Not sure what you want to work that is not working. Is Cortana not working?
In AppX.jpg can you open up one of the odd numbered things so I can see what it does?
Admin tools all unavailable, seemingly fake dropbox and a few other pr
Started by
BrandiCopas
, Jul 11 2017 06:52 AM
Malware unknown virus
#107
Posted 10 August 2017 - 09:24 AM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
I'm sorry if it seems I'm all over the place. I suppose the purpose of those pics was to show you the different containers that have been set up, without my help at all, since July 14th, I think, anyway, then different versions of programs run in different spaces.
It has restricted access to several of the "management" tools, and items, even when I am able to access them, oftentimes it won't allow me to revise or make any changes to settings.
Cortana is now working, and the files as far as the AppX folders are attached. 
)
#108
Posted 10 August 2017 - 10:18 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
The first one looks like MS Contact:
See if you can remove it:
http://rzander.azure...port-windows10/
http://www.askvg.com...-feedback-apps/
Files with .job are left over from XP days. They are installed by programs that want to hedge their bets (or are too lazy to figure out that they are not on XP). They can't do anything since there is no application associated with them. I routinely remove them when I do a FRST fixlist.
My Documents does not really exist. It's just a construct to make old programs happy. Probably a shortcut with not users allowed to access it. You can right click on it and check.
#109
Posted 10 August 2017 - 11:30 AM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
I just found this log, in the older files, before what ever this is copied windows-keeping in mind, I don't use go to meeting, nor have I ever transferred any files with it.
2017-07-31 05:06:03.220 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 05:06:03.314 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 05:06:03.954 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 05:06:04.064 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 05:06:04.110 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 05:06:04.235 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 05:06:04.235 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 05:06:04.235 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 05:06:04.454 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 05:06:04.454 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 05:06:04.454 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 05:06:04.454 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 05:06:04.454 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 05:06:04.470 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 05:06:04.470 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 05:06:04.470 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 05:06:04.470 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 05:06:04.485 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 05:06:04.485 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 05:06:04.485 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 05:06:04.485 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 05:06:04.485 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 05:06:04.485 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 05:06:04.485 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 06:06:02.172 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 06:06:02.173 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 06:06:02.322 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 06:06:02.323 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 06:06:02.324 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 06:06:02.326 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 06:06:02.327 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 06:06:02.329 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 06:06:02.363 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 06:06:02.365 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 06:06:02.367 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 06:06:02.368 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 06:06:02.369 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 06:06:02.369 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 06:06:02.370 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 06:06:02.371 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 06:06:02.371 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 06:06:02.373 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 06:06:02.375 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 06:06:02.376 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 06:06:02.376 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 06:06:02.377 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 06:06:02.380 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 06:06:02.382 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 06:06:02.382 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 06:06:02.383 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 06:06:02.383 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 06:06:02.384 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 06:06:02.385 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 06:06:02.386 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 07:06:01.720 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 07:06:01.720 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 07:06:01.939 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 07:06:01.939 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 07:06:01.939 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 07:06:01.939 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 07:06:01.939 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 07:06:01.939 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 07:06:01.955 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 07:06:01.955 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 07:06:01.955 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 07:06:01.955 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 07:06:01.955 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 07:06:01.955 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 07:06:01.970 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 07:06:01.970 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 07:06:01.970 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 07:06:01.970 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 07:06:01.970 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 07:06:01.970 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 08:06:01.591 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 08:06:01.605 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 08:06:01.867 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 08:06:01.867 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 08:06:01.867 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 08:06:01.867 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 08:06:01.883 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 08:06:01.883 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 08:06:01.961 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 08:06:01.977 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 08:06:01.992 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 08:06:01.992 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 08:06:01.992 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 08:06:02.024 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 08:06:02.024 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 08:06:02.024 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 08:06:02.024 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 08:06:02.024 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 08:06:02.024 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 08:06:02.024 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 08:06:02.024 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 09:06:01.427 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 09:06:01.442 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 09:06:01.677 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 09:06:01.677 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 09:06:01.692 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 09:06:01.692 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 09:06:01.692 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 09:06:01.692 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 09:06:01.708 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 09:06:01.708 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 09:06:01.708 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 09:06:01.708 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 09:06:01.724 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 09:06:01.724 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 09:06:01.724 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 09:06:01.755 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 09:06:01.755 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 09:06:01.755 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 09:06:01.755 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 09:06:01.755 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 09:06:01.755 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 09:06:01.755 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 09:06:01.755 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 10:06:00.880 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 10:06:00.880 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 10:06:01.036 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 10:06:01.036 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 10:06:01.036 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 10:06:01.052 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 10:06:01.052 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 10:06:01.052 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 10:06:01.052 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 10:06:01.067 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 10:06:01.067 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 10:06:01.067 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 10:06:01.067 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 10:06:01.067 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 10:06:01.067 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 10:06:01.067 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 11:06:01.678 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 11:06:01.678 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 11:06:01.834 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 11:06:01.834 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 11:06:01.834 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 11:06:01.834 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 11:06:01.834 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 11:06:01.834 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 11:06:01.850 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 11:06:01.850 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 11:06:01.866 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 11:06:01.866 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 11:06:01.866 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 11:06:01.866 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 11:06:01.866 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 11:06:01.866 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 11:06:01.866 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 11:06:01.866 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 11:06:01.866 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 12:06:00.876 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 12:06:00.876 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 12:06:01.027 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 12:06:01.029 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 12:06:01.030 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 12:06:01.031 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 12:06:01.033 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 12:06:01.034 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 12:06:01.038 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 12:06:01.039 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 12:06:01.040 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 12:06:01.042 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 12:06:01.043 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 12:06:01.045 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 12:06:01.046 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 12:06:01.047 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 12:06:01.048 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 12:06:01.049 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 12:06:01.050 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 12:06:01.052 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 12:06:01.053 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 12:06:01.054 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 12:06:01.057 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 12:06:01.060 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 12:06:01.061 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 12:06:01.062 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 12:06:01.064 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 12:06:01.065 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 12:06:01.066 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 12:06:01.067 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 13:06:01.843 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 13:06:01.843 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 13:06:02.093 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 13:06:02.093 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 13:06:02.109 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 13:06:02.109 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 13:06:02.109 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 13:06:02.109 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 13:06:02.124 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 13:06:02.124 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 13:06:02.124 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 13:06:02.140 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 13:06:02.140 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 13:06:02.140 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 13:06:02.140 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 13:06:02.140 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 13:06:02.140 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 13:06:02.140 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 13:06:02.140 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 14:06:02.463 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 14:06:02.463 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 14:06:02.682 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 14:06:02.698 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 14:06:02.698 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 14:06:02.698 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 14:06:02.698 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 14:06:02.698 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 14:06:02.698 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 14:06:02.698 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 14:06:02.713 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 14:06:02.713 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 14:06:02.713 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 14:06:02.713 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 14:06:02.729 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 14:06:02.729 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 14:06:02.729 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 14:06:02.729 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 14:06:02.729 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 14:06:02.729 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 14:06:02.729 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 15:06:01.927 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 15:06:01.927 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 15:06:02.099 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 15:06:02.161 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 15:06:02.161 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 15:06:02.161 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 15:06:02.161 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 15:06:02.161 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 15:06:02.177 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 15:06:02.193 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 15:06:02.193 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 15:06:02.193 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 15:06:02.193 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 15:06:02.193 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 15:06:02.193 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 15:06:02.193 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 15:06:02.193 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 15:06:02.208 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 15:06:02.208 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 15:06:02.208 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 15:06:02.208 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 15:06:02.208 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 15:06:02.208 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 16:06:02.083 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 16:06:02.099 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 16:06:02.380 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 16:06:02.380 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 16:06:02.380 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 16:06:02.380 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 16:06:02.395 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 16:06:02.411 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 16:06:02.442 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 16:06:02.458 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 16:06:02.474 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 16:06:02.474 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 16:06:02.474 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 16:06:02.474 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 16:06:02.474 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 16:06:02.474 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 16:06:02.489 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 16:06:02.489 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 16:06:02.489 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 16:06:02.489 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 16:06:02.489 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 17:06:01.395 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 17:06:01.395 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 17:06:01.552 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 17:06:01.552 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 17:06:01.552 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 17:06:01.552 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 17:06:01.552 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 17:06:01.552 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 17:06:01.552 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 17:06:01.567 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 17:06:01.567 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 17:06:01.567 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 17:06:01.583 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 17:06:01.583 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 17:06:01.583 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 17:06:01.583 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 17:06:01.583 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 17:06:01.583 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 17:06:01.583 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 17:06:01.583 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 18:06:00.864 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 18:06:00.895 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 18:06:01.036 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 18:06:01.036 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 18:06:01.036 