (Version:  - Rogue Snail)
Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden
Revit Content Libraries 2016 (Version: 16.0.428.0 - Autodesk) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Star Citizen Launcher (HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VNC Server 5.3.0 (HKLM\...\{9FC6D0C1-137D-4A03-9345-ACB9403BFF69}) (Version: 5.3.0.15303 - RealVNC Ltd)
VNC Viewer 5.3.0 (HKLM\...\{80B5CC59-1240-4ADA-B6AC-C8BA058153A6}) (Version: 5.3.0.15303 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2700 - Broadcom Corporation)
WinRAR 5.31 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3172003162-2618980517-3255623437-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {5DDA2293-6D0C-4F72-9305-63138E3D2216} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-01] (Google Inc.)
Task: {911B14D6-ABD5-479A-B467-50793B509F94} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\cwfix\AppData\Roaming\d3dx10.exe [2015-08-13] ()
Task: {9403680E-D64F-4BCC-939F-1FE0A75226D4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-25] (Dropbox, Inc.)
Task: {960BBC66-7DC2-4E3D-967F-41360802052A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {B7009372-D0B8-4A4C-A092-C4ADC90D812F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-01] (Google Inc.)
Task: {BE5B6C5B-0BC8-4DCA-A64F-005BD49A884E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-25] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-31 04:38 - 2016-03-08 02:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-28 01:52 - 2012-09-28 01:52 - 00047480 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2016-03-17 00:16 - 2016-02-17 02:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-01 22:09 - 2016-02-17 02:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-17 00:16 - 2016-02-17 02:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 09:12 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 09:12 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-08 19:25 - 2016-02-08 19:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-31 07:35 - 2016-01-31 07:35 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 09:12 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-31 07:35 - 2016-01-31 07:35 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-02-07 18:20 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-07 18:20 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-01-11 22:32 - 2016-02-24 00:47 - 00110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2016-01-11 22:32 - 2016-02-24 00:48 - 00062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-02-08 19:25 - 2016-02-08 19:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-08 19:25 - 2016-02-08 19:25 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-01 22:09 - 2016-02-17 03:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-03 16:04 - 2016-03-10 20:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-03 16:04 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-03 16:04 - 2016-03-28 17:34 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-03 16:04 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-03 16:04 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-03 16:04 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-03 16:04 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-03 16:04 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-03 16:04 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-03 16:04 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-03 16:04 - 2016-03-28 17:34 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-13 08:05 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-01-11 11:36 - 2016-01-11 11:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-01-03 16:04 - 2016-02-08 21:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-03-30 08:53 - 2016-02-24 00:47 - 00110664 _____ () C:\Users\cwfix\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2016-02-25 10:23 - 2016-02-23 14:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-18 20:49 - 2016-02-23 14:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-18 20:49 - 2016-02-23 14:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-25 10:23 - 2016-02-23 14:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-25 10:23 - 2016-02-23 14:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-18 20:49 - 2016-02-23 14:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-25 10:23 - 2016-03-11 20:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-25 10:23 - 2016-02-23 14:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-25 10:23 - 2016-02-23 14:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-18 20:49 - 2016-02-23 14:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-18 20:49 - 2016-02-23 14:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-03-18 20:49 - 2016-03-11 20:18 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-03-18 20:49 - 2016-02-12 20:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-02-25 10:23 - 2016-03-11 20:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-25 10:23 - 2016-02-23 14:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-18 20:49 - 2016-02-23 14:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-18 20:49 - 2016-02-23 14:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-25 10:23 - 2016-02-23 14:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-25 10:23 - 2016-03-11 20:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-18 20:49 - 2016-03-11 20:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-25 10:23 - 2016-02-23 14:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-18 20:49 - 2016-02-23 14:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-18 20:49 - 2016-02-23 14:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-02-25 10:23 - 2016-03-11 20:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-18 20:49 - 2016-03-11 20:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-02-25 10:23 - 2016-02-23 14:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rohos => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwfix\Desktop\Important Stuff\Pics\wallpapericecream3-19-.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "RohosLogon"
HKU\S-1-5-21-3172003162-2618980517-3255623437-1001\...\StartupApproved\Run: => "JoystickCurves"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C3E14DAA-20A7-42BE-8858-70D2271327FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A2372F2-AC7F-4303-8343-D13A8567585E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12914780-5C33-46D9-BB91-D970AC819BAA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{78C938F9-B8AC-4980-9AC2-483AB9FCB6D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BF157265-8334-4C6F-97A0-0F73FBABC023}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FB937EE4-6D85-41C8-8983-D5E5AF8ECBC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1AC00609-B6A5-48B0-A667-2D36F382F63D}C:\users\cwfix\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cwfix\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D4A6510A-BA71-42BD-9522-053C0B717470}C:\users\cwfix\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cwfix\appdata\local\akamai\netsession_win.exe
 
==================== Restore Points =========================
 
30-03-2016 08:32:02 Scheduled Checkpoint
30-03-2016 08:45:35 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/30/2016 08:52:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: Cortana.IntentExtraction.dll, version: 0.0.0.0, time stamp: 0x568b1b20
Exception code: 0x80000003
Fault offset: 0x000000000003294f
Faulting process id: 0x1460
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (03/30/2016 08:47:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C1OUR8G)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/30/2016 08:45:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/30/2016 08:32:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/30/2016 08:28:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (03/27/2016 04:53:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: Cortana.IntentExtraction.dll, version: 0.0.0.0, time stamp: 0x568b1b20
Exception code: 0x80000003
Fault offset: 0x000000000003294f
Faulting process id: 0x1538
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (03/27/2016 04:27:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 14ec
 
Start Time: 01d18866b50fb815
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 601c541c-f45a-11e5-9be1-5cf37075f663
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/27/2016 04:24:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2c64
 
Start Time: 01d1886613b6e16c
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: d72137b9-f459-11e5-9be1-5cf37075f663
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/27/2016 12:07:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/24/2016 05:39:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MuseScore.exe, version: 0.0.0.0, time stamp: 0x0ddaf808
Faulting module name: kz2asio32.dll, version: 3.1.0.761, time stamp: 0x50d03c66
Exception code: 0xc0000005
Fault offset: 0x0004e4e6
Faulting process id: 0xcb0
Faulting application start time: 0xMuseScore.exe0
Faulting application path: MuseScore.exe1
Faulting module path: MuseScore.exe2
Report Id: MuseScore.exe3
Faulting package full name: MuseScore.exe4
Faulting package-relative application ID: MuseScore.exe5
 
 
System errors:
=============
Error: (03/30/2016 08:52:48 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
 
Error: (03/30/2016 08:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4982d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/30/2016 08:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4982d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/30/2016 08:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4982d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/30/2016 08:52:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4982d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/30/2016 08:52:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/30/2016 08:52:10 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/30/2016 08:51:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/30/2016 08:51:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/30/2016 08:51:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-03-29 19:57:33.188
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:57:33.182
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:57:33.178
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:57:33.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:57:33.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:57:33.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:56:34.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:56:34.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:56:34.288
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-29 19:56:34.277
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Local Disk\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10240.16384_none_d7cab6266329c783\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16335.8 MB
Available physical RAM: 13747.54 MB
Total Virtual: 18767.8 MB
Available Virtual: 16034.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:475.95 GB) (Free:379.57 GB) NTFS
Drive d: (Secondary) (Fixed) (Total:931.39 GB) (Free:730.71 GB) NTFS
Drive e: (2Friends) (Fixed) (Total:931.38 GB) (Free:840.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 476.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
 

I think I got everything!


  • 0

#6
DoubleChinLegion

DoubleChinLegion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

And for some reason Avira restarted, but it detected something as of a few moments:

The file 'C:\Windows\Temp\msprivs.exe'
contained the pattern of 'TR/Crypt.Xpack.mocp' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26004.
The source file could not be found.
Just thought I'd mention that.

  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

And for some reason Avira restarted, but it detected something as of a few moments:
The file 'C:\Windows\Temp\msprivs.exe'
contained the pattern of 'TR/Crypt.Xpack.mocp' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26004.
The source file could not be found.
Just thought I'd mention that.


Hello :)

Hmm...interesting that it would detect that file. All of your temp files were deleted in the fix, and Avira says the source file couldn't be found. Your FRST logs are clean, so let's take a look with TDSSKiller. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

TDSSKiller Log

  • 0

#8
DoubleChinLegion

DoubleChinLegion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
13:35:46.0423 0x0288  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:35:46.0423 0x0288  UEFI system
13:35:49.0955 0x0288  ============================================================
13:35:49.0955 0x0288  Current date / time: 2016/03/30 13:35:49.0955
13:35:49.0955 0x0288  SystemInfo:
13:35:49.0959 0x0288  
13:35:49.0959 0x0288  OS Version: 10.0.10586 ServicePack: 0.0
13:35:49.0959 0x0288  Product type: Workstation
13:35:49.0959 0x0288  ComputerName: DESKTOP-C1OUR8G
13:35:49.0959 0x0288  UserName: cwfix
13:35:49.0959 0x0288  Windows directory: C:\WINDOWS
13:35:49.0959 0x0288  System windows directory: C:\WINDOWS
13:35:49.0959 0x0288  Running under WOW64
13:35:49.0959 0x0288  Processor architecture: Intel x64
13:35:49.0959 0x0288  Number of processors: 4
13:35:49.0959 0x0288  Page size: 0x1000
13:35:49.0959 0x0288  Boot type: Normal boot
13:35:49.0959 0x0288  ============================================================
13:35:50.0024 0x0288  KLMD registered as C:\WINDOWS\system32\drivers\56883041.sys
13:35:50.0360 0x0288  System UUID: {371E44D9-BD5C-FA27-5ED9-E92B9A7999A5}
13:35:50.0647 0x0288  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:50.0648 0x0288  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:50.0648 0x0288  Drive \Device\Harddisk2\DR2 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:51.0215 0x0288  ============================================================
13:35:51.0215 0x0288  \Device\Harddisk0\DR0:
13:35:51.0215 0x0288  GPT partitions:
13:35:51.0215 0x0288  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {18701107-BBD7-4F4F-8990-863287B0F866}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
13:35:51.0215 0x0288  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7242615C-C432-4D2B-8835-41CFCEBD5493}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
13:35:51.0215 0x0288  MBR partitions:
13:35:51.0215 0x0288  \Device\Harddisk1\DR1:
13:35:51.0215 0x0288  GPT partitions:
13:35:51.0215 0x0288  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C67FC663-54EA-47D9-BB40-5504835A756C}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
13:35:51.0215 0x0288  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {695BA553-56DE-4168-B629-8677D7D48D0D}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C4800
13:35:51.0215 0x0288  MBR partitions:
13:35:51.0215 0x0288  \Device\Harddisk2\DR2:
13:35:51.0215 0x0288  GPT partitions:
13:35:51.0216 0x0288  \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {936DBF30-ED04-411E-9EA1-8F942ADB3EEF}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
13:35:51.0216 0x0288  \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1DA3FFD7-6D27-44B9-BEEC-8D9B68A4602A}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
13:35:51.0216 0x0288  \Device\Harddisk2\DR2\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B591D79A-2B80-44B7-BCB4-9DBE90F45CBB}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
13:35:51.0216 0x0288  \Device\Harddisk2\DR2\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D0FA2A93-A2B7-4096-8A02-25FFA24D908B}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0x3B7E4800
13:35:51.0216 0x0288  \Device\Harddisk2\DR2\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {2C74CB6F-9AC4-4EBE-B82F-C75ED31B1B96}, Name: , StartLBA 0x3B900000, BlocksNum 0xE1000
13:35:51.0216 0x0288  MBR partitions:
13:35:51.0216 0x0288  ============================================================
13:35:51.0216 0x0288  C: <-> \Device\Harddisk2\DR2\Partition4
13:35:51.0234 0x0288  D: <-> \Device\Harddisk0\DR0\Partition2
13:35:51.0259 0x0288  E: <-> \Device\Harddisk1\DR1\Partition2
13:35:51.0259 0x0288  ============================================================
13:35:51.0259 0x0288  Initialize success
13:35:51.0259 0x0288  ============================================================
13:36:15.0979 0x1888  ============================================================
13:36:15.0979 0x1888  Scan started
13:36:15.0979 0x1888  Mode: Manual; SigCheck; TDLFS; 
13:36:15.0979 0x1888  ============================================================
13:36:15.0979 0x1888  KSN ping started
13:36:18.0312 0x1888  KSN ping finished: true
13:36:18.0768 0x1888  ================ Scan system memory ========================
13:36:18.0768 0x1888  System memory - ok
13:36:18.0768 0x1888  ================ Scan services =============================
13:36:18.0798 0x1888  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
13:36:18.0823 0x1888  1394ohci - ok
13:36:18.0833 0x1888  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
13:36:18.0840 0x1888  3ware - ok
13:36:18.0861 0x1888  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
13:36:18.0875 0x1888  ACPI - ok
13:36:18.0883 0x1888  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
13:36:18.0891 0x1888  acpiex - ok
13:36:18.0897 0x1888  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
13:36:18.0904 0x1888  acpipagr - ok
13:36:18.0910 0x1888  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
13:36:18.0919 0x1888  AcpiPmi - ok
13:36:18.0926 0x1888  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
13:36:18.0932 0x1888  acpitime - ok
13:36:18.0955 0x1888  [ 156D7DBA4807B3AA99DA5A85BB077CAA, 2BAE2E1CDD7748B320FAC2F87CF0A59DDD2995728E6560CC9DCB60F278C221EE ] AdAppMgrSvc     C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
13:36:18.0998 0x1888  AdAppMgrSvc - ok
13:36:19.0021 0x1888  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:36:19.0042 0x1888  ADP80XX - ok
13:36:19.0058 0x1888  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\WINDOWS\system32\drivers\afd.sys
13:36:19.0078 0x1888  AFD - ok
13:36:19.0085 0x1888  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
13:36:19.0091 0x1888  agp440 - ok
13:36:19.0100 0x1888  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:36:19.0112 0x1888  ahcache - ok
13:36:19.0119 0x1888  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
13:36:19.0127 0x1888  AJRouter - ok
13:36:19.0134 0x1888  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\WINDOWS\System32\alg.exe
13:36:19.0144 0x1888  ALG - ok
13:36:19.0152 0x1888  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
13:36:19.0162 0x1888  AmdK8 - ok
13:36:19.0169 0x1888  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
13:36:19.0177 0x1888  AmdPPM - ok
13:36:19.0184 0x1888  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
13:36:19.0191 0x1888  amdsata - ok
13:36:19.0200 0x1888  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
13:36:19.0209 0x1888  amdsbs - ok
13:36:19.0216 0x1888  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
13:36:19.0222 0x1888  amdxata - ok
13:36:19.0240 0x1888  [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
13:36:19.0259 0x1888  AntiVirMailService - ok
13:36:19.0271 0x1888  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
13:36:19.0280 0x1888  AntiVirSchedulerService - ok
13:36:19.0292 0x1888  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
13:36:19.0301 0x1888  AntiVirService - ok
13:36:19.0326 0x1888  [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
13:36:19.0346 0x1888  AntiVirWebService - ok
13:36:19.0355 0x1888  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\WINDOWS\system32\drivers\appid.sys
13:36:19.0369 0x1888  AppID - ok
13:36:19.0376 0x1888  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
13:36:19.0387 0x1888  AppIDSvc - ok
13:36:19.0394 0x1888  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
13:36:19.0404 0x1888  Appinfo - ok
13:36:19.0416 0x1888  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
13:36:19.0435 0x1888  AppReadiness - ok
13:36:19.0464 0x1888  [ 3DF25A56F18D2AB4CF58C1300C8CD323, 34A20004A93BC0F22BF99E56E6657CF0A68B64B375A66408FB1E26ADA7A72FC4 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
13:36:19.0512 0x1888  AppXSvc - ok
13:36:19.0522 0x1888  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
13:36:19.0529 0x1888  arcsas - ok
13:36:19.0535 0x1888  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
13:36:19.0545 0x1888  AsyncMac - ok
13:36:19.0552 0x1888  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
13:36:19.0557 0x1888  atapi - ok
13:36:19.0563 0x1888  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:36:19.0576 0x1888  AudioEndpointBuilder - ok
13:36:19.0596 0x1888  [ 9610CE53A9ED0789C8B669A5F86008F7, 9EE4B3F8528B20682595DDBDB0FF9F98FD8B957EE4C335FDD4382AE30D3C2EA0 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
13:36:19.0622 0x1888  Audiosrv - ok
13:36:19.0631 0x1888  [ 5CF5E80616F74B769AABCF76FEA791D1, CA56643D41DB4E139FE85098DCD67187AAC126CE2414276364A97334E15F9F53 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:36:19.0635 0x1888  avgntflt - ok
13:36:19.0639 0x1888  [ 8AC3D6C2E2B0B22E918817A96DA4875E, AE6FB86A09373918DD7FA7E19DA9B2915AAAE6DDF5939245F44B5512E3710E1B ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:36:19.0644 0x1888  avipbb - ok
13:36:19.0650 0x1888  [ 98BB62ABFD17F284C3C5DE40F8266F3C, CD08C737BE9FC32FF98252FCFFCAE779EC6FAB76BF80F0835ACE71F1E155D70D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
13:36:19.0656 0x1888  Avira.ServiceHost - ok
13:36:19.0662 0x1888  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:36:19.0666 0x1888  avkmgr - ok
13:36:19.0675 0x1888  [ 02488D56FE0DB002CE3B1E120A0ED889, 487067731C2CA1BA8A1CF1C403C2342C153E6BE0CE9B003D914D9647059EFDBD ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
13:36:19.0679 0x1888  avnetflt - ok
13:36:19.0683 0x1888  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
13:36:19.0693 0x1888  AxInstSV - ok
13:36:19.0706 0x1888  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
13:36:19.0720 0x1888  b06bdrv - ok
13:36:19.0727 0x1888  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:36:19.0735 0x1888  BasicDisplay - ok
13:36:19.0742 0x1888  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
13:36:19.0749 0x1888  BasicRender - ok
13:36:19.0762 0x1888  [ E68481BE45ADDF4E2A6790BB653610A4, 1F868D19C2CF206CAB36E990E5DC20782DB69FC51944CDFD494A09333E35F026 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
13:36:19.0778 0x1888  bcbtums - ok
13:36:19.0815 0x1888  [ 02123BE5D4D5CA48E93AC914EC936DC4, 1F5EBE116590726D0F601D487F26C7FC550F62144A0F9A64022E3DC2C940F17E ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
13:36:19.0851 0x1888  BcmBtRSupport - ok
13:36:19.0860 0x1888  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
13:36:19.0866 0x1888  bcmfn - ok
13:36:19.0872 0x1888  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
13:36:19.0878 0x1888  bcmfn2 - ok
13:36:19.0889 0x1888  [ F8F398A4AF7E0917320BC2B2CD812888, 02B9A6EA0AA750CA9B62AB09E99956C35E252A12B22C2CBFDC4E941ED5870591 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
13:36:19.0904 0x1888  BDESVC - ok
13:36:19.0910 0x1888  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:36:19.0918 0x1888  Beep - ok
13:36:19.0934 0x1888  [ 8EA08141590CB9331FA773FB430E91E4, 0507499EF423CC9EE9AC18C2B5CBF9965E69481C69DC96E361C2184C53C3F404 ] BFE             C:\WINDOWS\System32\bfe.dll
13:36:19.0956 0x1888  BFE - ok
13:36:19.0977 0x1888  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
13:36:20.0007 0x1888  BITS - ok
13:36:20.0015 0x1888  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
13:36:20.0025 0x1888  bowser - ok
13:36:20.0035 0x1888  [ 9972A886D911234F833A265D5D641D30, E64199AB64CC60C75371D8421031DC02818C852427C4F66AD3DF7DCDF33952B1 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:36:20.0053 0x1888  BrokerInfrastructure - ok
13:36:20.0061 0x1888  [ DA4C9335434E71D6CC86A3CA567769CC, 9FE5EE3CC91CADBF952446E0A9A79A8834B03C8D4C47D6E9257AF64B2C17F518 ] Browser         C:\WINDOWS\System32\browser.dll
13:36:20.0071 0x1888  Browser - ok
13:36:20.0078 0x1888  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:36:20.0087 0x1888  BthAvrcpTg - ok
13:36:20.0094 0x1888  [ 36417FC4F11C31C880CB428037DEDF3F, ACDB798A038E3D5CC350AC53A9EC8E14AD02E2C28AE4578EC0205E6DF537A8F9 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
13:36:20.0108 0x1888  BthEnum - ok
13:36:20.0115 0x1888  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
13:36:20.0123 0x1888  BthHFEnum - ok
13:36:20.0130 0x1888  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
13:36:20.0137 0x1888  bthhfhid - ok
13:36:20.0148 0x1888  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
13:36:20.0163 0x1888  BthHFSrv - ok
13:36:20.0172 0x1888  [ CC6C1393B423EBFF9F6696CB9CC4CBCB, AB1861727631EDDD5B8404C51E75A67CAA42FD640E067A6ECC07EF0FCC871840 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
13:36:20.0191 0x1888  BthLEEnum - ok
13:36:20.0198 0x1888  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
13:36:20.0206 0x1888  BTHMODEM - ok
13:36:20.0213 0x1888  [ 09C3DB1B137B269A822F941D867A6BB6, CC99FBD76DA19D951864D4967EA9F3C048811E9BB7BBB67B724FC82A50B14516 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
13:36:20.0222 0x1888  BthPan - ok
13:36:20.0240 0x1888  [ CEFF59649E90987D263D96078724A54A, 3EB69F0BA282085682FB09F1469BF66A84229D8C7A044C6B98B78477716917EE ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
13:36:20.0272 0x1888  BTHPORT - ok
13:36:20.0280 0x1888  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\WINDOWS\system32\bthserv.dll
13:36:20.0290 0x1888  bthserv - ok
13:36:20.0297 0x1888  [ 0D279373091AA1BBEEE958AAF02B5EDF, 79CEBC2D9345103958DC161C31AC4BE078626D6DC28F6F06C432917872A1E3B4 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
13:36:20.0310 0x1888  BTHUSB - ok
13:36:20.0319 0x1888  [ 93995198BCBA40C99994B4CF3ABCE964, 38A9422D9202FC1BA4104186BBA60CE55FD7A7239DB2CDE12B8D727F00F977AF ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
13:36:20.0334 0x1888  btwampfl - ok
13:36:20.0343 0x1888  [ 45071792CC5A8AD675B7DBFB35CB105E, DAD447FD18AF2CE1CFB9BF1DD7F83B9BB62CD90FA7C74A54DC5CF17801FDB1D8 ] btwaudio        C:\WINDOWS\system32\drivers\btwaudio.sys
13:36:20.0355 0x1888  btwaudio - ok
13:36:20.0363 0x1888  [ F449D1FA995781C9E64D66AA890602D3, 602BE2A58ACCBCBCAD23C8F96D7AF995B5BF0B7887E72C7FEF1535B1D429DF00 ] btwavdt         C:\WINDOWS\system32\drivers\btwavdt.sys
13:36:20.0377 0x1888  btwavdt - ok