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 18:06:01.036 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 18:06:01.036 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 18:06:01.036 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 18:06:01.036 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 18:06:01.051 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 18:06:01.051 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 18:06:01.067 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 18:06:01.067 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 18:06:01.067 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 18:06:01.067 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 18:06:01.067 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 18:06:01.067 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 18:06:01.067 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 18:06:01.067 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 18:06:01.067 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 19:06:01.801 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 19:06:01.817 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 19:06:01.973 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 19:06:01.973 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 19:06:01.973 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 19:06:01.989 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 19:06:01.989 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 19:06:01.989 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 19:06:02.004 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 19:06:02.004 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 19:06:02.004 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 19:06:02.004 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 19:06:02.004 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 19:06:02.004 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 19:06:02.004 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 19:06:02.004 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 20:06:01.541 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 20:06:01.557 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 20:06:01.697 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 20:06:01.697 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 20:06:01.697 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 20:06:01.697 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 20:06:01.697 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 20:06:01.697 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 20:06:01.713 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 20:06:01.729 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 20:06:01.729 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 20:06:01.729 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 20:06:01.729 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 20:06:01.729 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 20:06:01.729 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 20:06:01.729 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 20:06:01.729 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 20:06:01.729 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 20:06:01.729 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 21:06:03.054 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 21:06:03.101 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 21:06:03.507 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 21:06:03.523 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 21:06:03.539 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 21:06:03.539 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 21:06:03.554 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 21:06:03.570 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 21:06:03.586 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 21:06:03.601 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 21:06:03.632 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 21:06:03.632 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 21:06:03.632 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 21:06:03.648 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 21:06:03.648 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 21:06:03.648 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 21:06:03.648 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 21:06:03.648 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 21:06:03.648 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 21:06:03.648 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 21:06:03.648 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-07-31 23:06:02.129 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-07-31 23:06:02.176 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-07-31 23:06:02.348 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-07-31 23:06:02.348 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-07-31 23:06:02.348 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-07-31 23:06:02.348 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-07-31 23:06:02.348 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-07-31 23:06:02.348 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-07-31 23:06:02.364 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-07-31 23:06:02.364 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 23:06:02.364 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-07-31 23:06:02.379 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 23:06:02.379 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-07-31 23:06:02.379 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-07-31 23:06:02.379 PST i: [g2mupdate] <main> Installing service SSL factory
2017-07-31 23:06:02.379 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-07-31 23:06:02.379 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-07-31 23:06:02.379 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-07-31 23:06:02.379 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-08-01 00:06:02.451 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-08-01 00:06:02.466 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-08-01 00:06:02.670 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-08-01 00:06:02.670 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-08-01 00:06:02.670 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-08-01 00:06:02.670 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-08-01 00:06:02.670 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-08-01 00:06:02.670 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-08-01 00:06:02.685 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-08-01 00:06:02.701 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 00:06:02.701 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 00:06:02.701 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 00:06:02.701 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-08-01 00:06:02.701 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> Installing service SSL factory
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-08-01 00:06:02.701 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-08-01 01:06:01.951 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-08-01 01:06:01.951 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-08-01 01:06:02.091 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-08-01 01:06:02.091 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-08-01 01:06:02.091 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-08-01 01:06:02.091 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-08-01 01:06:02.091 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-08-01 01:06:02.091 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-08-01 01:06:02.107 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-08-01 01:06:02.107 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 01:06:02.107 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 01:06:02.122 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 01:06:02.122 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-08-01 01:06:02.122 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 01:06:02.122 PST i: [g2mupdate] <main> Installing service SSL factory
2017-08-01 01:06:02.122 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-08-01 01:06:02.122 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-08-01 01:06:02.122 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-08-01 01:06:02.122 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-08-01 02:06:01.529 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-08-01 02:06:01.529 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-08-01 02:06:01.685 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-08-01 02:06:01.685 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-08-01 02:06:01.685 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-08-01 02:06:01.700 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-08-01 02:06:01.716 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-08-01 02:06:01.716 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-08-01 02:06:01.716 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-08-01 02:06:01.716 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-08-01 02:06:01.716 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 02:06:01.716 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 02:06:01.716 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 02:06:01.716 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-08-01 02:06:01.716 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 02:06:01.716 PST i: [g2mupdate] <main> Installing service SSL factory
2017-08-01 02:06:01.716 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-08-01 02:06:01.732 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-08-01 02:06:01.732 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-08-01 02:06:01.732 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-08-01 02:06:01.732 PST d: [g2mupdate] <main> g2mupdate::G2MUpdate::downloadUpdateInfo() - Downloading update info file from 'https://p5.osdimg.co...ve/config.json'
2017-08-01 02:06:02.263 PST i: [g2mupdate] <LinkConnectMonitorInit> JLinkConnectMonitorWin32: initialization complete
2017-08-01 02:06:02.716 PST d: [g2mupdate] <main> g2mupdate::G2MUpdate::scheduleNextUpdateCheck() - Next update check scheduled for '2017-08-02 22:09:13'
2017-08-01 02:06:02.779 PST d: [g2mupdate] <WindowsShutDownMonitorThread> >>> WindowsShutDownMonitorThread::run()
2017-08-01 02:06:02.794 PST d: [g2mupdate] <WindowsShutDownMonitorThread> <<< WindowsShutDownMonitorThread::run()
2017-08-01 02:06:02.794 PST d: [g2mupdate] <main> InetAPI::shutdown()
2017-08-01 02:06:02.825 PST i: [g2mupdate] <LinkConnectMonitorInit> JLinkConnectMonitorWin32: shutting down
2017-08-01 02:06:02.904 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::~CBareConnMgr()
2017-08-01 02:06:02.904 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::_cleanup()
2017-08-01 02:06:02.904 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::_cleanup()
2017-08-01 02:06:02.904 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::~CBareConnMgr()
2017-08-01 02:06:02.904 PST d: [g2mupdate] <main> >>> CLoggingForward::uninstall()
2017-08-01 02:06:02.904 PST d: [g2mupdate] <main> <<< CLoggingForward::uninstall()
2017-08-01 03:06:02.122 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-08-01 03:06:02.122 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-08-01 03:06:02.278 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-08-01 03:06:02.278 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-08-01 03:06:02.278 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-08-01 03:06:02.294 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-08-01 03:06:02.294 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 03:06:02.294 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 03:06:02.294 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 03:06:02.310 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-08-01 03:06:02.310 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 03:06:02.310 PST i: [g2mupdate] <main> Installing service SSL factory
2017-08-01 03:06:02.310 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-08-01 03:06:02.310 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-08-01 03:06:02.310 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-08-01 03:06:02.310 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
2017-08-01 04:06:01.830 PST i: [g2mupdate] <main> GoToMeeting 7.22.1 Build 5530 G2MUpdate started
2017-08-01 04:06:01.830 PST d: [g2mupdate] <main> colcrypto::openssl::LibraryMgr::_initializeAndStart()
2017-08-01 04:06:02.002 PST d: [g2mupdate] <main> CLogFileCreator::init() - log dir: C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\
2017-08-01 04:06:02.002 PST d: [g2mupdate] <main> InetAPI::initializeForG2M()
2017-08-01 04:06:02.002 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::JInetConfig()-IOSPROXY; Creating JInetConfig object.
2017-08-01 04:06:02.002 PST i: [g2mupdate] <main> Installing service JInet Configuration
2017-08-01 04:06:02.002 PST i: [g2mupdate] <main> Installing Authentication Provider service
2017-08-01 04:06:02.002 PST i: [g2mupdate] <main> Installing Credentials Monitor service
2017-08-01 04:06:02.002 PST i: [g2mupdate] <main> Link Connect Monitoring is Enabled
2017-08-01 04:06:02.002 PST i: [g2mupdate] <main> Installing service HTTPS spec provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service HTTPS direct spec provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service HTTPS socket provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service WebSocket socket provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service JEDI spec provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service JEDI cached spec provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service JEDI direct spec provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service JEDI socket provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service Probe socket provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> Installing service FFO socket provider
2017-08-01 04:06:02.017 PST i: [g2mupdate] <main> AbstractCertificateLoader::_load: loaded live certificates
2017-08-01 04:06:02.017 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 04:06:02.017 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CBareConnMgr::CBareConnMgr()
2017-08-01 04:06:02.017 PST d: [g2mupdate] <main> >>> linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 04:06:02.017 PST d: [g2mupdate] <main> ## SLS - Successfully installed 12 trusted certificate(s).
2017-08-01 04:06:02.017 PST d: [g2mupdate] <main> <<< linksec::stream::openssl::CLibraryUtils::addTrustedCerts()
2017-08-01 04:06:02.033 PST i: [g2mupdate] <main> Installing service SSL factory
2017-08-01 04:06:02.033 PST i: [g2mupdate] <main> Installing service UDP spec provider
2017-08-01 04:06:02.033 PST i: [g2mupdate] <main> Installing service UDP socket provider
2017-08-01 04:06:02.033 PST i: [g2mupdate] <main> Installing ProxySnapshot service
2017-08-01 04:06:02.033 PST i: [g2mupdate] <main> comm::jinet::JInetConfig::getSnapshotSnifferCreators()-IOSPROXY; Getting the sniffer creators.
#110
Posted 10 August 2017 - 12:09 PM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
Not sure if you've see this or not, but it's pretty much to a tee, what's going on. AND I'm not sure that updates are actually working
https://portal.msrc....dd-000d3a32fc99
#111
Posted 10 August 2017 - 12:10 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
You have some remnants of g2m from back in 2004 plus a task that updates it. I have made a fixlist to remove the traces plus some other deadwood:
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that
Run FRST again as before. Make sure Addition.txt is checked (and all of the boxes under White lIst) and hit Scan. Post both logs.
#112
Posted 10 August 2017 - 12:16 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Just an addition to my last post since I did not see yours until I posted.
You have:
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
so you should be good to go.
You can search for
windows update
and hit Enter
then click on View Update History to see if things are being installed/
#113
Posted 10 August 2017 - 01:33 PM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
Hi, Thank you for the help!!! ) I think this is one of them you wanted? Sorry first fix list ) I'm running new scans now, wanted to let you know that the updates aren't updating.
) I think this is one of them you wanted? Sorry first fix list ) I'm running new scans now, wanted to let you know that the updates aren't updating. 
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by AIRWORX 2 (10-08-2017 12:24:29) Run:1
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Toolbar: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin HKU\S-1-5-21-2671885098-678752524-1400920573-1001: @citrixonline.com/appdetectorplugin -> C:\Users\AIRWORX 2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-02] (Citrix Online)
Task: {A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} - System32\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (CitrixOnline,adivisionofCitrixSystems,Inc.)
Task: {0A1E4A40-752E-425E-B7D0-0A0AE002C93C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {259AE203-7AAC-4A0D-93DD-5EB4EE090A28} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2E84AC4F-16D2-4F2F-AF13-EF11260452E1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438F072B-AAE9-40AF-AC57-02A64C04DE3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4F1C7B6F-3451-443B-A7EA-F05EF590C939} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {78F037B8-98B7-4FB4-8208-86D30D156F8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A06C2463-6FDA-437F-BFAC-91F03898B57C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AF0278DE-91EC-48AE-BDAF-F7FE516AF428} - System32\Tasks\{32B26120-173E-4516-BA92-CE080FB3608E} => C:\WINDOWS\system32\pcalua.exe -a F:\Display_menu.exe -d F:\
Task: {CE775C70-F807-4E1F-891C-712F82A9408E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D7E60E76-AB93-449D-99DB-17494EB2C958} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
MSCONFIG\Services: GoToAssist => 3
HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
2017-07-24 09:42 - 2017-07-24 09:42 - 005146944 _____ (Seagate) C:\Users\AIRWORX 2\AppData\Local\Temp\6E330CFC-ACCF-452F-A6C9-1B82B0413B6D.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
*****************
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin => key removed successfully
C:\Users\AIRWORX 2\AppData\Local\Citrix\Plugins\104\npappdetector.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} => key removed successfully
C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A1E4A40-752E-425E-B7D0-0A0AE002C93C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A1E4A40-752E-425E-B7D0-0A0AE002C93C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{259AE203-7AAC-4A0D-93DD-5EB4EE090A28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{259AE203-7AAC-4A0D-93DD-5EB4EE090A28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E84AC4F-16D2-4F2F-AF13-EF11260452E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E84AC4F-16D2-4F2F-AF13-EF11260452E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{438F072B-AAE9-40AF-AC57-02A64C04DE3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438F072B-AAE9-40AF-AC57-02A64C04DE3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F1C7B6F-3451-443B-A7EA-F05EF590C939} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F1C7B6F-3451-443B-A7EA-F05EF590C939} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78F037B8-98B7-4FB4-8208-86D30D156F8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78F037B8-98B7-4FB4-8208-86D30D156F8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06C2463-6FDA-437F-BFAC-91F03898B57C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06C2463-6FDA-437F-BFAC-91F03898B57C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0278DE-91EC-48AE-BDAF-F7FE516AF428} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0278DE-91EC-48AE-BDAF-F7FE516AF428} => key removed successfully
C:\WINDOWS\System32\Tasks\{32B26120-173E-4516-BA92-CE080FB3608E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32B26120-173E-4516-BA92-CE080FB3608E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE775C70-F807-4E1F-891C-712F82A9408E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE775C70-F807-4E1F-891C-712F82A9408E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7E60E76-AB93-449D-99DB-17494EB2C958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7E60E76-AB93-449D-99DB-17494EB2C958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6.job => moved successfully
C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GoToAssist => key removed successfully
HKLM\System\CurrentControlSet\Services\GoToAssist => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Seagate Scheduler2 Service => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Seagate Scheduler2 Service => value not found.
C:\Users\AIRWORX 2\AppData\Local\Temp\6E330CFC-ACCF-452F-A6C9-1B82B0413B6D.exe => moved successfully
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
========= End of CMD: =========
==== End of Fixlog 12:25:14 ====
#114
Posted 10 August 2017 - 01:33 PM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
Hi, Thank you for the help!!! ) I think this is one of them you wanted? Sorry first fix list ) I'm running new scans now, wanted to let you know that the updates aren't updating.
) I think this is one of them you wanted? Sorry first fix list ) I'm running new scans now, wanted to let you know that the updates aren't updating.
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by AIRWORX 2 (10-08-2017 12:24:29) Run:1
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Toolbar: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin HKU\S-1-5-21-2671885098-678752524-1400920573-1001: @citrixonline.com/appdetectorplugin -> C:\Users\AIRWORX 2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-02] (Citrix Online)
Task: {A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} - System32\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (CitrixOnline,adivisionofCitrixSystems,Inc.)
Task: {0A1E4A40-752E-425E-B7D0-0A0AE002C93C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {259AE203-7AAC-4A0D-93DD-5EB4EE090A28} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2E84AC4F-16D2-4F2F-AF13-EF11260452E1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {438F072B-AAE9-40AF-AC57-02A64C04DE3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4F1C7B6F-3451-443B-A7EA-F05EF590C939} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {78F037B8-98B7-4FB4-8208-86D30D156F8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A06C2463-6FDA-437F-BFAC-91F03898B57C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AF0278DE-91EC-48AE-BDAF-F7FE516AF428} - System32\Tasks\{32B26120-173E-4516-BA92-CE080FB3608E} => C:\WINDOWS\system32\pcalua.exe -a F:\Display_menu.exe -d F:\
Task: {CE775C70-F807-4E1F-891C-712F82A9408E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D7E60E76-AB93-449D-99DB-17494EB2C958} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
MSCONFIG\Services: GoToAssist => 3
HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
2017-07-24 09:42 - 2017-07-24 09:42 - 005146944 _____ (Seagate) C:\Users\AIRWORX 2\AppData\Local\Temp\6E330CFC-ACCF-452F-A6C9-1B82B0413B6D.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
*****************
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin => key removed successfully
C:\Users\AIRWORX 2\AppData\Local\Citrix\Plugins\104\npappdetector.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} => key removed successfully
C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A1E4A40-752E-425E-B7D0-0A0AE002C93C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A1E4A40-752E-425E-B7D0-0A0AE002C93C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{259AE203-7AAC-4A0D-93DD-5EB4EE090A28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{259AE203-7AAC-4A0D-93DD-5EB4EE090A28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E84AC4F-16D2-4F2F-AF13-EF11260452E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E84AC4F-16D2-4F2F-AF13-EF11260452E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{438F072B-AAE9-40AF-AC57-02A64C04DE3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438F072B-AAE9-40AF-AC57-02A64C04DE3D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F1C7B6F-3451-443B-A7EA-F05EF590C939} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F1C7B6F-3451-443B-A7EA-F05EF590C939} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78F037B8-98B7-4FB4-8208-86D30D156F8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78F037B8-98B7-4FB4-8208-86D30D156F8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06C2463-6FDA-437F-BFAC-91F03898B57C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06C2463-6FDA-437F-BFAC-91F03898B57C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0278DE-91EC-48AE-BDAF-F7FE516AF428} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0278DE-91EC-48AE-BDAF-F7FE516AF428} => key removed successfully
C:\WINDOWS\System32\Tasks\{32B26120-173E-4516-BA92-CE080FB3608E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32B26120-173E-4516-BA92-CE080FB3608E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE775C70-F807-4E1F-891C-712F82A9408E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE775C70-F807-4E1F-891C-712F82A9408E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7E60E76-AB93-449D-99DB-17494EB2C958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7E60E76-AB93-449D-99DB-17494EB2C958} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6.job => moved successfully
C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GoToAssist => key removed successfully
HKLM\System\CurrentControlSet\Services\GoToAssist => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Seagate Scheduler2 Service => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Seagate Scheduler2 Service => value not found.
C:\Users\AIRWORX 2\AppData\Local\Temp\6E330CFC-ACCF-452F-A6C9-1B82B0413B6D.exe => moved successfully
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
========= End of CMD: =========
==== End of Fixlog 12:25:14 ====
#115
Posted 10 August 2017 - 01:35 PM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
Results of new scan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by AIRWORX 2 (administrator) on AIRWORX2-PC (10-08-2017 12:26:55)
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(DigiData Corp.) C:\Program Files (x86)\Cox\Drag and Drop Backup\vewatch.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\AIRWORX 2\Desktop\FRST64 (2).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM\...\Policies\Explorer: [0] 0
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{fa3ce8d6-7afe-4ad0-a04f-b501407fe7a5}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1499697116239
DPF: HKLM-x32 {D66F9BB1-7D8E-4A96-9166-20FCC91CBFE9} hxxp://99.7.214.118/FDSH_DVR.CAB
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3563
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-26] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 10
CHR StartupUrls: Profile 10 -> "hxxps://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/","hxxps://www.google.com/","hxxps://productforums.google.com/forum/#!topic/chrome/KobCsRA5DC4"
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-28]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10 [2017-08-10]
CHR Extension: (Google Slides) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28]
CHR Extension: (Google Docs) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Google Sheets) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-28]
CHR Extension: (Gmail) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AppHostSvc; C:\WINDOWS\system32\inetsrv\apphostsvc.dll [64512 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AppHostSvc; C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll [56832 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [120320 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [138752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [585216 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2804736 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [625152 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1357824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [111616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BFE; C:\WINDOWS\System32\bfe.dll [815616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\System32\qmgr.dll [1159680 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [847872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 Browser; C:\WINDOWS\System32\browser.dll [133120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [431616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\WINDOWS\system32\bthserv.dll [154112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [970240 2017-07-14] (Microsoft Corporation) [File not signed]
S2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [489984 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [455168 2017-03-18] (Microsoft Corporation) [File not signed]
R3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [304128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [86528 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [2516480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [536064 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [394240 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [55296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [282624 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1305088 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DPS; C:\WINDOWS\system32\dps.dll [168448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [233984 2017-03-18] (Microsoft Corporation) [File not signed]
R3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [149504 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [108032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EFS; C:\WINDOWS\system32\efssvc.dll [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-08-09] (ESET)
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [149504 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33464 2016-11-08] (Microsoft Corporation)
S3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [301056 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1737216 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\system32\es.dll [452096 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [331776 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121856 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1888256 2017-07-14] (Microsoft Corporation) [File not signed]
S4 FrameServer; C:\WINDOWS\system32\FrameServer.dll [600064 2017-07-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1269248 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [34304 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [269312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [463360 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [396288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [210432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [934912 2017-03-18] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [996864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [93696 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [303616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [272384 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [43520 2017-03-18] (Microsoft Corporation) [File not signed]