13:36:20.0397 0x1888  [ D4B2306067DC10F1160471AD7FEDDA63, 7EAA4B7281255750946981D50A7081700B38E77BB2091448D41C99A4C41133BA ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:36:20.0412 0x1888  btwdins - ok
13:36:20.0419 0x1888  [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap        C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
13:36:20.0429 0x1888  btwl2cap - ok
13:36:20.0435 0x1888  [ 061369D0DE3F69CDE564EC02FC26C3AB, 250AA9372F46B4530B148DFA9870FCE844E19677AE35D9A8E261FCC8B2A1E495 ] btwrchid        C:\WINDOWS\System32\drivers\btwrchid.sys
13:36:20.0446 0x1888  btwrchid - ok
13:36:20.0449 0x1888  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
13:36:20.0457 0x1888  buttonconverter - ok
13:36:20.0481 0x1888  [ 52AE2CDD37AB735FBDA52263EFD524AA, 844103913E6079CC1C49B05FFB1CDC9A68692A8EE5A05C9C28FD272DFE534913 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
13:36:20.0505 0x1888  c2cautoupdatesvc - ok
13:36:20.0535 0x1888  [ C35B91B6777E7C6DB67B8583D2AA66A7, CE3A004B560EB750442150FEEFEE074A11A17E66B3F2A489E8EF1DBCF8FE8390 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
13:36:20.0561 0x1888  c2cpnrsvc - ok
13:36:20.0570 0x1888  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
13:36:20.0585 0x1888  CapImg - ok
13:36:20.0592 0x1888  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:36:20.0600 0x1888  cdfs - ok
13:36:20.0611 0x1888  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
13:36:20.0628 0x1888  CDPSvc - ok
13:36:20.0632 0x1888  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
13:36:20.0641 0x1888  cdrom - ok
13:36:20.0650 0x1888  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
13:36:20.0662 0x1888  CertPropSvc - ok
13:36:20.0669 0x1888  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
13:36:20.0676 0x1888  circlass - ok
13:36:20.0687 0x1888  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
13:36:20.0697 0x1888  CLFS - ok
13:36:20.0711 0x1888  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
13:36:20.0726 0x1888  ClipSVC - ok
13:36:20.0736 0x1888  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
13:36:20.0744 0x1888  CmBatt - ok
13:36:20.0758 0x1888  [ A1105260EEEE3DBD8D38FD054B22BD00, CA943B0B03527B07690CAFFD53F8ABF14FB3974DAAA1036E54815BD0DAF803D8 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
13:36:20.0777 0x1888  CNG - ok
13:36:20.0784 0x1888  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
13:36:20.0790 0x1888  cnghwassist - ok
13:36:20.0806 0x1888  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
13:36:20.0814 0x1888  CompositeBus - ok
13:36:20.0816 0x1888  COMSysApp - ok
13:36:20.0822 0x1888  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
13:36:20.0828 0x1888  condrv - ok
13:36:20.0844 0x1888  [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
13:36:20.0860 0x1888  CoreMessagingRegistrar - ok
13:36:20.0869 0x1888  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
13:36:20.0879 0x1888  CryptSvc - ok
13:36:20.0886 0x1888  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\WINDOWS\system32\drivers\dam.sys
13:36:20.0892 0x1888  dam - ok
13:36:20.0900 0x1888  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
13:36:20.0906 0x1888  dbupdate - ok
13:36:20.0913 0x1888  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
13:36:20.0918 0x1888  dbupdatem - ok
13:36:20.0936 0x1888  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:36:20.0965 0x1888  DcomLaunch - ok
13:36:20.0976 0x1888  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
13:36:20.0990 0x1888  DcpSvc - ok
13:36:21.0003 0x1888  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
13:36:21.0022 0x1888  defragsvc - ok
13:36:21.0034 0x1888  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:36:21.0050 0x1888  DeviceAssociationService - ok
13:36:21.0058 0x1888  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
13:36:21.0070 0x1888  DeviceInstall - ok
13:36:21.0076 0x1888  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
13:36:21.0085 0x1888  DevQueryBroker - ok
13:36:21.0089 0x1888  [ C9478D7DB7BE5D7ACE65CB1167F07320, D5082D09EE62E34A195768040B741E22ACC9421CFF315423D77A63ABF8F5E39E ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
13:36:21.0098 0x1888  Dfsc - ok
13:36:21.0109 0x1888  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
13:36:21.0128 0x1888  Dhcp - ok
13:36:21.0135 0x1888  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:36:21.0142 0x1888  diagnosticshub.standardcollector.service - ok
13:36:21.0167 0x1888  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
13:36:21.0196 0x1888  DiagTrack - ok
13:36:21.0204 0x1888  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
13:36:21.0211 0x1888  disk - ok
13:36:21.0221 0x1888  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
13:36:21.0240 0x1888  DmEnrollmentSvc - ok
13:36:21.0244 0x1888  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
13:36:21.0252 0x1888  dmvsc - ok
13:36:21.0259 0x1888  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
13:36:21.0268 0x1888  dmwappushservice - ok
13:36:21.0278 0x1888  [ 570BB222E3AFC4407636B53F6EABFA70, D0194A128370BB0A337B61402F9EEDD6F7942ADB19BF672D0F92DA2DA563D0DD ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:36:21.0289 0x1888  Dnscache - ok
13:36:21.0299 0x1888  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:36:21.0312 0x1888  dot3svc - ok
13:36:21.0320 0x1888  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\WINDOWS\system32\dps.dll
13:36:21.0331 0x1888  DPS - ok
13:36:21.0338 0x1888  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
13:36:21.0343 0x1888  drmkaud - ok
13:36:21.0351 0x1888  [ 29DDC41DDE71FDCE4E129FCBF9AD5798, 151063A5BB61C7D1B9A5EFA2C0F91791810D3E5666A20FC09273140DC0BC675D ] Ds3Service      C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
13:36:21.0368 0x1888  Ds3Service - detected UnsignedFile.Multi.Generic ( 1 )
13:36:21.0861 0x0700  Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
13:36:22.0453 0x212c  Object required for P2P: [ 5CF5E80616F74B769AABCF76FEA791D1 ] avgntflt
13:36:23.0108 0x2980  Object required for P2P: [ C35B91B6777E7C6DB67B8583D2AA66A7 ] c2cpnrsvc
13:36:23.0775 0x1888  Ds3Service ( UnsignedFile.Multi.Generic ) - warning
13:36:25.0003 0x212c  Object send P2P result: true
13:36:25.0003 0x212c  Object required for P2P: [ 98BB62ABFD17F284C3C5DE40F8266F3C ] Avira.ServiceHost
13:36:25.0825 0x0700  Object send P2P result: true
13:36:26.0035 0x2980  Object send P2P result: true
13:36:26.0255 0x1888  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
13:36:26.0276 0x1888  DsmSvc - ok
13:36:26.0286 0x1888  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
13:36:26.0297 0x1888  DsSvc - ok
13:36:26.0324 0x1888  [ F45665E77D11F3C1552EDBEAD1559DC8, C7C4B493CB36A1A35B8CA33C044BA0ED273CDA80E36F48BFF7CE3A0356246838 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:36:26.0368 0x1888  DXGKrnl - ok
13:36:26.0378 0x1888  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
13:36:26.0387 0x1888  Eaphost - ok
13:36:26.0439 0x1888  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
13:36:26.0493 0x1888  ebdrv - ok
13:36:26.0505 0x1888  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\WINDOWS\System32\lsass.exe
13:36:26.0512 0x1888  EFS - ok
13:36:26.0520 0x1888  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
13:36:26.0527 0x1888  EhStorClass - ok
13:36:26.0534 0x1888  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:36:26.0541 0x1888  EhStorTcgDrv - ok
13:36:26.0549 0x1888  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
13:36:26.0559 0x1888  embeddedmode - ok
13:36:26.0569 0x1888  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
13:36:26.0583 0x1888  EntAppSvc - ok
13:36:26.0589 0x1888  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
13:36:26.0596 0x1888  ErrDev - ok
13:36:26.0609 0x1888  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\WINDOWS\system32\es.dll
13:36:26.0630 0x1888  EventSystem - ok
13:36:26.0637 0x1888  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
13:36:26.0650 0x1888  exfat - ok
13:36:26.0661 0x1888  [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
13:36:26.0671 0x1888  fastfat - ok
13:36:26.0685 0x1888  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:36:26.0706 0x1888  Fax - ok
13:36:26.0712 0x1888  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
13:36:26.0719 0x1888  fdc - ok
13:36:26.0726 0x1888  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
13:36:26.0735 0x1888  fdPHost - ok
13:36:26.0741 0x1888  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
13:36:26.0750 0x1888  FDResPub - ok
13:36:26.0759 0x1888  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
13:36:26.0770 0x1888  fhsvc - ok
13:36:26.0777 0x1888  [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
13:36:26.0784 0x1888  FileCrypt - ok
13:36:26.0792 0x1888  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
13:36:26.0798 0x1888  FileInfo - ok
13:36:26.0804 0x1888  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
13:36:26.0813 0x1888  Filetrace - ok
13:36:26.0833 0x1888  [ 96A89625E34EC8B5F05A9D01AAD04759, B64B7E7AD5D02D4C91A2A45FB9F523A162482A37F784625233FE4AD8B2601453 ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
13:36:26.0881 0x1888  FlexNet Licensing Service 64 - ok
13:36:26.0888 0x1888  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
13:36:26.0895 0x1888  flpydisk - ok
13:36:26.0906 0x1888  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:36:26.0916 0x1888  FltMgr - ok
13:36:26.0944 0x1888  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\WINDOWS\system32\FntCache.dll
13:36:26.0988 0x1888  FontCache - ok
13:36:26.0998 0x1888  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:27.0010 0x1888  FontCache3.0.0.0 - ok
13:36:27.0017 0x1888  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
13:36:27.0024 0x1888  FsDepends - ok
13:36:27.0030 0x1888  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:36:27.0036 0x1888  Fs_Rec - ok
13:36:27.0050 0x1888  [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:36:27.0065 0x1888  fvevol - ok
13:36:27.0073 0x1888  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
13:36:27.0079 0x1888  gagp30kx - ok
13:36:27.0087 0x1888  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
13:36:27.0093 0x1888  gencounter - ok
13:36:27.0100 0x1888  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
13:36:27.0108 0x1888  genericusbfn - ok
13:36:27.0129 0x1888  [ C5FA929A389F11330C780C1E97EF0740, A83EAD4A2F4DB236CC569CCAD619021C1E011CD70DEE249FE8594E8822640BBF ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
13:36:27.0147 0x1888  GfExperienceService - ok
13:36:27.0148 0x2428  Object required for P2P: [ 2619DC483579DB9FE804044C1ADFFD1A ] dam
13:36:27.0158 0x1888  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:36:27.0166 0x1888  GPIOClx0101 - ok
13:36:27.0188 0x1888  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
13:36:27.0222 0x1888  gpsvc - ok
13:36:27.0229 0x1888  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
13:36:27.0238 0x1888  GpuEnergyDrv - ok
13:36:27.0245 0x1888  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:36:27.0250 0x1888  gupdate - ok
13:36:27.0254 0x1888  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:36:27.0259 0x1888  gupdatem - ok
13:36:27.0271 0x1888  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\WINDOWS\system32\DRIVERS\HdAudio.sys
13:36:27.0283 0x1888  HdAudAddService - ok
13:36:27.0292 0x1888  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
13:36:27.0299 0x1888  HDAudBus - ok
13:36:27.0306 0x1888  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
13:36:27.0312 0x1888  HidBatt - ok
13:36:27.0316 0x1888  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
13:36:27.0324 0x1888  HidBth - ok
13:36:27.0331 0x1888  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
13:36:27.0338 0x1888  hidi2c - ok
13:36:27.0344 0x1888  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
13:36:27.0350 0x1888  hidinterrupt - ok
13:36:27.0357 0x1888  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
13:36:27.0364 0x1888  HidIr - ok
13:36:27.0371 0x1888  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\WINDOWS\system32\hidserv.dll
13:36:27.0378 0x1888  hidserv - ok
13:36:27.0385 0x1888  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
13:36:27.0393 0x1888  HidUsb - ok
13:36:27.0403 0x1888  [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:36:27.0416 0x1888  HomeGroupListener - ok
13:36:27.0429 0x1888  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:36:27.0445 0x1888  HomeGroupProvider - ok
13:36:27.0452 0x1888  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
13:36:27.0458 0x1888  HpSAMD - ok
13:36:27.0478 0x1888  [ 318E816717431D3C23DC82779900C744, 363702CC8A5B5FBF5E8CE2DA5C48D52CBD6244C9398B164EFDF1A4B0FAF592E6 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
13:36:27.0511 0x1888  HTTP - ok
13:36:27.0518 0x1888  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
13:36:27.0524 0x1888  hwpolicy - ok
13:36:27.0531 0x1888  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
13:36:27.0532 0x212c  Object send P2P result: true
13:36:27.0538 0x1888  hyperkbd - ok
13:36:27.0546 0x1888  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
13:36:27.0556 0x1888  i8042prt - ok
13:36:27.0563 0x1888  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
13:36:27.0571 0x1888  iai2c - ok
13:36:27.0579 0x1888  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
13:36:27.0589 0x1888  iaLPSS2i_I2C - ok
13:36:27.0596 0x1888  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:36:27.0600 0x1888  iaLPSSi_GPIO - ok
13:36:27.0609 0x1888  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:36:27.0620 0x1888  iaLPSSi_I2C - ok
13:36:27.0637 0x1888  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
13:36:27.0652 0x1888  iaStorAV - ok
13:36:27.0664 0x1888  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
13:36:27.0675 0x1888  iaStorV - ok
13:36:27.0687 0x1888  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
13:36:27.0698 0x1888  ibbus - ok
13:36:27.0707 0x1888  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
13:36:27.0727 0x1888  icssvc - ok
13:36:27.0730 0x1888  IEEtwCollectorService - ok