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [268800 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LSM; C:\WINDOWS\System32\lsm.dll [706048 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MapsBroker; C:\WINDOWS\System32\moshost.dll [90624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [51712 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [972288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [8933 2017-08-07] () [File not signed]
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [334848 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [777216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [665600 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netman; C:\WINDOWS\System32\netman.dll [253440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [261632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [491520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [1046016 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [30720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [342528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
S4 p2psvc; C:\WINDOWS\system32\p2psvc.dll [421376 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [772096 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [182272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\system32\pla.dll [1462272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [458240 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Power; C:\WINDOWS\system32\umpo.dll [148480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [413696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [278016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [239104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [873472 2017-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [490496 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [406528 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [154624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [647168 2017-07-14] (Microsoft Corporation) [File not signed]
R3 RmSvc; C:\WINDOWS\System32\RMapi.dll [152576 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [77824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250368 2017-07-14] (Microsoft Corporation) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [200192 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [145920 2017-03-18] (Microsoft Corporation) [File not signed]
R3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorService; C:\WINDOWS\system32\SensorService.dll [548864 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [205824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [337408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [537600 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [612864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564224 2017-03-18] (Microsoft Corporation) [File not signed]
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [192512 2017-07-14] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2017-03-18] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [582656 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [208384 2017-03-18] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [634368 2017-03-18] (Microsoft Corporation) [File not signed]
R3 StorSvc; C:\WINDOWS\system32\storsvc.dll [750080 2017-07-14] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 swprv; C:\WINDOWS\System32\swprv.dll [460800 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [972800 2017-07-14] (Microsoft Corporation) [File not signed]
R2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [292352 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [147456 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [306688 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TermService; C:\WINDOWS\System32\termsrv.dll [992256 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [632832 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [165888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1054208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [799232 2017-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [121344 2017-03-18] (Microsoft Corporation) [File not signed]
S4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95744 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [274944 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1177600 2017-07-14] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [969728 2017-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [432128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [325120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1628672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UsoSvc; C:\WINDOWS\system32\usocore.dll [681984 2017-07-14] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [346624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [82432 2017-07-14] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [428032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\system32\inetsrv\iisw3adm.dll [559104 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [497664 2017-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1528832 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [942592 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [802816 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [463872 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [224256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [196608 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [202752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [176640 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [555008 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-14] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [221696 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2757120 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2354688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wisvc; C:\WINDOWS\system32\flightsettings.dll [699904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2425856 2017-03-18] (Microsoft Corporation) [File not signed]
R3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2155008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [199168 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1177088 2017-03-17] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [86016 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [276480 2017-03-18] (Microsoft Corporation) [File not signed]
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [72704 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [208896 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-07-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2444288 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1396224 2017-07-14] (Microsoft Corporation) [File not signed]
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1013248 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1135104 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008 2017-07-14] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [238080 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [20480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14848 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
R1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [176640 2017-03-18] (Microsoft Corporation) [File not signed]
R3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [172544 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-03-18] (Qualcomm Atheros Communications, Inc.) [File not signed]
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [35840 2017-07-14] (Microsoft Corporation) [File not signed]
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2017-03-18] (Windows ® Win 7 DDK provider) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
R3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
S3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [32256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [122880 2017-03-18] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [93184 2017-03-18] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [160256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [49152 2017-03-18] (Microsoft Corporation) [File not signed]
S2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 clreg; C:\WINDOWS\System32\drivers\registry.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [30208 2017-03-18] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [150528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-08-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-03-09] (ESET)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2017-07-27] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [347136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32768 2017-03-18] (Microsoft Corporation) [File not signed]
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [54272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [21504 2017-03-18] (Microsoft Corporation) [File not signed]
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HdAudAddService; C:\WINDOWS\system32\DRIVERS\HdAudio.sys [416256 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [86528 2017-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [106496 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [52224 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [40960 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [115200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2017-03-18] (Intel® Corporation) [File not signed]
S3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2017-03-18] (Intel® Corporation) [File not signed]
S3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2017-03-18] (Intel Corporation) [File not signed]
S3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [193536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [87040 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [214528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19968 2017-03-18] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [23040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [27136 2017-07-14] (Microsoft Corporation) [File not signed]
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2017-03-18] (Qualcomm Atheros Co., Ltd.) [File not signed]
R2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
R2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [124928 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2017-03-18] (Microsoft Corporation) [File not signed]
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [33280 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [76800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [144384 2017-03-18] (Microsoft Corporation) [File not signed]
S4 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [285696 2017-07-14] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [115712 2017-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2017-03-18] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [32768 2017-07-14] (Microsoft Corporation) [File not signed]