13:36:27.0748 0x1888  [ 12F8D27ED8623DDDC09A549EDADCBAC9, D3A3F0588D9CAF1027D8BC14601E2A6AB7E5924A2C23C90D38A9E14538DB02A9 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
13:36:27.0774 0x1888  IKEEXT - ok
13:36:27.0783 0x1888  [ C02FD35184CEA3A65DEE7DE278699BBC, D525FAD9C14587E90FD40922BC9FAC713A3CBC58A630CAA726DC6EEFCC6D0232 ] IntelHaxm       C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys
13:36:27.0799 0x1888  IntelHaxm - ok
13:36:27.0806 0x1888  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
13:36:27.0812 0x1888  intelide - ok
13:36:27.0815 0x1888  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
13:36:27.0822 0x1888  intelpep - ok
13:36:27.0826 0x1888  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
13:36:27.0834 0x1888  intelppm - ok
13:36:27.0841 0x1888  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
13:36:27.0849 0x1888  IoQos - ok
13:36:27.0856 0x1888  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:36:27.0865 0x1888  IpFilterDriver - ok
13:36:27.0884 0x1888  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
13:36:27.0910 0x1888  iphlpsvc - ok
13:36:27.0918 0x1888  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:36:27.0928 0x1888  IPMIDRV - ok
13:36:27.0935 0x1888  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
13:36:27.0944 0x1888  IPNAT - ok
13:36:27.0951 0x1888  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
13:36:27.0959 0x1888  IRENUM - ok
13:36:27.0965 0x1888  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
13:36:27.0971 0x1888  isapnp - ok
13:36:27.0981 0x1888  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
13:36:27.0991 0x1888  iScsiPrt - ok
13:36:27.0998 0x1888  [ 1ECC1A421B0AEBF9A6934451FBFD7848, 1A8DDEC42831C12760CF27FA02EDD06D5CCE25A606E2DECB7D8487B5961B11AC ] ISCT            C:\WINDOWS\System32\drivers\ISCTD64.sys
13:36:28.0010 0x1888  ISCT - ok
13:36:28.0017 0x1888  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
13:36:28.0023 0x1888  kbdclass - ok
13:36:28.0030 0x1888  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
13:36:28.0037 0x1888  kbdhid - ok
13:36:28.0043 0x1888  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
13:36:28.0051 0x1888  kdnic - ok
13:36:28.0055 0x1888  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
13:36:28.0061 0x1888  KeyIso - ok
13:36:28.0066 0x1888  [ 134815A59D195C538ECF75C1EF8A7D01, A57C4492FC371F2F420D521528715A82D0849777042221146FB48424D9F51B27 ] KillerEth       C:\WINDOWS\System32\drivers\e22w10x64.sys
13:36:28.0080 0x1888  KillerEth - ok
13:36:28.0088 0x1888  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
13:36:28.0095 0x1888  KSecDD - ok
13:36:28.0103 0x1888  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:36:28.0116 0x1888  KSecPkg - ok
13:36:28.0123 0x1888  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
13:36:28.0130 0x1888  ksthunk - ok
13:36:28.0141 0x1888  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
13:36:28.0157 0x1888  KtmRm - ok
13:36:28.0167 0x1888  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
13:36:28.0179 0x1888  LanmanServer - ok
13:36:28.0189 0x1888  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:36:28.0202 0x1888  LanmanWorkstation - ok
13:36:28.0211 0x1888  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
13:36:28.0219 0x1888  lfsvc - ok
13:36:28.0227 0x1888  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
13:36:28.0236 0x1888  LicenseManager - ok
13:36:28.0243 0x1888  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
13:36:28.0251 0x1888  lltdio - ok
13:36:28.0262 0x1888  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
13:36:28.0276 0x1888  lltdsvc - ok
13:36:28.0282 0x1888  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
13:36:28.0291 0x1888  lmhosts - ok
13:36:28.0299 0x1888  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
13:36:28.0307 0x1888  LSI_SAS - ok
13:36:28.0315 0x1888  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
13:36:28.0322 0x1888  LSI_SAS2i - ok
13:36:28.0330 0x1888  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
13:36:28.0336 0x1888  LSI_SAS3i - ok
13:36:28.0344 0x1888  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
13:36:28.0351 0x1888  LSI_SSS - ok
13:36:28.0368 0x1888  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\WINDOWS\System32\lsm.dll
13:36:28.0391 0x1888  LSM - ok
13:36:28.0406 0x1888  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
13:36:28.0418 0x1888  luafv - ok
13:36:28.0429 0x1888  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] lvrs64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
13:36:28.0452 0x1888  lvrs64 - ok
13:36:28.0460 0x1888  [ 88B38A7435DFA9B7E8F94F5D5FE999D2, FF4EBB6CE013D0EA62FEDA5FBBD1205D9A6F684E701F40039A95A4EF4145DC16 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
13:36:28.0477 0x1888  MapsBroker - ok
13:36:28.0483 0x1888  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
13:36:28.0490 0x1888  megasas - ok
13:36:28.0502 0x1888  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
13:36:28.0517 0x1888  megasr - ok
13:36:28.0526 0x1888  [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
13:36:28.0542 0x1888  MEIx64 - ok
13:36:28.0548 0x1888  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
13:36:28.0558 0x1888  MessagingService - ok
13:36:28.0576 0x1888  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
13:36:28.0593 0x1888  mlx4_bus - ok
13:36:28.0600 0x1888  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
13:36:28.0609 0x1888  MMCSS - ok
13:36:28.0615 0x1888  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
13:36:28.0624 0x1888  Modem - ok
13:36:28.0630 0x1888  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
13:36:28.0640 0x1888  monitor - ok
13:36:28.0643 0x1888  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
13:36:28.0650 0x1888  mouclass - ok
13:36:28.0657 0x1888  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
13:36:28.0665 0x1888  mouhid - ok
13:36:28.0675 0x1888  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
13:36:28.0682 0x1888  mountmgr - ok
13:36:28.0689 0x1888  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
13:36:28.0699 0x1888  mpsdrv - ok
13:36:28.0717 0x1888  [ 553F19DC6F3F73545CB17FCD7A8AE37B, 49ABB625EB9C2981254EEA1FE7858DF630BA2D65653CC91CD4FEEACF69C5392F ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
13:36:28.0742 0x1888  MpsSvc - ok
13:36:28.0751 0x1888  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
13:36:28.0767 0x1888  MRxDAV - ok
13:36:28.0780 0x1888  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:36:28.0800 0x1888  mrxsmb - ok
13:36:28.0810 0x1888  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:36:28.0830 0x1888  mrxsmb10 - ok
13:36:28.0839 0x1888  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:36:28.0848 0x1888  mrxsmb20 - ok
13:36:28.0855 0x1888  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
13:36:28.0871 0x1888  MsBridge - ok
13:36:28.0881 0x1888  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
13:36:28.0891 0x1888  MSDTC - ok
13:36:28.0895 0x1888  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:36:28.0905 0x1888  Msfs - ok
13:36:28.0911 0x1888  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:36:28.0918 0x1888  msgpiowin32 - ok
13:36:28.0924 0x1888  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:36:28.0931 0x1888  mshidkmdf - ok
13:36:28.0937 0x1888  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
13:36:28.0944 0x1888  mshidumdf - ok
13:36:28.0950 0x1888  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
13:36:28.0956 0x1888  msisadrv - ok
13:36:28.0964 0x1888  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
13:36:28.0974 0x1888  MSiSCSI - ok
13:36:28.0976 0x1888  msiserver - ok
13:36:28.0982 0x1888  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
13:36:28.0989 0x1888  MSKSSRV - ok
13:36:28.0996 0x1888  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
13:36:29.0005 0x1888  MsLldp - ok
13:36:29.0012 0x1888  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
13:36:29.0019 0x1888  MSPCLOCK - ok
13:36:29.0025 0x1888  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
13:36:29.0031 0x1888  MSPQM - ok
13:36:29.0042 0x1888  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
13:36:29.0053 0x1888  MsRPC - ok
13:36:29.0060 0x1888  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
13:36:29.0066 0x1888  mssmbios - ok
13:36:29.0072 0x1888  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
13:36:29.0079 0x1888  MSTEE - ok
13:36:29.0085 0x1888  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
13:36:29.0091 0x1888  MTConfig - ok
13:36:29.0100 0x1888  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
13:36:29.0107 0x1888  Mup - ok
13:36:29.0113 0x1888  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
13:36:29.0119 0x1888  mvumis - ok
13:36:29.0133 0x1888  [ 536A0806CE2061A2157E65D4D8ABF30C, F9893F66505E3F748365CD4625B34357531804BDFE33E57285C0106C03F7916C ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:36:29.0150 0x1888  NativeWifiP - ok
13:36:29.0159 0x1888  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
13:36:29.0171 0x1888  NcaSvc - ok
13:36:29.0181 0x1888  [ 7467BD76D6ED5981E6C3DBFEB50F0F4D, 237E1C2E15D5F3BAC49B09E1CD0EAE56A6998AE1FF560A4F7A7EFFEB46884798 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
13:36:29.0200 0x1888  NcbService - ok
13:36:29.0204 0x1888  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
13:36:29.0217 0x1888  NcdAutoSetup - ok
13:36:29.0224 0x1888  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
13:36:29.0231 0x1888  ndfltr - ok
13:36:29.0251 0x1888  [ AFAECF904F1C343EBD50F91BC8D0DBE8, FABAE70F62895708415B8E176A880D2D20D46D9A14C3D41D371B905CE4D64BA0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
13:36:29.0274 0x1888  NDIS - ok
13:36:29.0281 0x1888  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
13:36:29.0290 0x1888  NdisCap - ok
13:36:29.0298 0x1888  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
13:36:29.0308 0x1888  NdisImPlatform - ok
13:36:29.0314 0x1888  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:36:29.0322 0x1888  NdisTapi - ok
13:36:29.0329 0x1888  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
13:36:29.0336 0x1888  Ndisuio - ok
13:36:29.0342 0x1888  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:36:29.0350 0x1888  NdisVirtualBus - ok
13:36:29.0359 0x1888  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
13:36:29.0370 0x1888  NdisWan - ok
13:36:29.0378 0x1888  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:36:29.0389 0x1888  ndiswanlegacy - ok
13:36:29.0396 0x1888  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
13:36:29.0404 0x1888  ndproxy - ok
13:36:29.0412 0x1888  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
13:36:29.0422 0x1888  Ndu - ok
13:36:29.0431 0x1888  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
13:36:29.0437 0x1888  NetBIOS - ok
13:36:29.0447 0x1888  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:36:29.0461 0x1888  NetBT - ok
13:36:29.0468 0x1888  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:36:29.0474 0x1888  Netlogon - ok
13:36:29.0484 0x1888  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
13:36:29.0497 0x1888  Netman - ok
13:36:29.0510 0x1888  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
13:36:29.0530 0x1888  netprofm - ok
13:36:29.0539 0x1888  [ 3D58D04A9269CE21B61960544A05573D, 250DB1266EE37BAAA9F9E51434879DB4564A8550FCAB28BAB3308772882850CF ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
13:36:29.0551 0x1888  NetSetupSvc - ok
13:36:29.0561 0x1888  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:29.0568 0x1888  NetTcpPortSharing - ok
13:36:29.0579 0x1888  [ 91B32D7036700BEED5343E1F6A7122CC, 8123CA398A79F0E69126F962AA29C2464FAB50182E961CB6A6ADB6CEA09A6732 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
13:36:29.0593 0x1888  NgcCtnrSvc - ok
13:36:29.0608 0x1888  [ C64B693DF26EB7BFF25F9BAD8B54D571, 12363E81B329D048E0148739AA542958F7CAF6FF3404BB001AF51850EF84338D ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
13:36:29.0629 0x1888  NgcSvc - ok
13:36:29.0710 0x2428  Object send P2P result: true
13:36:29.0711 0x2428  Object required for P2P: [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdate
13:36:29.0828 0x1888  [ 3F3AFD531192D132C682C3B5E21EB0F3, 7B51181BAFC3BB75F173A91B4E8EB748D9C7EEDD869AAA25658139C319DB1106 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
13:36:30.0019 0x1888  NIHardwareService - ok
13:36:30.0043 0x1888  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
13:36:30.0058 0x1888  NlaSvc - ok
13:36:30.0066 0x1888  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:36:30.0074 0x1888  Npfs - ok
13:36:30.0081 0x1888  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
13:36:30.0090 0x1888  npsvctrig - ok
13:36:30.0096 0x1888  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\WINDOWS\system32\nsisvc.dll
13:36:30.0106 0x1888  nsi - ok
13:36:30.0112 0x1888  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
13:36:30.0120 0x1888  nsiproxy - ok
13:36:30.0156 0x1888  [ 58BFFEF692A47FCE3FAAEDBC8F3DCBBB, 4F55CDF153306B17EDEA6F621939990667735676CBA460CC3078789C2766EF68 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
13:36:30.0208 0x1888  NTFS - ok
13:36:30.0217 0x1888  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:36:30.0224 0x1888  Null - ok
13:36:30.0232 0x1888  [ 1F346E981A76BA8B98540B3481C1D659, 701F49AD67AD23A5B935F8A2A8A64CBEC194368889FE8CF09EEE44192D25E3E3 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
13:36:30.0247 0x1888  NVHDA - ok
13:36:30.0417 0x1888  [ 597C022F2A7E5D31ED3BAD18C75D5552, 1D0A32A2A23FC8BA5E02A8EB248902EF234DBCEFA53454C4AEA3B92D7043A2B3 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
13:36:30.0608 0x1888  nvlddmkm - ok
13:36:30.0645 0x1888  [ 3D596244C1B93A506292DA07CC2B123F, 1604F8B4B89D599C1944E6FF9A0D35DDB1E34BAEC0315E23070180959644DCF2 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
13:36:30.0672 0x1888  NvNetworkService - ok
13:36:30.0683 0x1888  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
13:36:30.0691 0x1888  nvraid - ok
13:36:30.0699 0x1888  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
13:36:30.0707 0x1888  nvstor - ok