R2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [83456 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [549888 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [128512 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [65536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
R3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [62464 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [127488 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2014-06-10] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [305152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [118784 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-01-08] (CACE Technologies, Inc.)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [69120 2017-03-18] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 nvdimmn; C:\WINDOWS\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [741376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [172032 2017-03-18] (Microsoft Corporation) [File not signed]
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [91976 2017-08-10] (Sysinternals - www.sysinternals.com)
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [49664 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [108544 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [107008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [183296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [82432 2017-03-18] (Microsoft Corporation) [File not signed]
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2016-10-27] (Realsil Semiconductor Corporation)
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [26112 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Serial; C:\WINDOWS\System32\drivers\serial.sys [84480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [414208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [722944 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [255488 2017-03-18] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (IDT, Inc.) [File not signed]
S3 StillCam; C:\WINDOWS\system32\DRIVERS\serscan.sys [13312 2017-03-18] (Microsoft Corporation) [File not signed]
R2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64512 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-04] ()
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [61440 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [162304 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [179200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2017-03-18] (Microsoft Corporation) [File not signed]
R4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [324096 2017-03-18] (Microsoft Corporation) [File not signed]
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [57856 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [103424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [71680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2016-03-03] (Acronis)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [77312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\WINDOWS\System32\drivers\vwifimp.sys [41472 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [72192 2017-03-18] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [757248 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [90112 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [23552 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [100864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [277504 2017-07-14] (Microsoft Corporation) [File not signed]
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]
========================== Drivers MD5 =======================
C:\WINDOWS\System32\drivers\1394ohci.sys AAB860A5E606B9621E130D8C29D3F305
C:\WINDOWS\System32\drivers\3ware.sys 4140B14929C555E9513D59A2EEB5C471
C:\WINDOWS\System32\drivers\ACPI.sys D3DB4E3C096EFF74FB6E73E37CB66DD7
C:\WINDOWS\System32\drivers\AcpiDev.sys 3E5E5DAE5CAEC0209C93D3AD8128D8A0
C:\WINDOWS\System32\Drivers\acpiex.sys F72D7CC7E7A97A09757313F3B4C7E17A
C:\WINDOWS\System32\drivers\acpipagr.sys F04B6F53FBDB2B6B0451AE53DE19F0C9
C:\WINDOWS\System32\drivers\acpipmi.sys C347A6095F3BE417D24F1E1349F4AF0F
C:\WINDOWS\System32\drivers\acpitime.sys 686BFFC47454DD2F58795C2EE891CA9F
C:\WINDOWS\System32\drivers\ADP80XX.SYS FBDA59118E59B3722248C66BAD89CAA9
C:\WINDOWS\system32\drivers\afd.sys AC1928C2F7505BD556C552F153B062AB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 1D914C996F2C3134E2344BB74F79BCF6
C:\WINDOWS\System32\drivers\amdk8.sys 9C39FBA94FFEF04561D13ED0D1B50DD0
C:\WINDOWS\system32\DRIVERS\atikmdag.sys F992CE57F4D2A2F988135A1F87337EBC
C:\WINDOWS\system32\DRIVERS\atikmpag.sys 17BA5C907E14947574CBB788F4CEB85F
C:\WINDOWS\System32\drivers\amdppm.sys 395D56FA2E22A10AE4774440D086F559
C:\WINDOWS\System32\drivers\amdsata.sys EB729A9ADCB9F9C406B533F95E2F67D4
C:\WINDOWS\System32\drivers\amdsbs.sys 3B5C5C696F33FE61F1922533B03B9316
C:\WINDOWS\System32\drivers\amdxata.sys A7D45A303FF8A9493C96C4B804051E6E
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\WINDOWS\System32\drivers\appid.sys 5180537517C27375B1F2CB37ED599FAF
C:\WINDOWS\System32\drivers\applockerfltr.sys EAF36A714E16A69B8B4ED7591CBA77B6
C:\WINDOWS\System32\drivers\arcsas.sys 6E456A94B9BD7F6B4758729BCEDE40C3
C:\WINDOWS\System32\drivers\asyncmac.sys 766F3A7E42AFCF74265FAC78987D1665
C:\WINDOWS\System32\drivers\atapi.sys 01733BEEE02E51F712330D5909BD701C
C:\WINDOWS\System32\drivers\athw8x.sys 835E2C1A3D32492E2B90BD4FE5527CB6
C:\WINDOWS\System32\drivers\bxvbda.sys 0914A5E66C0775CE11960452A6434FEC
C:\WINDOWS\System32\drivers\BasicDisplay.sys F8129321B1874D4386F7FEB754BC3380
C:\WINDOWS\System32\drivers\BasicRender.sys E2BFD01BD0ECF2BDE9420022147952A4
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys ED03D2ACE378C9EB8BB957ABBD85B951
C:\WINDOWS\System32\DRIVERS\bowser.sys 2342B8619193B0D9FAC0D02C69DCE74A
C:\WINDOWS\system32\DRIVERS\BrSerIb.sys 63A00CDBEB300522C49EC7CA77324060
C:\WINDOWS\system32\DRIVERS\BrSerId.sys 4882F0042EE18681D26294535DE4E1BD
C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys ==> MD5 is legit
C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys BBCFD6C6EF66449F55AF1BFDB08C9B12
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys AF57F0B0E284BE06860A7B701341324D
C:\WINDOWS\System32\drivers\bthhfenum.sys 729CC10B1658178F0F009FE0E9159281
C:\WINDOWS\System32\drivers\BthHFHid.sys 336A9C0254A0178ED50281B6EDF5B836
C:\WINDOWS\System32\drivers\bthmodem.sys 5428242193611BF91DDBF4F58900A55A
C:\WINDOWS\System32\drivers\buttonconverter.sys 102CAA11BA89290D48FBFD2E04274BA0
C:\WINDOWS\System32\drivers\CAD.sys 029434AC0A3935F9125ABBD08BF7C30B
C:\WINDOWS\System32\drivers\capimg.sys 307AE8BC9B45772DA02FB952A1D86C35
C:\WINDOWS\System32\DRIVERS\cdfs.sys B6E5AD7C83A5254DEE9D86023C0E5A81
C:\WINDOWS\System32\drivers\cdrom.sys ABE77AD954BC3D72F559CF0C381E50BC
C:\WINDOWS\System32\drivers\cht4sx64.sys 05EA22CFC40EDE05BF6E3BC782E5204C
C:\WINDOWS\System32\drivers\cht4vx64.sys 863E1C9F6750446DFB9EDCAEC3531367
C:\WINDOWS\System32\drivers\circlass.sys 3E416539352B007AD0610BF34AC15D31
C:\WINDOWS\System32\drivers\cldflt.sys 616E1ED94FA7F96D429D985FDB203D2E
C:\WINDOWS\System32\drivers\CLFS.sys 1BF9D74451B8AF166105E28F1D7A5C27
C:\WINDOWS\System32\drivers\registry.sys 5118CFC33BBB51C7E3ED441B7085AD26
C:\WINDOWS\System32\drivers\CmBatt.sys 232F3A3AC3A2FB32C5C46503A6517073
C:\WINDOWS\System32\Drivers\cng.sys 3413CE81E02C091F33C4C3DD3071630F
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys E1BFF774FF67CA951A5DFF0E104FB132
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys DFDAEDB857BC18764F0D8ECDCC3C1499
C:\WINDOWS\System32\drivers\condrv.sys 04532711732BE9DBC364E88E4A9EC18A
C:\WINDOWS\System32\drivers\dam.sys F51953EC4B9AACD92A3B3CE66E05CEF4
C:\WINDOWS\System32\Drivers\dfsc.sys 185A4519B7764F4DEF714D890A7A9FD2
C:\WINDOWS\System32\drivers\disk.sys 1203EA16F36C5BEB2509FB7CC03DC178
C:\WINDOWS\System32\drivers\dmvsc.sys 038B8B76284BC291EC75B005BB3EB13F
C:\WINDOWS\system32\DRIVERS\drmkaud.sys 3D934A1C02EB6979CF45C70A71F580EC
C:\WINDOWS\System32\drivers\dxgkrnl.sys D2D4095909DD26445139EC9B7C86DA5D
C:\WINDOWS\System32\DRIVERS\eamonm.sys D0962F573C72FD59BB3FC6F2829AB65E
C:\WINDOWS\System32\drivers\evbda.sys D64CD3AE93125EDA383190C2AF607E70
C:\WINDOWS\System32\DRIVERS\edevmon.sys 72353F0A92CDA8451FFA0B05257D6A7A
C:\WINDOWS\System32\DRIVERS\eelam.sys ED9A634DBA39221A2D8D57BED5173E87
C:\WINDOWS\system32\DRIVERS\ehdrv.sys 44A43B00191FAE1AFC8C6589041ABF26
C:\WINDOWS\System32\drivers\EhStorClass.sys FFBB37982E6D24AEC7A2E5459098EAC9
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys ABF38D02E01D6ED87AE1DF65FC5DF62D
C:\WINDOWS\system32\DRIVERS\ekbdflt.sys A745F6769CDC98DF7E89B8FE8A6C1F86
C:\WINDOWS\system32\DRIVERS\epfw.sys 3D2CC73713E18E82B3B7BE3A64487BD2
C:\WINDOWS\system32\DRIVERS\epfwwfp.sys E896BFAEDA9AF51D9C9A310DBC673CC0
C:\WINDOWS\System32\drivers\errdev.sys B9A59B4AD516E38C39FA416398B96CCB
C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys 926B2B7400E15FFA9630170C1B26E1AC
C:\WINDOWS\system32\drivers\mbae64.sys 5C9CA030C451CB3553DB9094C68EE6E9
C:\Windows\System32\Drivers\exfat.sys 9C4D88E8614487AD85A6F18A71A7298F
C:\Windows\System32\Drivers\fastfat.sys C61014A176ECAAF97589E6FC979CE786
C:\WINDOWS\System32\drivers\fdc.sys 853081957BA148F38FD8DE4390CFCF4A
C:\WINDOWS\System32\drivers\filecrypt.sys 27E764D6460504B7271AFECE7A59FB76
C:\WINDOWS\System32\drivers\fileinfo.sys 3D6087F51110F3CC0DA89385354F8C5E
C:\WINDOWS\System32\drivers\filetrace.sys 057E95E53C38260C4EF49B3A077770CD
C:\WINDOWS\System32\drivers\flpydisk.sys 90B2983D8495C26345A1DC5F0C3BB07B
C:\WINDOWS\System32\drivers\fltmgr.sys A84261F75F490E45CFEDBA77EFE4F67E
C:\WINDOWS\System32\drivers\FsDepends.sys D2814848206DFC18EB8D3D069FAE703E
C:\Windows\System32\Drivers\Fs_Rec.sys AE7EDF845F41ACA3B74567C3CE20E987
C:\WINDOWS\System32\DRIVERS\fvevol.sys FF0699483185CE3B4E1144DF19AC5E97
C:\WINDOWS\System32\drivers\vmgencounter.sys 4616F61E24B3AEA6E0E4EA7D69531EF4
C:\WINDOWS\System32\drivers\genericusbfn.sys 23174BB6937459B924BB8EF667FB28EF
C:\WINDOWS\System32\Drivers\msgpioclx.sys 4B11CFBE1D9B73A9D865F6AB26F800BA
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 3FC3FCF557D0BE3D724EA10642E1F6FF
C:\WINDOWS\system32\DRIVERS\HdAudio.sys BF14976E8223D334B21792FB8B74D7FF
C:\WINDOWS\System32\drivers\HDAudBus.sys 02B9639D9997E95CDF2F4C4F3BDCC73D
C:\WINDOWS\System32\drivers\HidBatt.sys 9F90819E301C70A3A042FC05D3E41B5F
C:\WINDOWS\System32\drivers\hidbth.sys 3CA3244C45B25F3B3ED9445C195E40EB
C:\WINDOWS\System32\drivers\hidi2c.sys 55DAF856F9633DD2519BA4E942870F02
C:\WINDOWS\System32\drivers\hidinterrupt.sys E34216A190D9BF8EAA666F6903BCD0EF
C:\WINDOWS\System32\drivers\hidir.sys 852DBB5185996AD8C73872A43A453729
C:\WINDOWS\System32\drivers\hidusb.sys C1A608120DE0DF52E51B8BAF86AF19F9
C:\WINDOWS\System32\drivers\HpSAMD.sys 8ADD9CA3E0F18CEA11EA6FAED794A228
C:\WINDOWS\System32\drivers\HTTP.sys BB1AE72906564A6E81B79D73A05AE21F
C:\WINDOWS\System32\drivers\hvservice.sys F60F8390B635156593F7493AE898AFB0
C:\WINDOWS\System32\drivers\hwpolicy.sys 563F5FC3B46A70A91AB6C8822AC8BF25
C:\WINDOWS\System32\drivers\hyperkbd.sys C082249BC3E972C8A132D9EC6AD9EAD5
C:\WINDOWS\System32\drivers\i8042prt.sys C6C8315E3262FAE460529C6DA2951682
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 42962355A7911407026E920E7252E3E5
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys BD47B2FEABFA48C6224D43EE9EA9BC06
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 2184CB3A65888F446FCD6DBA9F073F4C
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 4126F8DA08CE7924A3AE6F7235F85D5F
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys D820075D3395BED28FC57AEF8FBA666F
C:\WINDOWS\System32\drivers\iaStorV.sys A243E0CE8644378C9A9D015ABC3EDA27
C:\WINDOWS\System32\drivers\ibbus.sys E16E4FC9F250E48CB2CAD93E59D010E2
C:\WINDOWS\System32\drivers\IndirectKmd.sys 0E33BC018502E7FDE77C343055D9C626
C:\WINDOWS\System32\drivers\intelide.sys 4B7F8A1AAC7172DB6918A0E10E1D78A3
C:\WINDOWS\System32\drivers\intelpep.sys 0A3DBE89C965FFB7C0D0E38834E77B90
C:\WINDOWS\System32\drivers\intelppm.sys 64EC687A811DC4F69DF3816F073352AA
C:\WINDOWS\System32\drivers\iorate.sys 549C278119FF539C3B219C55B98B0E87
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys A0F9F2E87F0C751FE164D90EB44A9B63
C:\WINDOWS\System32\drivers\IPMIDrv.sys 656DDB34996A96539BA6E2843B5F2A77
C:\WINDOWS\System32\drivers\ipnat.sys DCC05E5EAA580C97F13B434FAFACED85
C:\WINDOWS\system32\drivers\irda.sys 9035C10C7EB8CF7C87CEA82A62EBB43A
C:\WINDOWS\System32\drivers\irenum.sys E7FD479E3298F3C8852A0D2F092BDB35
C:\WINDOWS\System32\drivers\isapnp.sys 7FE3B3A30FA20F27AF7022A01C2266BA
C:\WINDOWS\System32\drivers\msiscsi.sys B6BA01EA6B2CCCB90A6FDCFF68F4A992
C:\WINDOWS\System32\drivers\kbdclass.sys D36B404BF979297C6572AEF98B2594F2
C:\WINDOWS\System32\drivers\kbdhid.sys 7E2036A846789D6D6A2EE21915017EE1
C:\WINDOWS\System32\drivers\kdnic.sys 4C054B8E901F41F5743DADE8A29FF256
C:\WINDOWS\System32\Drivers\ksecdd.sys BA7A5838866618A4E82FBC05B8923605
C:\WINDOWS\System32\Drivers\ksecpkg.sys 6629CAA1F157088B9EDD1EAD24C6D753
C:\WINDOWS\system32\drivers\ksthunk.sys 9778205F28DC4F2EFFCC146647FE5CF0
C:\WINDOWS\System32\drivers\L1C63x64.sys 4E444F41E69BBE2E0BAE34D5DFCB5732
C:\WINDOWS\System32\drivers\lltdio.sys FC37745959DFA4871759E4DCC836227A
C:\WINDOWS\system32\drivers\LMIRfsDriver.sys C57D3FAA50E6F395759FFB7C709BD944
C:\WINDOWS\System32\drivers\lsi_sas.sys 16C9D4D822CCA795A72DC88B25A577CC
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 920F0CFCED5F28A31B79F1C470649D11
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 0FE63316F1C70A0F759A449FAC64C24B
C:\WINDOWS\System32\drivers\lsi_sss.sys 80E82C46B27A923A3744531069B63857
C:\WINDOWS\system32\drivers\luafv.sys 88F5570C04766EE561FF129B2F93030C
C:\WINDOWS\System32\drivers\mausbhost.sys C3EED732789052C98A2613A7E1C37CDA
C:\WINDOWS\System32\drivers\mausbip.sys 4DCE65116A28488593FF5A6A18B03DB0
C:\WINDOWS\System32\drivers\megasas.sys 0609BF877A2F4DEECC62EEE220AB6242
C:\WINDOWS\System32\drivers\MegaSas2i.sys EEC64C8D498D121607C7615FDFBEE4D0
C:\WINDOWS\System32\drivers\megasr.sys 2B7D3B206833D769218A1F4BE2D73B97
C:\WINDOWS\System32\drivers\mlx4_bus.sys 89257B8D3826B5629CF7F73F97DA44F9
C:\WINDOWS\system32\drivers\mmcss.sys 9AE3C0CC0865B1618A3C97744A6A9E9B
C:\WINDOWS\System32\drivers\modem.sys 0CD29540C32C2E2E0E3D7E9832752AF3
C:\WINDOWS\System32\drivers\monitor.sys 534477FCAFDFCA6B841BFA06BD26BCC5
C:\WINDOWS\System32\drivers\mouclass.sys F5D4E18A70BA069D479154442CDEB60D
C:\WINDOWS\System32\drivers\mouhid.sys 5C09868963B0C076AC3BC7759A46B7B1
C:\WINDOWS\System32\drivers\mountmgr.sys 8BF7039787036529B98E50AE86A0E46B
C:\WINDOWS\System32\drivers\mpsdrv.sys AD118EC95E9EF4D5223D681D8F183567
C:\WINDOWS\system32\drivers\mrxdav.sys D14C297933C82B8CB0B5CBBA4DDC830B
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys F2AD1B72C5A6475FB5FF332E1980DF88
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 84700F40C0E41AEA91F8F3D6218A8A68
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys B855479BA6A74349CEF8061808C90201
C:\WINDOWS\System32\drivers\bridge.sys 670E6CFDA70C106342C0D63D014B6822
C:\Windows\System32\Drivers\Msfs.sys 92C00BD9616F353CA59A755C33269757
C:\WINDOWS\System32\drivers\msgpiowin32.sys F27EC8F7A0A779276E5DA2E70C2B01EE
C:\WINDOWS\System32\drivers\mshidkmdf.sys CBA955A54C9446CAAD28C76789D3B071
C:\WINDOWS\System32\drivers\mshidumdf.sys E8E568EF60677E4534F387C53EE1B35F
C:\WINDOWS\System32\drivers\msisadrv.sys 16376B7B0730C04DD1A2C0CC8E09E420
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys C2939119A17E52D74191EFC1E4CDEE09
C:\WINDOWS\System32\drivers\mslldp.sys E40B960078A15D4901265D32E071C42D
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys B4860AB91DC4E73936F0FF504D6B4B07
C:\WINDOWS\system32\DRIVERS\MSPQM.sys 8EDC45C3F7F64A51C98B59E24648F74B
C:\Windows\System32\Drivers\MsRPC.sys 7DA5FAC2A49D30CA5B7B96B8B26281AC
C:\WINDOWS\System32\drivers\mssmbios.sys 7E3365C8BC83DCE88D6226BB5C7170C4
C:\WINDOWS\system32\DRIVERS\MSTEE.sys 09D51564E49181E9928910D6B91C920E
C:\WINDOWS\System32\drivers\MTConfig.sys 793AE56A3946EAD5F906C28D294FEFE6
C:\WINDOWS\System32\Drivers\mup.sys E35F51C7474A26680627477462715206
C:\WINDOWS\System32\drivers\mvumis.sys 74BD1149BF50F1E24934042A3BD17C90
C:\WINDOWS\System32\DRIVERS\nwifi.sys 39C772E20B8C61858F969E4D60699D89
C:\WINDOWS\System32\drivers\ndfltr.sys 0FFE8AF1B94C5FD54E6ACC6DAE990D31
C:\WINDOWS\System32\drivers\ndis.sys 59F3D5FEF4A24871C07C279762DA8624
C:\WINDOWS\System32\drivers\ndiscap.sys 4EA73CFDEE4A628D387D95464A131F29
C:\WINDOWS\System32\drivers\NdisImPlatform.sys EB127689AF6F24091AB73538A556257F
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 73B4C72FB6170A08C64BDA92DE93ECF7
C:\WINDOWS\System32\drivers\ndisuio.sys 6704F27EB15A5B30AA7FA5A4F4D1FD47
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys FE87CCAA89433FC306A80F15E848F4B2
C:\WINDOWS\System32\drivers\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\NDProxy.sys AC6AC99075732F5C29DB0004DD5B1AC6
C:\WINDOWS\System32\drivers\Ndu.sys 9AC090451D92E6081EB89CDA83D74189
C:\WINDOWS\system32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A115DDB2C7805C41EEC9A5276FF5764E
C:\WINDOWS\System32\drivers\netbios.sys F420B6CAB5151A38E4DBBFFB500C11DA
C:\WINDOWS\System32\DRIVERS\netbt.sys 30C2F67EC84EB11B22011620107E0325
C:\WINDOWS\System32\drivers\netvsc.sys 8C03F2F5A9E93AEB08B3AEE51552394A
C:\WINDOWS\system32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys 6D8F6A9C53CFB0C49E8251A442B7283F
C:\WINDOWS\System32\drivers\npsvctrig.sys BABF7E1757D6908941C9F9CBD66A5EF0
C:\WINDOWS\System32\drivers\nsiproxy.sys 7A6BA778B48DF9FB7AC231D4FF6E3248
C:\Windows\System32\Drivers\NTFS.sys 8D72D5038C5F91AFEF1B160FE524C2D9
C:\Windows\System32\Drivers\Null.sys 4FFB2D5655D10700D5B8E205C4DB86BD
C:\WINDOWS\System32\drivers\nvdimmn.sys 99EB6376EC2C03CE5F668577651E3454
C:\WINDOWS\System32\drivers\nvraid.sys 3DB2E9E207358BFBD09B77B5119ECA5B
C:\WINDOWS\System32\drivers\nvstor.sys 4C04BFBD4DB2EECCC47F5FA39D65BB6E
C:\WINDOWS\System32\drivers\parport.sys 2CC6C325B271C7CA60F374F8F868CB45
C:\WINDOWS\System32\drivers\partmgr.sys 664B7DDEE982ADF5EAB480C75B9F6218
C:\WINDOWS\System32\drivers\pci.sys C5B74C6D87E77BC64DEBD1BF57DEB375
C:\WINDOWS\System32\drivers\pciide.sys CFB85CB7A6F6926EA0EB96EDFB3C8A91
C:\WINDOWS\System32\drivers\pcmcia.sys 13B7D84B397A90E82682C47A15C3A98D
C:\WINDOWS\System32\drivers\pcw.sys 76EA512FD9D4673CF7A57775EE8922E2
C:\WINDOWS\System32\drivers\pdc.sys 10E48E45A03A7F4C2B7C11738BE87816
C:\WINDOWS\System32\drivers\peauth.sys 4F190BA3C9BD2F0277BCBF480F396091
C:\WINDOWS\System32\drivers\percsas2i.sys FE52FF97A094609429FEF098EDC6FB08
C:\WINDOWS\System32\drivers\percsas3i.sys FCA143274792F12383C35902E801E83A
C:\WINDOWS\System32\drivers\pmem.sys 414CA4DCC31D795882B25ADC1DACE779
C:\WINDOWS\System32\drivers\raspptp.sys D292D7FADCEE481CC64A9DE8FE9C3347
C:\WINDOWS\System32\drivers\processr.sys D57CF871B3977731A91FE9611A54C7C1
C:\WINDOWS\System32\drivers\pacer.sys B60431D2A046AD97F8427F6E568370F5
C:\WINDOWS\system32\drivers\qwavedrv.sys A2B0F46FBA2521E7E732BDBDB1238515
C:\WINDOWS\System32\DRIVERS\rasacd.sys EA9EB06EFC325CD2ACF5DF2F26A4894E
C:\WINDOWS\System32\drivers\AgileVpn.sys 4E9379389D0A851DD19D130C8FAEFBD0
C:\WINDOWS\System32\drivers\rasl2tp.sys 5279EC98F6218D29EADDFECCC0D80E9A
C:\WINDOWS\System32\DRIVERS\raspppoe.sys D7FF75ED7A48FD60A573C9E959CF4DB5
C:\WINDOWS\System32\drivers\rassstp.sys 6A4E45A7F17FA0B4B1B48C550E311944
C:\WINDOWS\System32\DRIVERS\rdbss.sys F2C575A9657F7B2E027C6CE7BC8F1A2D
C:\WINDOWS\System32\drivers\rdpbus.sys 9414B22E093243636D362BF8C8C12A67
C:\WINDOWS\System32\drivers\rdpdr.sys 53A01D3FDB701AC5D9DDE4140227E3D9
C:\WINDOWS\System32\drivers\rdpvideominiport.sys DF32ED51DC0C3F6F3B1C4CEF71B8B426
C:\WINDOWS\System32\drivers\rdyboost.sys 2369A5B651308E0C3458143976E9B03B
C:\Windows\System32\Drivers\ReFS.sys 3581FB9529035F8EC6DB681664CA70B1
C:\Windows\System32\Drivers\ReFSv1.sys 79E1ADE19D8B7C56EF29D098EAF57AD0
C:\WINDOWS\System32\drivers\rspndr.sys E87EECED9287C275B6CF30EB598B1D77
C:\WINDOWS\system32\Drivers\RtsUer.sys AB959F26FBB851A9D31E2F229DB3FA1A
C:\WINDOWS\System32\drivers\vms3cap.sys 6308366D3CDEA5F427CFF4BCF0081B4E
C:\WINDOWS\System32\drivers\sbp2port.sys 33B2DC5C2F19DA89F862484E23D9833D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 5CFEEFCC6FAD1FD09ACCFBD652DDD85B
C:\WINDOWS\System32\drivers\scmbus.sys 5C8620FAC0E3C1658C8EF7AD7BB7EA5F
C:\WINDOWS\System32\drivers\sdbus.sys 71A494A502F24465317E88E80F6C0C2C
C:\WINDOWS\System32\drivers\SDFRd.sys 464B615872981015AC4FEEBDEA83A063
C:\WINDOWS\System32\drivers\sdstor.sys 6BC219F1D9CDE08CEB9084ADB41FBA01
C:\WINDOWS\System32\drivers\SerCx.sys 585329F62195A4B7AAD0A95F6EC89751
C:\WINDOWS\System32\drivers\SerCx2.sys C8F4FDA8B3D039D7947344614FF5BFB2
C:\WINDOWS\System32\drivers\serenum.sys E5B450E4E0DC1591254BF9CCF6C57B40
C:\WINDOWS\System32\drivers\serial.sys 628D8DD136F92316BFEB58FA005338B7
C:\WINDOWS\System32\drivers\sermouse.sys E5BA0B7353ADC5C95AB466D2E4DC89B1
C:\WINDOWS\System32\drivers\sfloppy.sys 15CFCC4692DA8887B977CE5FC5181084
C:\WINDOWS\System32\drivers\SiSRaid2.sys 2339F6B45E1D863B1D327F3AFD75A675
C:\WINDOWS\System32\drivers\sisraid4.sys F520D50AD7266ED31D25DF4C8EA6BC2D
C:\WINDOWS\System32\DRIVERS\snapman.sys 32CDE417100C530964E79C53B4E994CA
C:\WINDOWS\System32\drivers\spaceport.sys 2334ED0B61CAE7E7B1B454674206CDAC
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys F3F0B8CAC1F3E6C3382EAFCE762475AD
C:\WINDOWS\System32\drivers\SpbCx.sys 83E82B0E292DCDE4C75B9241BF0FB300
C:\WINDOWS\System32\DRIVERS\srv.sys 36EAC4FE629FC036632F13EC14788FD1
C:\WINDOWS\System32\DRIVERS\srv2.sys A84B05C7C2A233497BE1D518A662C326