13:36:30.0714 0x1888  [ 27DF221148B9C1A3EA8900D87ABC30F5, 904B4C99EB039C6D2474E30A0E03B700486BED61D226A1A5095BFF729B91C3F2 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:36:30.0727 0x1888  NvStreamKms - ok
13:36:30.0813 0x1888  [ 4B8F9A38BBE8ACCA6D48E253FFE2393A, 11D9ED3E3C5C3D544E83284E24A93632B9B5FF277639DF18046C0564FB838155 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
13:36:30.0907 0x1888  NvStreamNetworkSvc - ok
13:36:30.0951 0x1888  [ 2035827FCA3BDF5F37A3B64C8D284176, B3CCCF3AEBBF1D5BC756EEA433CD06A7650294CA4FF09FBCD985085B4692B846 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
13:36:30.0989 0x1888  NvStreamSvc - ok
13:36:31.0016 0x1888  [ 38885AE14957B271496CD7DA19CF2697, 1A506872585B6C5B5DD3F2927F70DE6393977167D72DC0A31FB2267B9FF89A49 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
13:36:31.0038 0x1888  nvsvc - ok
13:36:31.0046 0x1888  [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
13:36:31.0058 0x1888  nvvad_WaveExtensible - ok
13:36:31.0066 0x1888  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
13:36:31.0072 0x1888  nv_agp - ok
13:36:31.0083 0x1888  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
13:36:31.0099 0x1888  OneSyncSvc - ok
13:36:31.0112 0x1888  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
13:36:31.0129 0x1888  p2pimsvc - ok
13:36:31.0142 0x1888  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
13:36:31.0158 0x1888  p2psvc - ok
13:36:31.0165 0x1888  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
13:36:31.0174 0x1888  Parport - ok
13:36:31.0181 0x1888  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
13:36:31.0189 0x1888  partmgr - ok
13:36:31.0202 0x1888  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
13:36:31.0217 0x1888  PcaSvc - ok
13:36:31.0228 0x1888  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\WINDOWS\system32\drivers\pci.sys
13:36:31.0239 0x1888  pci - ok
13:36:31.0245 0x1888  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
13:36:31.0251 0x1888  pciide - ok
13:36:31.0258 0x1888  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
13:36:31.0265 0x1888  pcmcia - ok
13:36:31.0272 0x1888  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
13:36:31.0278 0x1888  pcw - ok
13:36:31.0285 0x1888  [ 48F3A3222CF340FE31535CB6D49C6D6F, 5F8904871219FA6C1BD74747583855B0FBCE42F340A3BE10270D8D3F02766E9D ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
13:36:31.0292 0x1888  pdc - ok
13:36:31.0308 0x1888  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
13:36:31.0329 0x1888  PEAUTH - ok
13:36:31.0336 0x1888  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
13:36:31.0342 0x1888  percsas2i - ok
13:36:31.0349 0x1888  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
13:36:31.0355 0x1888  percsas3i - ok
13:36:31.0378 0x1888  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
13:36:31.0387 0x1888  PerfHost - ok
13:36:31.0405 0x1888  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
13:36:31.0439 0x1888  PhoneSvc - ok
13:36:31.0446 0x1888  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
13:36:31.0461 0x1888  PimIndexMaintenanceSvc - ok
13:36:31.0490 0x1888  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\WINDOWS\system32\pla.dll
13:36:31.0526 0x1888  pla - ok
13:36:31.0535 0x1888  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
13:36:31.0546 0x1888  PlugPlay - ok
13:36:31.0552 0x1888  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
13:36:31.0560 0x1888  PNRPAutoReg - ok
13:36:31.0570 0x1888  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
13:36:31.0583 0x1888  PNRPsvc - ok
13:36:31.0595 0x1888  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
13:36:31.0609 0x1888  PolicyAgent - ok
13:36:31.0618 0x1888  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\WINDOWS\system32\umpo.dll
13:36:31.0627 0x1888  Power - ok
13:36:31.0634 0x1888  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
13:36:31.0644 0x1888  PptpMiniport - ok
13:36:31.0694 0x1888  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:36:31.0778 0x1888  PrintNotify - ok
13:36:31.0788 0x1888  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
13:36:31.0796 0x1888  Processor - ok
13:36:31.0806 0x1888  [ A08AAC62EF7A1E291B3E895B5864BB86, 340E6648F9A5F4B7543FDEC5BDAFBDA3DE319B8F998FF2EF60D02EE5EF3D56CB ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
13:36:31.0820 0x1888  ProfSvc - ok
13:36:31.0827 0x1888  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
13:36:31.0835 0x1888  Psched - ok
13:36:31.0845 0x1888  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\WINDOWS\system32\qwave.dll
13:36:31.0863 0x1888  QWAVE - ok
13:36:31.0871 0x1888  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
13:36:31.0878 0x1888  QWAVEdrv - ok
13:36:31.0885 0x1888  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:36:31.0893 0x1888  RasAcd - ok
13:36:31.0900 0x1888  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
13:36:31.0910 0x1888  RasAgileVpn - ok
13:36:31.0917 0x1888  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:36:31.0928 0x1888  RasAuto - ok
13:36:31.0935 0x1888  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
13:36:31.0960 0x1888  Rasl2tp - ok
13:36:31.0975 0x1888  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:36:31.0998 0x1888  RasMan - ok
13:36:32.0006 0x1888  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:36:32.0018 0x1888  RasPppoe - ok
13:36:32.0025 0x1888  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
13:36:32.0035 0x1888  RasSstp - ok
13:36:32.0047 0x1888  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:36:32.0061 0x1888  rdbss - ok
13:36:32.0069 0x1888  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
13:36:32.0078 0x1888  rdpbus - ok
13:36:32.0087 0x1888  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
13:36:32.0097 0x1888  RDPDR - ok
13:36:32.0105 0x1888  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:36:32.0111 0x1888  RdpVideoMiniport - ok
13:36:32.0120 0x1888  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
13:36:32.0130 0x1888  rdyboost - ok
13:36:32.0149 0x1888  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
13:36:32.0175 0x1888  ReFSv1 - ok
13:36:32.0188 0x1888  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:36:32.0209 0x1888  RemoteAccess - ok
13:36:32.0218 0x1888  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:36:32.0232 0x1888  RemoteRegistry - ok
13:36:32.0247 0x1888  [ AD43141CE6D5074DA1D28B5BCD4E4507, C1A9AA856DD4FEE00BBA329C150E0CBCD1CE13ED0BB7B4AC9B152321CD854212 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
13:36:32.0252 0x2428  Object send P2P result: true
13:36:32.0252 0x2428  Object required for P2P: [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdatem
13:36:32.0281 0x1888  RetailDemo - ok
13:36:32.0291 0x1888  [ 74727B8BF0227820660A79450F2D94EF, 86BC249322A3C63CBC3B532AD86BFDCB5A46A24A767137D02C944B94A899C521 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
13:36:32.0313 0x1888  RFCOMM - ok
13:36:32.0321 0x1888  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
13:36:32.0329 0x1888  RpcEptMapper - ok
13:36:32.0335 0x1888  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:36:32.0342 0x1888  RpcLocator - ok
13:36:32.0360 0x1888  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
13:36:32.0383 0x1888  RpcSs - ok
13:36:32.0390 0x1888  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
13:36:32.0399 0x1888  rspndr - ok
13:36:32.0453 0x1888  [ 844CB9DBE08797A2A875DF9E2AF108D7, 53463064C2F34DB9C5E1484FA370AC00C4A3486713EC80E2323B07150A27DD1F ] RtlWlanu        C:\WINDOWS\System32\drivers\rtwlanu.sys
13:36:32.0510 0x1888  RtlWlanu - ok
13:36:32.0519 0x1888  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
13:36:32.0525 0x1888  s3cap - ok
13:36:32.0533 0x1888  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\WINDOWS\system32\lsass.exe
13:36:32.0539 0x1888  SamSs - ok
13:36:32.0546 0x1888  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
13:36:32.0554 0x1888  sbp2port - ok
13:36:32.0563 0x1888  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
13:36:32.0576 0x1888  SCardSvr - ok
13:36:32.0585 0x1888  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
13:36:32.0596 0x1888  ScDeviceEnum - ok
13:36:32.0601 0x1888  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:36:32.0610 0x1888  scfilter - ok
13:36:32.0629 0x1888  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:36:32.0657 0x1888  Schedule - ok
13:36:32.0667 0x1888  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
13:36:32.0678 0x1888  SCPolicySvc - ok
13:36:32.0685 0x1888  [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus         C:\WINDOWS\System32\drivers\ScpVBus.sys
13:36:32.0695 0x1888  ScpVBus - ok
13:36:32.0705 0x1888  [ 70165A0A2653FB8AFDE3D85000727F29, BAC35D7B0296CAC78EAC4266FC96E292174827E0B24ECAF085228B26A5052911 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
13:36:32.0720 0x1888  sdbus - ok
13:36:32.0728 0x1888  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
13:36:32.0739 0x1888  SDRSVC - ok
13:36:32.0747 0x1888  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
13:36:32.0759 0x1888  sdstor - ok
13:36:32.0766 0x1888  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
13:36:32.0775 0x1888  seclogon - ok
13:36:32.0783 0x1888  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
13:36:32.0793 0x1888  SENS - ok
13:36:32.0817 0x1888  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
13:36:32.0852 0x1888  SensorDataService - ok
13:36:32.0864 0x1888  [ A74C62AE99A015CD6275F0D8D8843886, DF08E0BB1160E054C6B000BC5F62DEF77C6D9E4B5679AD013C313BA14207B589 ] SensorService   C:\WINDOWS\system32\SensorService.dll
13:36:32.0886 0x1888  SensorService - ok
13:36:32.0895 0x1888  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
13:36:32.0908 0x1888  SensrSvc - ok
13:36:32.0915 0x1888  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
13:36:32.0921 0x1888  SerCx - ok
13:36:32.0929 0x1888  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
13:36:32.0937 0x1888  SerCx2 - ok
13:36:32.0943 0x1888  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
13:36:32.0950 0x1888  Serenum - ok
13:36:32.0958 0x1888  [ 88D58E1DAA6C5062DD3A26273106961F, D1E2FF37C888245BD0BABCD7C6B76AD5A87415B68FEFE37B5FA29AE3342AE50B ] Serial          C:\WINDOWS\System32\drivers\serial.sys
13:36:32.0966 0x1888  Serial - ok
13:36:32.0972 0x1888  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
13:36:32.0979 0x1888  sermouse - ok
13:36:32.0989 0x1888  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
13:36:33.0002 0x1888  SessionEnv - ok
13:36:33.0009 0x1888  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
13:36:33.0016 0x1888  sfloppy - ok
13:36:33.0027 0x1888  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:36:33.0044 0x1888  SharedAccess - ok
13:36:33.0058 0x1888  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:36:33.0080 0x1888  ShellHWDetection - ok
13:36:33.0087 0x1888  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:36:33.0093 0x1888  SiSRaid2 - ok
13:36:33.0100 0x1888  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
13:36:33.0107 0x1888  SiSRaid4 - ok
13:36:33.0117 0x1888  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:36:33.0144 0x1888  SkypeUpdate - ok
13:36:33.0151 0x1888  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\WINDOWS\System32\smphost.dll
13:36:33.0160 0x1888  smphost - ok
13:36:33.0174 0x1888  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
13:36:33.0198 0x1888  SmsRouter - ok
13:36:33.0204 0x1888  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
13:36:33.0212 0x1888  SNMPTRAP - ok
13:36:33.0225 0x1888  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
13:36:33.0238 0x1888  spaceport - ok
13:36:33.0245 0x1888  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
13:36:33.0252 0x1888  SpbCx - ok
13:36:33.0268 0x1888  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\WINDOWS\System32\spoolsv.exe
13:36:33.0291 0x1888  Spooler - ok
13:36:33.0378 0x1888  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
13:36:33.0484 0x1888  sppsvc - ok
13:36:33.0503 0x1888  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:36:33.0520 0x1888  srv - ok
13:36:33.0535 0x1888  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
13:36:33.0558 0x1888  srv2 - ok
13:36:33.0568 0x1888  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:36:33.0579 0x1888  srvnet - ok
13:36:33.0588 0x1888  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:36:33.0601 0x1888  SSDPSRV - ok
13:36:33.0610 0x1888  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
13:36:33.0621 0x1888  SstpSvc - ok
13:36:33.0663 0x1888  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
13:36:33.0722 0x1888  StateRepository - ok
13:36:33.0740 0x1888  [ C98EF483DA6BFADB3BE719F6689A3D22, FFAB917A2008638FE6C8B74AA4487D5C16A25E0E1D53AFD35CBBE5A27A4A2009 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:36:33.0914 0x1888  Steam Client Service - ok
13:36:33.0926 0x1888  [ 419226C42B9427BB7D04F05BBA9C7FC9, 4D6910C250C6A48D79CA3253CC4529E37C37C38876F91B62B2CF92C63EA68F39 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:36:33.0935 0x1888  Stereo Service - ok
13:36:33.0942 0x1888  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
13:36:33.0948 0x1888  stexstor - ok
13:36:33.0962 0x1888  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
13:36:33.0983 0x1888  stisvc - ok
13:36:33.0991 0x1888  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
13:36:33.0998 0x1888  storahci - ok
13:36:34.0005 0x1888  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
13:36:34.0011 0x1888  storflt - ok
13:36:34.0018 0x1888  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
13:36:34.0025 0x1888  stornvme - ok
13:36:34.0032 0x1888  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
13:36:34.0041 0x1888  storqosflt - ok
13:36:34.0055 0x1888  [ 9953FA89A4E3BC33296DAFB1ACFDC62F, D2F2698834691FF7915BDFFB82DB549354311A5DD7D37BF767F95D407AC4019F ] StorSvc         C:\WINDOWS\system32\storsvc.dll
13:36:34.0075 0x1888  StorSvc - ok
13:36:34.0082 0x1888  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
13:36:34.0088 0x1888  storufs - ok
13:36:34.0094 0x1888  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
13:36:34.0100 0x1888  storvsc - ok