C:\WINDOWS\System32\DRIVERS\srvnet.sys 0351B28EEDFBD6C8CC69A7224A098CFA
C:\WINDOWS\System32\drivers\stexstor.sys D40C589F80EB1C511263D0547C0259AE
C:\WINDOWS\system32\DRIVERS\stwrt64.sys 71CB3BB20F08BB724769DAAAFD5AB26E
C:\WINDOWS\system32\DRIVERS\serscan.sys 01726E4BD1D1A5AF1F23833C79528555
C:\WINDOWS\System32\drivers\storahci.sys 576A818562069B1E091CC719C143AED2
C:\WINDOWS\System32\drivers\vmstorfl.sys E5F703788DFA05411F1469E96838F438
C:\WINDOWS\System32\drivers\stornvme.sys 0D0128244FF55EAD3F878D3FE542DBA5
C:\WINDOWS\System32\drivers\storqosflt.sys 3A62FF78619258E6126C5C4B4CC82C8E
C:\WINDOWS\System32\drivers\storufs.sys C6097966F8EA3B288070CDF7C3C8C3E8
C:\WINDOWS\System32\drivers\storvsc.sys 3DC3B17E92DA02E36B4138733DF6C1AC
C:\WINDOWS\System32\drivers\swenum.sys 2BC4D0EBC2467FE90302AE0AFAF23768
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 572F81CF08972D53BAFFC2A110A2A586
C:\WINDOWS\System32\drivers\tcpip.sys DC0D1B5284152315F81894DAABBB2AF3
C:\WINDOWS\System32\drivers\tcpip.sys DC0D1B5284152315F81894DAABBB2AF3
C:\WINDOWS\System32\drivers\tcpipreg.sys 1C35A5C62D110346379C55E39A3D547C
C:\WINDOWS\system32\DRIVERS\tdx.sys 892AB2637603A5E9507C39E61101C3C3
C:\WINDOWS\System32\drivers\terminpt.sys 96A35CDBA661D41C5A3914257CA1D200
C:\WINDOWS\System32\drivers\timntr.sys 6ADC063FD51F03EF0CAB3E716A725BD2
C:\WINDOWS\System32\drivers\tpm.sys F76A92975340DAA99939DA297D677EA8
C:\Windows\System32\drivers\TrueSight.sys 0D5A09B08568760AE85A801FCBC0F83D
C:\WINDOWS\System32\drivers\tsusbflt.sys 9856BCCD1CD5DE4D17E8DBBA7CEFC688
C:\WINDOWS\System32\drivers\TsUsbGD.sys 837AD2B941E721BCCEB7EF137E2DEE18
C:\WINDOWS\System32\drivers\tunnel.sys B3142C6118703E98EB0510CF7B43D0F2
C:\WINDOWS\System32\drivers\uaspstor.sys B4C846ABD462558D45CA578C855759C3
C:\WINDOWS\System32\Drivers\UcmCx.sys 5C2C0296D9EE7DC92A3F14642FBE656D
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 8BB64E04CD97AD8C68543181D93E2AFC
C:\WINDOWS\System32\drivers\UcmUcsi.sys 5A7CE114C8DA9060F32633F81A5625E5
C:\WINDOWS\System32\drivers\ucx01000.sys 5D4EAF3D0911338CB8FDB088386D6DCA
C:\WINDOWS\System32\drivers\udecx.sys 384E1F0D84B465820416338E52FE7C2B
C:\WINDOWS\System32\DRIVERS\udfs.sys C82BE75239D412057C9E3DB1785680C6
C:\WINDOWS\System32\drivers\UEFI.sys CCDF6EFF952BF3BF34DC17600F479397
C:\WINDOWS\System32\drivers\ufx01000.sys 00BEF71C45FD6B06E7525E7B31EFA88C
C:\WINDOWS\System32\drivers\UfxChipidea.sys 9450AB15C30CF7D1F23C8A42E778C3A2
C:\WINDOWS\System32\drivers\ufxsynopsys.sys CEE12C7A689BDF448715024A7E0EB9C3
C:\WINDOWS\System32\drivers\umbus.sys F39ED750EDF5948FA8CD99D1F4EC9372
C:\WINDOWS\System32\drivers\umpass.sys 55984D4E64C2F8E4223542CBCC15EDEB
C:\WINDOWS\System32\drivers\urschipidea.sys 4D23214CB8B1C36B82061280EB8FDAB3
C:\WINDOWS\System32\drivers\urscx01000.sys 4329D880DB96B504F0DDC991A7374CCD
C:\WINDOWS\System32\drivers\urssynopsys.sys 93FAD0AC5879F274FA248A49E3F3EA33
C:\WINDOWS\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\WINDOWS\System32\drivers\usbccgp.sys 6B09AA6A04C8261E787B6523229E7159
C:\WINDOWS\System32\drivers\usbcir.sys ECE3AD18B4C22ED0C4AB1A2AD9AC32C8
C:\WINDOWS\System32\drivers\usbehci.sys F8BCB536866474C6D8008F4C69B778A1
C:\WINDOWS\System32\drivers\usbhub.sys 1F723DA014062DBF3288B408A7611845
C:\WINDOWS\System32\drivers\UsbHub3.sys B9651548CE196186A72CE8C6D0C094FC
C:\WINDOWS\System32\drivers\usbohci.sys BE6ED98FD0D3FE5FB11762AD7CCD6C96
C:\WINDOWS\System32\drivers\usbprint.sys CEE43CD5357DB8786CE6E2C430841AE4
C:\WINDOWS\system32\DRIVERS\usbscan.sys 96B48485A7CC2C0A63C196A16403C5F3
C:\WINDOWS\System32\drivers\usbser.sys 99F0738B320B7A8D11351A32F68AA5F1
C:\WINDOWS\System32\drivers\USBSTOR.SYS 67E26F56CF7EACCBD9C9F75343A3D7C2
C:\WINDOWS\System32\drivers\usbuhci.sys 7BA802C9F73A84B75BB22538ADA495BE
C:\WINDOWS\System32\drivers\USBXHCI.SYS 50E70B3A95138AA4A30B095270EE0DE6
C:\WINDOWS\System32\drivers\vdrvroot.sys C1EC9211C7759D2487FD30934AA3EE96
C:\WINDOWS\System32\drivers\VerifierExt.sys C83F3BC00651448DB127D497CF955089
C:\WINDOWS\System32\drivers\vhdmp.sys 0E12F5F6B1C813D17AFDA197C4394423
C:\WINDOWS\System32\drivers\vhf.sys 1AD096A5C00E522398D0092D875A8CB6
C:\WINDOWS\System32\drivers\vididr.sys 96A4F56CBBA3DCF5D90CDA1BC218D040
C:\WINDOWS\System32\DRIVERS\vsflt53.sys C69A784BEC737CD7460EBF3C3834D65E
C:\WINDOWS\System32\drivers\vmbus.sys EE9A22CFD9AEDD7B52F98B0272494609
C:\WINDOWS\System32\drivers\VMBusHID.sys BFBD0895926FD98A03AD6BB845B569B7
C:\WINDOWS\System32\drivers\vmgid.sys C123C97D351C56C75FE5335AB18255EE
C:\WINDOWS\System32\drivers\volmgr.sys 0AB9C264F13E2A070A8CF10EDD099ED2
C:\WINDOWS\System32\drivers\volmgrx.sys 6EE608257C1137A25B402EF8FC77E83A
C:\WINDOWS\System32\drivers\volsnap.sys E3429DBBEA3965BB96E24B16EF4A2551
C:\WINDOWS\System32\drivers\volume.sys 86E790B503C771E674C7DF8FFCBFEFDB
C:\WINDOWS\System32\drivers\vpci.sys B25589A0892E6DF8CC07E5CB48BFC954
C:\WINDOWS\System32\drivers\vsmraid.sys AA4466A47D2CA7ECE3DCF5256017DCC3
C:\WINDOWS\System32\drivers\vstxraid.sys 98BB6C9AD39D8F2E883093F28282FAEC
C:\WINDOWS\System32\drivers\vwifibus.sys B47026E109828102266CBE2F5F9AD113
C:\WINDOWS\System32\drivers\vwififlt.sys 799ECD541A9B2764B36A22A095885365
C:\WINDOWS\System32\drivers\vwifimp.sys 82CA088A33517D1C8571D6850CC13D7E
C:\WINDOWS\System32\drivers\wacompen.sys F0F477541F7AF67CC05DA1CF4921A500
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\system32\drivers\wcifs.sys 923200B78F5284D674A3712204D0FEFA
C:\WINDOWS\system32\drivers\wcnfs.sys 1737BEF60CA384423CE4B32AF1C2BFFC
C:\WINDOWS\System32\drivers\WdBoot.sys 38130C1C5FE0E08820EE57E1B087B659
C:\WINDOWS\System32\drivers\Wdf01000.sys 0C6CBF3490EE5F0D62B5820568CA30B8
C:\WINDOWS\System32\drivers\WdFilter.sys F7B6CB0F9ECD28848E2BDACEAB0D9204
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys BF45B43BA47D0FA769CE5AFBF7104F01
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 82A4F22C884B4BAE8B531640859F9871
C:\WINDOWS\System32\drivers\wfplwfs.sys 3C8F0ABD00E197101DCF43FEF8FB0D76
C:\WINDOWS\System32\drivers\wimmount.sys 75014BF6510D4C6C69EEE5B7743A52AF
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys C8EBCFED8FD2CDF725E44AF93016621E
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys D318557F9D7CA3836104F0B8ECB1F32E
C:\WINDOWS\System32\drivers\winmad.sys 31DDF1D001336B2DCE7DF24E99EF1D04
C:\WINDOWS\System32\drivers\winnat.sys 2E1A614EFB0523E20860AE7978DDA0A4
C:\WINDOWS\System32\drivers\WinUSB.SYS 03858B18BB6DF6A400D9FC5153FD28A8
C:\WINDOWS\System32\drivers\winverbs.sys 0BF4A43CF1F3A4D50AFA4561C3B4628D
C:\WINDOWS\System32\drivers\wmiacpi.sys 0D6E1347A891607759340B1E55BA2A77
C:\Windows\System32\Drivers\Wof.sys 1AE1076034392218EE89D2744EC2A071
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 1FD80CBB192A20375F3664639DEB57B5
C:\WINDOWS\system32\drivers\ws2ifsl.sys DAF4451760B46CB383D287C4FAFFE97D
C:\WINDOWS\System32\drivers\WudfPf.sys 455609BF60DA3B57EEAB863DEFCCF14D
C:\WINDOWS\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\System32\drivers\xboxgip.sys B10655A4C2EFDC25483D670EF52A4854
C:\WINDOWS\System32\drivers\xinputhid.sys 2E50A379A8E4F6C5D85E87C26C08D329
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-10 12:24 - 2017-08-10 12:25 - 000010804 _____ C:\Users\AIRWORX 2\Desktop\Fixlog.txt
2017-08-10 12:19 - 2017-08-10 12:19 - 000100017 _____ C:\Users\AIRWORX 2\Desktop\DigiData.Vault.Adapter.log.1.txt
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\search UI.evtx
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\oneCore online setup.evtx
2017-08-10 11:43 - 2017-08-10 11:43 - 000069632 _____ C:\Users\AIRWORX 2\Documents\defender.evtx
2017-08-10 11:35 - 2017-08-10 11:35 - 000069632 _____ C:\Users\AIRWORX 2\Documents\Analytic.evtx
2017-08-10 09:40 - 2017-08-10 09:40 - 000094570 _____ C:\Users\AIRWORX 2\Desktop\cmd group status.txt
2017-08-10 07:54 - 2017-08-10 07:54 - 000091976 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-08-10 07:54 - 2017-08-10 07:54 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ProcessMonitor
2017-08-10 07:53 - 2017-08-10 07:53 - 001005016 _____ C:\Users\AIRWORX 2\Desktop\ProcessMonitor.zip
2017-08-10 07:33 - 2017-08-10 07:33 - 001392613 _____ C:\Users\AIRWORX 2\Downloads\Border-States-Employee-Handbook.pdf
2017-08-10 07:30 - 2017-08-10 07:30 - 000022715 _____ C:\Users\AIRWORX 2\Desktop\Employee-Referral-Form.pdf
2017-08-10 05:40 - 2017-08-10 05:40 - 000000824 _____ C:\Users\AIRWORX 2\Desktop\hosts.txt
2017-08-09 10:44 - 2017-08-09 10:44 - 000000646 _____ C:\windows reg did not find any errors.txt
2017-08-09 10:23 - 2017-08-09 10:23 - 000009985 _____ C:\Users\AIRWORX 2\Desktop\cmd we ran 8-9-17.txt
2017-08-09 09:20 - 2017-08-09 09:20 - 000000347 _____ C:\Users\AIRWORX 2\Desktop\junk text commandtxt.txt
2017-08-09 09:10 - 2017-08-09 09:10 - 000035172 _____ C:\Users\AIRWORX 2\Desktop\services.xlsx
2017-08-09 08:52 - 2017-08-09 08:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001.exe
2017-08-09 08:20 - 2017-08-09 08:20 - 000000000 ____D C:\DrFoneForAndroid
2017-08-09 05:56 - 2017-08-09 05:56 - 002396604 _____ C:\Users\AIRWORX 2\Desktop\WVCheck.exe
2017-08-09 05:53 - 2017-08-09 05:53 - 000380928 _____ C:\Users\AIRWORX 2\Desktop\n0i6wip8.exe
2017-08-09 02:29 - 2017-08-09 02:29 - 065033984 _____ (Malwarebytes ) C:\Users\AIRWORX 2\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-09 02:25 - 2017-08-09 02:25 - 000000249 _____ C:\Users\AIRWORX 2\Desktop\wondershare paste.txt
2017-08-08 21:28 - 2017-08-08 21:28 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Publishers
2017-08-08 14:49 - 2017-08-08 14:50 - 021567079 _____ C:\Users\AIRWORX 2\Desktop\eset ignore known.xml
2017-08-08 11:20 - 2017-08-08 11:40 - 000007704 _____ C:\Users\AIRWORX 2\Desktop\SystemLook.txt
2017-08-08 11:18 - 2017-08-08 11:18 - 000165376 _____ C:\Users\AIRWORX 2\Desktop\SystemLook_x64.exe
2017-08-08 09:39 - 2017-08-08 09:39 - 000000000 ___RD C:\Users\AIRWORX 2\Downloads\Cosmic Jump AIRWORX Team Folder
2017-08-08 06:43 - 2017-08-08 06:43 - 000224885 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form -signed.pdf
2017-08-08 06:41 - 2017-08-08 06:41 - 000079927 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form .pdf
2017-08-08 06:37 - 2017-08-08 06:37 - 000130011 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgBX20iFWV0zlOfIcnVvXuWFsRsWFHxh-F_BkAp8bDwqqj0Yv8DmcWC9UunIF7Yc3GQ_FPzGqJGE3Udx6ZkfZbWjV2IWVIT2uMiJq5IMsfJkGNwBJkC4onio8yk=.pdf
2017-08-08 06:15 - 2017-08-09 09:10 - 000065097 _____ C:\Users\AIRWORX 2\Desktop\services.csv
2017-08-08 05:16 - 2017-08-08 05:16 - 000081951 _____ C:\Users\AIRWORX 2\Desktop\myeventviewer-x64.zip
2017-08-08 05:07 - 2017-08-08 05:07 - 000061440 _____ ( ) C:\Users\AIRWORX 2\Desktop\VEW.exe
2017-08-08 04:40 - 2017-08-08 04:40 - 009880734 _____ C:\Users\AIRWORX 2\Documents\unknown but important.xlsx
2017-08-08 04:21 - 2017-08-08 04:21 - 001770460 _____ C:\Users\AIRWORX 2\Downloads\Windows Defender ATP - Ransomware response playbook.pdf