13:36:34.0107 0x1888  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\WINDOWS\system32\svsvc.dll
13:36:34.0116 0x1888  svsvc - ok
13:36:34.0123 0x1888  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
13:36:34.0128 0x1888  swenum - ok
13:36:34.0141 0x1888  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\WINDOWS\System32\swprv.dll
13:36:34.0158 0x1888  swprv - ok
13:36:34.0166 0x1888  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
13:36:34.0173 0x1888  Synth3dVsc - ok
13:36:34.0193 0x1888  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
13:36:34.0223 0x1888  SysMain - ok
13:36:34.0234 0x1888  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:36:34.0248 0x1888  SystemEventsBroker - ok
13:36:34.0256 0x1888  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:36:34.0266 0x1888  TabletInputService - ok
13:36:34.0277 0x1888  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:36:34.0289 0x1888  TapiSrv - ok
13:36:34.0328 0x1888  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
13:36:34.0366 0x1888  Tcpip - ok
13:36:34.0406 0x1888  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
13:36:34.0446 0x1888  Tcpip6 - ok
13:36:34.0455 0x1888  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
13:36:34.0463 0x1888  tcpipreg - ok
13:36:34.0473 0x1888  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
13:36:34.0486 0x1888  tdx - ok
13:36:34.0577 0x1888  [ E9D702580349582413503A28F8329B32, 405CEA2DB2B9EE9EF87E454375BEA6A3F6FB30B95BBD9F397129C73D4CCCC282 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
13:36:34.0663 0x1888  TeamViewer - ok
13:36:34.0675 0x1888  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
13:36:34.0681 0x1888  terminpt - ok
13:36:34.0696 0x1888  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\WINDOWS\System32\termsrv.dll
13:36:34.0722 0x1888  TermService - ok
13:36:34.0730 0x1888  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
13:36:34.0743 0x1888  Themes - ok
13:36:34.0752 0x1888  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
13:36:34.0766 0x1888  TieringEngineService - ok
13:36:34.0779 0x1888  [ FC971E1D1B5900C231591A7720FCD8B8, DF58C350977019E4A8F381FB35702E9BEA89F6A8C6BF36C56376D36BC8FE630F ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
13:36:34.0797 0x1888  tiledatamodelsvc - ok
13:36:34.0805 0x1888  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
13:36:34.0808 0x2428  Object send P2P result: true
13:36:34.0820 0x1888  TimeBroker - ok
13:36:34.0829 0x1888  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
13:36:34.0838 0x1888  TPM - ok
13:36:34.0846 0x1888  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
13:36:34.0854 0x1888  TrkWks - ok
13:36:34.0862 0x1888  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:36:34.0880 0x1888  TrustedInstaller - ok
13:36:34.0888 0x1888  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
13:36:34.0897 0x1888  tsusbflt - ok
13:36:34.0904 0x1888  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:36:34.0910 0x1888  TsUsbGD - ok
13:36:34.0919 0x1888  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
13:36:34.0929 0x1888  tunnel - ok
13:36:34.0936 0x1888  [ 1A9A77ACDAC29C39F50D2A492FD0DB16, E21F2E2BA6EABE0F6B5A1930DDB2CE5A921389A58C08A2D3F66D245E8698E6B4 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
13:36:34.0958 0x1888  tzautoupdate - ok
13:36:34.0965 0x1888  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
13:36:34.0972 0x1888  uagp35 - ok
13:36:34.0979 0x1888  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
13:36:34.0986 0x1888  UASPStor - ok
13:36:34.0993 0x1888  [ 3995CC3DEDED258768B8EBC2F4C0DC73, 130E99EF13EB494B8BB6A8E037DD8D59C195190EA3C27CA9E3A695AF4349DC7C ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
13:36:35.0002 0x1888  UcmCx0101 - ok
13:36:35.0008 0x1888  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
13:36:35.0014 0x1888  UcmUcsi - ok
13:36:35.0024 0x1888  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
13:36:35.0033 0x1888  Ucx01000 - ok
13:36:35.0039 0x1888  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
13:36:35.0048 0x1888  UdeCx - ok
13:36:35.0059 0x1888  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
13:36:35.0074 0x1888  udfs - ok
13:36:35.0081 0x1888  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
13:36:35.0087 0x1888  UEFI - ok
13:36:35.0096 0x1888  [ 5F0D997E6FC5A418D7673148CEF72887, 6C142CB8F06E5958045451253C9188CE876A84D08266FFD7F64AAE09964D8431 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
13:36:35.0105 0x1888  Ufx01000 - ok
13:36:35.0113 0x1888  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
13:36:35.0120 0x1888  UfxChipidea - ok
13:36:35.0128 0x1888  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
13:36:35.0135 0x1888  ufxsynopsys - ok
13:36:35.0144 0x1888  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
13:36:35.0153 0x1888  UI0Detect - ok
13:36:35.0161 0x1888  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
13:36:35.0168 0x1888  uliagpkx - ok
13:36:35.0175 0x1888  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
13:36:35.0182 0x1888  umbus - ok
13:36:35.0189 0x1888  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
13:36:35.0195 0x1888  UmPass - ok
13:36:35.0205 0x1888  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
13:36:35.0217 0x1888  UmRdpService - ok
13:36:35.0238 0x1888  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
13:36:35.0267 0x1888  UnistoreSvc - ok
13:36:35.0283 0x1888  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:36:35.0300 0x1888  upnphost - ok
13:36:35.0311 0x1888  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
13:36:35.0317 0x1888  UrsChipidea - ok
13:36:35.0324 0x1888  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
13:36:35.0330 0x1888  UrsCx01000 - ok
13:36:35.0336 0x1888  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
13:36:35.0342 0x1888  UrsSynopsys - ok
13:36:35.0350 0x1888  [ 9F9D5E2086BB9AEEA96E9BF73B7B2D32, AFA84CE1E96C07EBFB7A05D0181C876E027B848AF6C6DB932765912B814CAF56 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
13:36:35.0359 0x1888  usbaudio - ok
13:36:35.0367 0x1888  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
13:36:35.0375 0x1888  usbccgp - ok
13:36:35.0382 0x1888  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
13:36:35.0390 0x1888  usbcir - ok
13:36:35.0398 0x1888  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
13:36:35.0405 0x1888  usbehci - ok
13:36:35.0417 0x1888  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
13:36:35.0430 0x1888  usbhub - ok
13:36:35.0444 0x1888  [ B7E1CAA9429E4C3E7E01CB35B97E1536, 11A6431C27821F247202AC9F18441FEA26544630461522C129F1671257C527BA ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
13:36:35.0464 0x1888  USBHUB3 - ok
13:36:35.0471 0x1888  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
13:36:35.0478 0x1888  usbohci - ok
13:36:35.0484 0x1888  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
13:36:35.0492 0x1888  usbprint - ok
13:36:35.0499 0x1888  [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
13:36:35.0513 0x1888  usbser - ok
13:36:35.0517 0x1888  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:36:35.0531 0x1888  USBSTOR - ok
13:36:35.0538 0x1888  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
13:36:35.0545 0x1888  usbuhci - ok
13:36:35.0554 0x1888  [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
13:36:35.0564 0x1888  usbvideo - ok
13:36:35.0575 0x1888  [ 325727F01F03C504CF788618A13DC266, 9F685113F714ADBC6DCD423CCD205F71E00D1AA9B5DD045B95E61E53B0F8E9AF ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:36:35.0586 0x1888  USBXHCI - ok
13:36:35.0612 0x1888  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
13:36:35.0646 0x1888  UserDataSvc - ok
13:36:35.0668 0x1888  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\WINDOWS\System32\usermgr.dll
13:36:35.0708 0x1888  UserManager - ok
13:36:35.0719 0x1888  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\WINDOWS\system32\usocore.dll
13:36:35.0735 0x1888  UsoSvc - ok
13:36:35.0743 0x1888  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
13:36:35.0749 0x1888  VaultSvc - ok
13:36:35.0755 0x1888  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
13:36:35.0762 0x1888  vdrvroot - ok
13:36:35.0776 0x1888  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\WINDOWS\System32\vds.exe
13:36:35.0798 0x1888  vds - ok
13:36:35.0807 0x1888  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
13:36:35.0815 0x1888  VerifierExt - ok
13:36:35.0831 0x1888  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
13:36:35.0847 0x1888  vhdmp - ok
13:36:35.0854 0x1888  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
13:36:35.0860 0x1888  vhf - ok
13:36:35.0867 0x1888  [ A6871C8BD95466FE14A39CE85034D0FB, 733195B84AE6175F3EE6F8CDBAC4F83ACB4595B243059E2E0C8BBA5733B32752 ] vjoy            C:\WINDOWS\System32\drivers\vjoy.sys
13:36:35.0880 0x1888  vjoy - ok
13:36:35.0886 0x1888  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
13:36:35.0893 0x1888  vmbus - ok
13:36:35.0897 0x1888  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
13:36:35.0904 0x1888  VMBusHID - ok
13:36:35.0913 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
13:36:35.0928 0x1888  vmicguestinterface - ok
13:36:35.0941 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
13:36:35.0956 0x1888  vmicheartbeat - ok
13:36:35.0968 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:36:35.0983 0x1888  vmickvpexchange - ok
13:36:35.0995 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
13:36:36.0011 0x1888  vmicrdv - ok
13:36:36.0023 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
13:36:36.0038 0x1888  vmicshutdown - ok
13:36:36.0051 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
13:36:36.0066 0x1888  vmictimesync - ok
13:36:36.0078 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
13:36:36.0093 0x1888  vmicvmsession - ok
13:36:36.0105 0x1888  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
13:36:36.0120 0x1888  vmicvss - ok
13:36:36.0128 0x1888  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
13:36:36.0135 0x1888  volmgr - ok
13:36:36.0145 0x1888  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
13:36:36.0155 0x1888  volmgrx - ok
13:36:36.0167 0x1888  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
13:36:36.0178 0x1888  volsnap - ok
13:36:36.0185 0x1888  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
13:36:36.0192 0x1888  vpci - ok
13:36:36.0199 0x1888  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
13:36:36.0207 0x1888  vsmraid - ok
13:36:36.0232 0x1888  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\WINDOWS\system32\vssvc.exe
13:36:36.0268 0x1888  VSS - ok
13:36:36.0279 0x1888  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
13:36:36.0288 0x1888  VSTXRAID - ok
13:36:36.0295 0x1888  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
13:36:36.0303 0x1888  vwifibus - ok
13:36:36.0310 0x1888  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
13:36:36.0319 0x1888  vwififlt - ok
13:36:36.0325 0x1888  [ 3BE5AAC930447FD18D4A8255A2FEC95C, A517357188FE4A5BD98A3CDB2165ACCE96CCE4BE2B90DDBEAF70B6DDF393F506 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
13:36:36.0334 0x1888  vwifimp - ok
13:36:36.0346 0x1888  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\WINDOWS\system32\w32time.dll
13:36:36.0365 0x1888  W32Time - ok
13:36:36.0372 0x1888  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
13:36:36.0379 0x1888  WacomPen - ok
13:36:36.0391 0x1888  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\WINDOWS\system32\WalletService.dll
13:36:36.0409 0x1888  WalletService - ok
13:36:36.0416 0x1888  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:36.0426 0x1888  wanarp - ok
13:36:36.0433 0x1888  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:36.0441 0x1888  wanarpv6 - ok
13:36:36.0467 0x1888  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
13:36:36.0504 0x1888  wbengine - ok
13:36:36.0516 0x1888  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
13:36:36.0536 0x1888  WbioSrvc - ok
13:36:36.0546 0x1888  [ E9A0D466F6D8EC349DB526146618BCB6, CFD6F3F979E4366A68FBEC3BE90A42BF3D65403A987E80741A720C0622871F32 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
13:36:36.0564 0x1888  Wcmsvc - ok
13:36:36.0576 0x1888  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
13:36:36.0593 0x1888  wcncsvc - ok
13:36:36.0600 0x1888  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:36:36.0609 0x1888  WcsPlugInService - ok
13:36:36.0616 0x1888  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
13:36:36.0622 0x1888  WdBoot - ok
13:36:36.0638 0x1888  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
13:36:36.0653 0x1888  Wdf01000 - ok
13:36:36.0664 0x1888  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
13:36:36.0673 0x1888  WdFilter - ok
13:36:36.0680 0x1888  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
13:36:36.0691 0x1888  WdiServiceHost - ok
13:36:36.0698 0x1888  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
13:36:36.0709 0x1888  WdiSystemHost - ok
13:36:36.0724 0x1888  [ E70DDD8E2245CC67547B0861983912D8, 64C73B1496FFF1F6BB3D877CB5BE54DE35C303AE234B11FC90038DC4F73241D9 ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
13:36:36.0744 0x1888  wdiwifi - ok
13:36:36.0752 0x1888  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:36:36.0759 0x1888  WdNisDrv - ok
13:36:36.0764 0x1888  WdNisSvc - ok
13:36:36.0770 0x1888  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:36:36.0783 0x1888  WebClient - ok
13:36:36.0792 0x1888  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
13:36:36.0804 0x1888  Wecsvc - ok
13:36:36.0810 0x1888  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
13:36:36.0820 0x1888  WEPHOSTSVC - ok
13:36:36.0827 0x1888  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
13:36:36.0839 0x1888  wercplsupport - ok
13:36:36.0848 0x1888  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
13:36:36.0861 0x1888  WerSvc - ok
13:36:36.0865 0x1888  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
13:36:36.0873 0x1888  WFPLWFS - ok
13:36:36.0880 0x1888  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
13:36:36.0889 0x1888  WiaRpc - ok
13:36:36.0895 0x1888  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
13:36:36.0906 0x1888  WIMMount - ok
13:36:36.0908 0x1888  WinDefend - ok
13:36:36.0917 0x1888  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
13:36:36.0924 0x1888  WindowsTrustedRT - ok
13:36:36.0931 0x1888  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
13:36:36.0936 0x1888  WindowsTrustedRTProxy - ok
13:36:36.0949 0x1888  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:36:36.0972 0x1888  WinHttpAutoProxySvc - ok
13:36:36.0979 0x1888  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
13:36:36.0985 0x1888  WinMad - ok
13:36:36.0992 0x1888  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:36:37.0004 0x1888  Winmgmt - ok
13:36:37.0042 0x1888  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
13:36:37.0097 0x1888  WinRM - ok
13:36:37.0109 0x1888  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
13:36:37.0116 0x1888  WINUSB - ok
13:36:37.0123 0x1888  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
13:36:37.0129 0x1888  WinVerbs - ok
13:36:37.0166 0x1888  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
13:36:37.0217 0x1888  WlanSvc - ok
13:36:37.0250 0x1888  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
13:36:37.0295 0x1e24  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
13:36:37.0299 0x1888  wlidsvc - ok
13:36:37.0308 0x1888  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
13:36:37.0314 0x1888  WmiAcpi - ok
13:36:37.0324 0x1888  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:36:37.0333 0x1888  wmiApSrv - ok
13:36:37.0339 0x1888  WMPNetworkSvc - ok
13:36:37.0344 0x1888  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
13:36:37.0353 0x1888  Wof - ok
13:36:37.0382 0x1888  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
13:36:37.0426 0x1888  workfolderssvc - ok
13:36:37.0435 0x1888  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:36:37.0442 0x1888  wpcfltr - ok
13:36:37.0449 0x1888  [ D282ECA35ADAC7A93D6B4943E775010B, A76A9698A95646FA63AC18DFFA02B744D7C6043934CBF6C37832ED2E6B21F570 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
13:36:37.0459 0x1888  WPDBusEnum - ok
13:36:37.0466 0x1888  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:36:37.0472 0x1888  WpdUpFltr - ok
13:36:37.0479 0x1888  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
13:36:37.0489 0x1888  WpnService - ok
13:36:37.0495 0x1888  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:36:37.0503 0x1888  ws2ifsl - ok
13:36:37.0512 0x1888  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
13:36:37.0529 0x1888  wscsvc - ok
13:36:37.0535 0x1888  [ F517CB0182B1DA5C0E0FC6B548FF60CC, F09CA4172D611487F157973C808627F04B0CF0A71CE19D49280BFBEA4AE6027B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
13:36:37.0542 0x1888  WSDPrintDevice - ok
13:36:37.0548 0x1888  [ 3A3294E2E5CBFC51999180C06051DDE9, 2EEE0A5BEBB366E4C12245E8175685CF2173E260B482A8EEB7F8255BA43C6CE3 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
13:36:37.0555 0x1888  WSDScan - ok
13:36:37.0557 0x1888  WSearch - ok
13:36:37.0607 0x1888  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\WINDOWS\System32\WSService.dll
13:36:37.0663 0x1888  WSService - ok
13:36:37.0706 0x1888  [ 722FA682ED9EA8B85FA843A5C8F39E61, 47B09984582E55C22450A851FAF00EBEC76CD46149B19B199916255D553C6BF8 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
13:36:37.0756 0x1888  wuauserv - ok
13:36:37.0765 0x1888  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
13:36:37.0773 0x1888  WudfPf - ok
13:36:37.0782 0x1888  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
13:36:37.0792 0x1888  WUDFRd - ok
13:36:37.0800 0x1888  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
13:36:37.0809 0x1888  wudfsvc - ok
13:36:37.0818 0x1888  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:36:37.0828 0x1888  WUDFWpdFs - ok
13:36:37.0836 0x1888  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:36:37.0846 0x1888  WUDFWpdMtp - ok
13:36:37.0869 0x1888  [ 417D1526811D9646A7E8779209F11361, 220FE28801474AB26579F2A37D792975D9AAD2384B420BCE52215B1389E08F91 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
13:36:37.0898 0x1888  WwanSvc - ok
13:36:37.0916 0x1888  [ 405A419F4CDAC3C18F91FEDBD146C0A8, 92A6539AE6FC1B140366A0F733FDB784CAFB2359C4E0E2DF80629FEEA2CBFC98 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
13:36:37.0942 0x1888  XblAuthManager - ok
13:36:37.0964 0x1888  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
13:36:37.0994 0x1888  XblGameSave - ok
13:36:38.0003 0x1888  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
13:36:38.0022 0x1888  xboxgip - ok
13:36:38.0038 0x1888  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
13:36:38.0080 0x1888  XboxNetApiSvc - ok
13:36:38.0088 0x1888  [ DBACD4E4FE191D0CE7C624ACA389535E, A706DA0A284398E80AEB6FBE1B5F6C3192C3F4D1C1B7533528D689D163374DDF ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
13:36:38.0099 0x1888  xinputhid - ok
13:36:38.0107 0x1888  [ DCF1C283860C3CAB0BF0A71528A0136C, DFC44E5337A8B37C54CA57D53F74E41BE2C0495AF2A566FE1E9A37C045BF4C84 ] XtuAcpiDriver   C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys
13:36:38.0125 0x1888  XtuAcpiDriver - ok
13:36:38.0125 0x1888  ================ Scan global ===============================
13:36:38.0132 0x1888  [ D923EC03E24F7633DED3F2D46AD59A28, C635DB4483E24BE0188583E63B06D0F37BDE7AD944E4D0246A7D19CBC3EA3A6B ] C:\WINDOWS\system32\basesrv.dll
13:36:38.0138 0x1888  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
13:36:38.0143 0x1888  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
13:36:38.0151 0x1888  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
13:36:38.0157 0x1888  [ Global ] - ok
13:36:38.0157 0x1888  ================ Scan MBR ==================================
13:36:38.0159 0x1888  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:36:38.0231 0x1888  \Device\Harddisk0\DR0 - ok
13:36:38.0232 0x1888  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:36:38.0282 0x1888  \Device\Harddisk1\DR1 - ok
13:36:38.0289 0x1888  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
13:36:38.0312 0x1888  \Device\Harddisk2\DR2 - ok
13:36:38.0313 0x1888  ================ Scan VBR ==================================
13:36:38.0316 0x1888  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
13:36:38.0316 0x1888  \Device\Harddisk0\DR0\Partition1 - ok
13:36:38.0321 0x1888  [ BA4916761C8957585A5AE0346E05F25A ] \Device\Harddisk0\DR0\Partition2
13:36:38.0371 0x1888  \Device\Harddisk0\DR0\Partition2 - ok
13:36:38.0375 0x1888  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
13:36:38.0375 0x1888  \Device\Harddisk1\DR1\Partition1 - ok
13:36:38.0380 0x1888  [ E6C2C2FE6889391097A1DA2E40A969C9 ] \Device\Harddisk1\DR1\Partition2
13:36:38.0425 0x1888  \Device\Harddisk1\DR1\Partition2 - ok
13:36:38.0432 0x1888  [ B47715D7655005C8FFA441085C2CA6DE ] \Device\Harddisk2\DR2\Partition1
13:36:38.0433 0x1888  \Device\Harddisk2\DR2\Partition1 - ok
13:36:38.0436 0x1888  [ 3E68CE9A232291DDF693B9DE27AB4D57 ] \Device\Harddisk2\DR2\Partition2
13:36:38.0437 0x1888  \Device\Harddisk2\DR2\Partition2 - ok
13:36:38.0439 0x1888  [ BD059BAC7A2DDF4F5FD1DBC0799D20A4 ] \Device\Harddisk2\DR2\Partition3
13:36:38.0439 0x1888  \Device\Harddisk2\DR2\Partition3 - ok
13:36:38.0441 0x1888  [ 284EE494EAEC6A9BE36F0022E4EFD285 ] \Device\Harddisk2\DR2\Partition4
13:36:38.0443 0x1888  \Device\Harddisk2\DR2\Partition4 - ok
13:36:38.0445 0x1888  [ 46370142D0CC92043A63900048F32085 ] \Device\Harddisk2\DR2\Partition5
13:36:38.0446 0x1888  \Device\Harddisk2\DR2\Partition5 - ok
13:36:38.0446 0x1888  ================ Scan generic autorun ======================
13:36:38.0496 0x1888  [ BC293F3C9621D40E1924A5715417F77C, 3EB1B0040566CE0DBA3FC65C5005B0F1E79BE9AB39CAD1398A45AAC3AB7AD733 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
13:36:38.0532 0x1888  NvBackend - ok
13:36:38.0541 0x1888  [ 0DCB89B1F3689BC6262FF30BBD603171, 594E6E07BC6B161469848A477F28211B70E759A8D369276810F622EE00D97783 ] C:\WINDOWS\system32\rundll32.exe
13:36:38.0553 0x1888  ShadowPlay - ok
13:36:38.0569 0x1888  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
13:36:38.0583 0x1888  XboxStat - ok
13:36:38.0596 0x1888  [ 4D3989C1259BF73F2543D81C0B75B30C, E9E413318C438762E8A64D24304F0CA9EBF030318AA10A5CD72EA03400F4B406 ] C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe
13:36:38.0606 0x1888  ADSKAppManager - ok
13:36:38.0612 0x1888  [ 86069F4F421FB355C41FD734500E477F, CB4CE22C3298280B033105875079A373D7E1ADEA15F0F71A2095CCA50CF7E5A5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
13:36:38.0645 0x1888  Avira SystrayStartTrigger - ok
13:36:38.0665 0x1888  [ 1CE11C53E562D5F7EAFCF47E0E696516, 4E8264DB3CA9B2344905BC2CAE6A9E73190A3CCF3D154B3CBDAF4F73F8FCD64B ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
13:36:38.0678 0x1888  avgnt - ok
13:36:38.0679 0x1888  RohosLogon - ok
13:36:38.0686 0x1888  Dropbox - ok
13:36:38.0808 0x1888  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:36:38.0928 0x1888  OneDriveSetup - ok
13:36:39.0043 0x1888  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:36:39.0138 0x1888  OneDriveSetup - ok
13:36:39.0157 0x1888  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\OneDrive.exe
13:36:39.0169 0x1888  OneDrive - ok
13:36:39.0214 0x1888  [ EE6CC60BE4B301A5665208E881BA011C, BB3E3A4D8FCB046DB8EA80DD6CCD3C52E250DC73A9578AAD8B1F57EED3DC0182 ] C:\Program Files (x86)\Steam\steam.exe
13:36:39.0253 0x1888  Steam - ok
13:36:39.0321 0x1888  [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\cwfix\AppData\Local\Akamai\netsession_win.exe
13:36:39.0835 0x1e24  Object send P2P result: true
13:36:39.0835 0x1e24  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
13:36:39.0911 0x1888  Akamai NetSession Interface - ok
13:36:39.0920 0x1888  Skype - ok
13:36:39.0922 0x1888  [ B6BB23CC11C91AC537DCFD682D4AFE6E, E6EEF0147774C4B4922DD34EDB3F646EBC6F37E2A455B7CAED7A4F83273E4A2D ] C:\Users\cwfix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoystickCurves\JoystickCurves.appref-ms
13:36:39.0929 0x1888  JoystickCurves - detected UnsignedFile.Multi.Generic ( 1 )
13:36:42.0252 0x1888  JoystickCurves ( UnsignedFile.Multi.Generic ) - warning
13:36:42.0403 0x1e24  Object send P2P result: true
13:36:42.0412 0x1e24  Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
13:36:44.0679 0x1888  [ 3E35B8E86B2558BD74C7B68226E6B4C0, A55A5E3C812C6ED2E5BCF876873BA0BC348BBB244BDF4D545142C6813929026B ] C:\Windows\SysWOW64\regsvr32.exe
13:36:44.0725 0x1888  YQCPack - ok
13:36:44.0744 0x1888  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
13:36:44.0767 0x1888  Uninstall C:\Users\cwfix\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 - ok
13:36:44.0768 0x1888  Waiting for KSN requests completion. In queue: 323
13:36:44.0955 0x1e24  Object send P2P result: true
13:36:44.0961 0x1e24  Object required for P2P: [ 3F3AFD531192D132C682C3B5E21EB0F3 ] NIHardwareService
13:36:45.0162 0x2768  Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
13:36:45.0769 0x1888  Waiting for KSN requests completion. In queue: 223
13:36:46.0769 0x1888  Waiting for KSN requests completion. In queue: 223
13:36:47.0092 0x26ec  Object required for P2P: [ 3E35B8E86B2558BD74C7B68226E6B4C0 ] C:\Windows\SysWOW64\regsvr32.exe
13:36:47.0556 0x1e24  Object send P2P result: true
13:36:47.0565 0x1e24  Object required for P2P: [ 597C022F2A7E5D31ED3BAD18C75D5552 ] nvlddmkm
13:36:47.0731 0x2768  Object send P2P result: true
13:36:47.0748 0x2768  Object required for P2P: [ EE6CC60BE4B301A5665208E881BA011C ] C:\Program Files (x86)\Steam\steam.exe
13:36:47.0769 0x1888  Waiting for KSN requests completion. In queue: 139
13:36:48.0770 0x1888  Waiting for KSN requests completion. In queue: 139
13:36:49.0631 0x26ec  Object send P2P result: true
13:36:49.0631 0x26ec  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\WINDOWS\system32\cmd.exe
13:36:49.0770 0x1888  Waiting for KSN requests completion. In queue: 138
13:36:50.0163 0x1e24  Object send P2P result: true
13:36:50.0171 0x1e24  Object required for P2P: [ 38885AE14957B271496CD7DA19CF2697 ] nvsvc
13:36:50.0336 0x2768  Object send P2P result: true
13:36:50.0770 0x1888  Waiting for KSN requests completion. In queue: 129
13:36:51.0771 0x1888  Waiting for KSN requests completion. In queue: 129
13:36:52.0187 0x26ec  Object send P2P result: true
13:36:52.0751 0x1e24  Object send P2P result: true
13:36:52.0761 0x1e24  Object required for P2P: [ AD43141CE6D5074DA1D28B5BCD4E4507 ] RetailDemo
13:36:52.0771 0x1888  Waiting for KSN requests completion. In queue: 81
13:36:53.0771 0x1888  Waiting for KSN requests completion. In queue: 81
13:36:54.0772 0x1888  Waiting for KSN requests completion. In queue: 81
13:36:55.0321 0x1e24  Object send P2P result: true
13:36:55.0330 0x1e24  Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
13:36:55.0772 0x1888  Waiting for KSN requests completion. In queue: 42
13:36:56.0772 0x1888  Waiting for KSN requests completion. In queue: 42
13:36:57.0773 0x1888  Waiting for KSN requests completion. In queue: 42
13:36:57.0906 0x1e24  Object send P2P result: true
13:36:57.0914 0x1e24  Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
13:36:58.0773 0x1888  Waiting for KSN requests completion. In queue: 20
13:36:59.0773 0x1888  Waiting for KSN requests completion. In queue: 20
13:37:00.0477 0x1e24  Object send P2P result: true
13:37:00.0799 0x1888  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.16.273 ), 0x40000 ( disabled : updated )
13:37:00.0800 0x1888  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
13:37:00.0807 0x1888  Win FW state via NFP2: enabled ( trusted )
13:37:03.0213 0x1888  ============================================================
13:37:03.0213 0x1888  Scan finished
13:37:03.0213 0x1888  ============================================================
13:37:03.0223 0x2ad8  Detected object count: 2
13:37:03.0223 0x2ad8  Actual detected object count: 2
13:37:42.0518 0x2ad8  Ds3Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:42.0518 0x2ad8  Ds3Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:37:42.0518 0x2ad8  JoystickCurves ( UnsignedFile.Multi.Generic ) - skipped by user
13:37:42.0518 0x2ad8  JoystickCurves ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 
Let me know if you need something else or I missed something. TY