2017-08-08 04:20 - 2017-08-10 11:17 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\CrashDumps
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\Program Files (x86)\EMET 5.5
2017-08-08 04:13 - 2017-08-08 04:13 - 026812416 _____ C:\Users\AIRWORX 2\Downloads\EMET Setup.msi
2017-08-08 04:10 - 2017-08-08 04:39 - 000768464 _____ C:\Users\AIRWORX 2\Downloads\Windows10andWindowsServer2016PolicySettings.xlsx
2017-08-08 02:55 - 2017-08-08 02:55 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\JetBrains
2017-08-08 02:49 - 2017-08-08 02:50 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Microsoft Help
2017-08-08 02:49 - 2017-08-08 02:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2017-08-08 02:43 - 2017-08-09 11:24 - 000000000 ____D C:\Android
2017-08-08 02:42 - 2017-08-09 11:20 - 000000000 ____D C:\Program Files\Android
2017-08-07 13:01 - 2017-08-07 13:04 - 000790638 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_13.01.55_log.txt
2017-08-07 12:43 - 2017-08-07 12:44 - 000008106 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_12.43.03_log.txt
2017-08-07 12:41 - 2017-08-07 12:41 - 004922400 _____ (AO Kaspersky Lab) C:\Users\AIRWORX 2\Desktop\tdsskiller.exe
2017-08-07 12:25 - 2017-08-07 12:25 - 000000155 _____ C:\WINDOWS\system32\all.txt
2017-08-07 10:00 - 2017-08-07 10:00 - 000879551 _____ C:\Users\AIRWORX 2\Desktop\CryptoSearch.zip
2017-08-04 11:10 - 2017-08-04 14:39 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\AP
2017-08-04 10:48 - 2017-08-04 10:48 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-04 10:37 - 2017-08-04 10:37 - 000000546 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.zip
2017-08-04 10:34 - 2017-07-25 07:46 - 000000595 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.CSV
2017-08-04 10:16 - 2017-08-10 12:21 - 002381824 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\FRST64 (2).exe
2017-08-04 10:01 - 2017-08-04 10:02 - 000047265 _____ C:\Users\AIRWORX 2\Desktop\appcrashview (1).zip
2017-08-04 05:40 - 2017-08-04 09:24 - 000004816 _____ C:\Users\AIRWORX 2\Desktop\links to findings.txt
2017-08-03 20:55 - 2017-08-03 20:55 - 000055111 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgAjZaC8g0bE5UVjMkDU-EGyfCbydESYIcl5Ek-Jk2dgOtZdX5ShW7Uo0TTTXhI7ZV4o60JCCrjfMp-q84aBwoJKcJbRGbK_B2rm9Yaii0wppseh1AkAy87pTKo=.pdf
2017-08-03 18:35 - 2017-08-03 19:07 - 000001974 _____ C:\Users\AIRWORX 2\Desktop\cvv windows microsoft.txt
2017-08-03 13:10 - 2017-08-03 13:10 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset.txt
2017-08-03 12:55 - 2017-08-03 12:55 - 000019119 _____ C:\Users\AIRWORX 2\Desktop\es.dat
2017-08-03 12:52 - 2017-08-03 12:52 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset scans.txt
2017-08-03 07:53 - 2017-08-03 07:53 - 000333952 _____ (ESET) C:\Users\AIRWORX 2\Downloads\ESETEternalBlueChecker.exe
2017-08-03 07:38 - 2017-08-03 07:38 - 004836307 _____ C:\Users\AIRWORX 2\Downloads\eset_sysrescue_userguide_enu.pdf
2017-08-03 04:01 - 2017-08-09 13:11 - 099876864 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-03 03:58 - 2017-08-03 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-02 15:53 - 2017-08-02 15:53 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50 (1).exe
2017-08-02 10:02 - 2017-08-02 10:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\LogMeIn
2017-08-02 07:44 - 2017-08-02 07:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Security
2017-08-02 07:20 - 2017-08-10 11:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\LocaleMetaData
2017-08-02 07:19 - 2017-08-02 07:20 - 000069632 _____ C:\Users\AIRWORX 2\Documents\events.evtx
2017-08-02 03:08 - 2017-08-02 03:08 - 145707800 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\msert.exe
2017-08-02 03:05 - 2017-08-02 03:05 - 000001174 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer.txt
2017-08-02 03:03 - 2017-08-04 10:06 - 000000469 _____ C:\Users\AIRWORX 2\Desktop\AppCrashView.cfg
2017-08-01 11:21 - 2017-07-19 13:47 - 000072503 _____ C:\Users\AIRWORX 2\Documents\MTB.txt
2017-08-01 11:21 - 2017-07-12 16:08 - 000003350 _____ C:\Users\AIRWORX 2\Documents\aswMBR.txt
2017-08-01 08:19 - 2017-08-01 08:19 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset yesterday.txt
2017-08-01 06:18 - 2017-08-10 12:21 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\FRST-OlderVersion
2017-08-01 05:58 - 2017-08-01 05:58 - 000000000 ____D C:\WINDOWS\Panther
2017-07-31 15:33 - 2017-07-31 15:33 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\NetworkTiles
2017-07-31 15:25 - 2017-07-31 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\MicrosoftEdge
2017-07-31 13:36 - 2017-07-31 13:36 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu (1).exe
2017-07-31 13:29 - 2017-07-31 13:29 - 000511683 _____ C:\Users\AIRWORX 2\Desktop\find files.txt
2017-07-28 08:44 - 2017-07-28 08:44 - 000000000 _____ C:\WINDOWS\system32\set
2017-07-28 07:54 - 2017-07-28 07:54 - 000003032 _____ C:\Users\AIRWORX 2\Documents\kasp report.txt
2017-07-28 06:15 - 2017-07-28 06:15 - 000576231 _____ C:\Users\AIRWORX 2\Downloads\DTec13656.pdf
2017-07-28 06:06 - 2017-07-28 06:06 - 000075669 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP (4).pdf
2017-07-28 06:01 - 2017-07-28 06:01 - 000053739 _____ C:\Users\AIRWORX 2\Downloads\HS-2.8.17 #2888 CJump KCity Jan Inv&Rep SH (1).pdf
2017-07-28 05:54 - 2017-07-28 05:54 - 000151083 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP - Inv.pdf
2017-07-28 05:39 - 2017-07-28 06:17 - 000002182 _____ C:\Users\AIRWORX 2\Downloads\data (35).csv
2017-07-28 05:17 - 2017-07-28 05:17 - 000002299 _____ C:\Users\AIRWORX 2\Desktop\Google Chrome.lnk
2017-07-28 03:35 - 2017-07-28 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 07:33 - 2017-07-27 07:33 - 008162248 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\AdwCleaner.exe
2017-07-27 07:33 - 2017-07-27 07:33 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\JRT.exe
2017-07-27 07:31 - 2017-08-07 12:12 - 000100352 _____ C:\Users\AIRWORX 2\Desktop\copy and paste stuff.txt
2017-07-27 06:25 - 2017-07-27 06:25 - 000995572 _____ C:\Users\AIRWORX 2\Desktop\rel.XML
2017-07-27 06:02 - 2017-07-27 06:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\.IdentityService
2017-07-27 04:08 - 2017-07-27 04:08 - 000183220 _____ C:\Users\AIRWORX 2\Downloads\Appsdiagnostic10.diagcab
2017-07-27 03:23 - 2017-07-27 03:23 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset threat findings.txt
2017-07-26 12:22 - 2017-07-26 12:22 - 000004857 _____ C:\Users\AIRWORX 2\Desktop\msrt results no infected files.txt
2017-07-26 11:56 - 2017-07-26 11:56 - 140634896 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (4).exe
2017-07-26 10:47 - 2017-08-07 14:34 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (3).exe
2017-07-26 10:45 - 2017-07-26 10:46 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (2).exe
2017-07-26 10:45 - 2017-07-26 10:45 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (1).exe
2017-07-26 10:38 - 2017-07-26 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-07-26 10:25 - 2017-07-28 02:15 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Visual Studio Setup
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\vstelemetry
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ServiceHub
2017-07-26 10:24 - 2017-07-28 02:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-26 09:01 - 2017-07-26 09:01 - 000000000 ____D C:\DGLogs
2017-07-26 09:00 - 2017-07-26 09:00 - 000000000 ____D C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2
2017-07-26 08:59 - 2017-05-04 12:11 - 000075680 _____ C:\Users\AIRWORX 2\Downloads\DG_Readiness_Tool_v3.2.ps1
2017-07-26 08:58 - 2017-07-26 08:58 - 000031743 _____ C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2.zip
2017-07-26 07:41 - 2017-07-26 07:42 - 000901670 _____ C:\Users\AIRWORX 2\Desktop\reliability history 7-26-2017.XML
2017-07-26 07:34 - 2017-07-26 07:34 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-26 07:16 - 2017-07-26 07:17 - 001771288 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\nis_full.exe
2017-07-26 07:12 - 2017-07-26 07:12 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-07-26 07:11 - 2017-07-26 07:17 - 129705744 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe.exe
2017-07-26 03:19 - 2017-07-26 03:19 - 000195346 _____ C:\Users\AIRWORX 2\Desktop\wu170509.diagcab
2017-07-26 02:59 - 2017-07-26 02:59 - 000022932 _____ C:\Users\AIRWORX 2\Desktop\allowed outbound firewall rules.txt
2017-07-26 02:58 - 2017-07-26 02:58 - 000033651 _____ C:\Users\AIRWORX 2\Desktop\allowed inbound firewall settings.txt
2017-07-25 15:23 - 2017-08-10 02:18 - 000162624 _____ C:\Users\AIRWORX 2\Documents\My Vendor List 8-15-12.xlsx
2017-07-25 07:46 - 2017-08-04 10:36 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Encrypted documents
2017-07-25 07:46 - 2017-07-25 07:46 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Documents_1
2017-07-25 05:46 - 2017-07-25 05:46 - 000068611 _____ C:\Users\AIRWORX 2\Downloads\f.txt
2017-07-25 04:56 - 2017-07-25 04:56 - 005780817 _____ C:\Users\AIRWORX 2\Downloads\17351442_117133718779563_5086019384804114432_n.bin
2017-07-24 18:39 - 2017-07-24 18:25 - 3007731185 ____N C:\Users\AIRWORX 2\Desktop\LGBackup_170724.lbf
2017-07-24 11:31 - 2017-07-24 11:31 - 000843873 _____ C:\Users\AIRWORX 2\Downloads\TS103488179.potx
2017-07-24 11:29 - 2017-07-24 11:29 - 000004318 _____ C:\Users\AIRWORX 2\Downloads\MC900054580.WMF
2017-07-24 11:07 - 2017-07-24 11:07 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-07-24 09:54 - 2017-07-24 09:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-24 09:54 - 2017-07-24 09:54 - 000000000 ____D C:\Program Files\IDT
2017-07-24 09:54 - 2013-11-20 10:43 - 006101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2017-07-24 09:54 - 2013-11-20 10:43 - 001897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2017-07-24 09:54 - 2013-11-20 10:43 - 001703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2017-07-24 09:54 - 2013-11-20 10:43 - 000464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2017-07-24 09:54 - 2013-11-20 10:43 - 000030389 _____ C:\WINDOWS\system32\DTS_TOWER.XML
2017-07-24 09:48 - 2017-08-09 11:55 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-24 09:42 - 2017-07-24 09:42 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\FBA95002-17BB-4264-B1E2-EE748AD9FCC7
2017-07-24 09:42 - 2017-07-24 09:42 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\BE7A0D4F-259E-4ACF-95D4-65A4A82C6258
2017-07-24 09:33 - 2017-07-24 09:33 - 000479815 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-06-30.pdf
2017-07-24 09:33 - 2017-07-24 09:33 - 000477980 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-09-30.pdf
2017-07-24 09:33 - 2017-07-24 09:33 - 000469343 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-08-31.pdf
2017-07-24 09:33 - 2017-07-24 09:33 - 000