  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Let me know if you need something else or I missed something. TY


Hello :)

TDSSKiller shows nothing, so let's continue with a sweep for orphans and remnants. Have you had anymore warnings?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes

Start the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner

Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log

  • 0

#10
DoubleChinLegion

DoubleChinLegion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bc5eb5896a754142811197d13ee6f3ec
# end=init
# utc_time=2016-03-30 09:10:15
# local_time=2016-03-30 05:10:15 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28827
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bc5eb5896a754142811197d13ee6f3ec
# end=updated
# utc_time=2016-03-30 09:12:21
# local_time=2016-03-30 05:12:21 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bc5eb5896a754142811197d13ee6f3ec
# engine=28827
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-30 10:57:41
# local_time=2016-03-30 06:57:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 0 10121596 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 12267604 0 0
# scanned=894984
# found=3
# cleaned=3
# scan_time=6319
sh=1CAA460CA5E1A46277C3045A18FF520CF2B6917C ft=0 fh=0000000000000000 vn="HTML/Iframe.B trojan (deleted)" ac=C fn="C:\Users\cwfix\AppData\Local\Microsoft\Windows\INetCache\Low\IE\7PFS1LVB\mF3fGd[1].htm"
sh=D2729A4023832FB9806B688F560C41D62C5D3A1F ft=1 fh=163fe2671697fce8 vn="Java/TrojanDownloader.Agent.NLI trojan (cleaned by deleting)" ac=C fn="C:\Users\cwfix\AppData\Roaming\d3dx10.exe"
sh=C73AAFC389CC8BB9D58E42BB5B2B5FE19C9CD508 ft=1 fh=bc69beefb6569389 vn="a variant of Win32/HackTool.Crack.DW potentially unsafe application (cleaned by deleting)" ac=C fn="D:\Program Files (x86)\R.G. Freedom\60 Seconds\steam_api.dll"
 
&&&&&&*&&&&&^
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/30/2016
Scan Time: 4:29 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.30.07
Rootkit Database: v2016.03.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: cwfix
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370936
Time Elapsed: 7 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Hope that helps!

  • 0

#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Have you had any more alerts/warnings?
  • 0

#12
DoubleChinLegion

DoubleChinLegion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Not yet, I'll let you know as soon as I see something.


  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Not yet, I'll let you know as soon as I see something.


Hello :)

That's good news. :thumbsup: Let's run a scan for out of date programs on the machine.


Step 1: Security Analysis

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
Things I need to see in your next post:
  • SecurityCheck Log

  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP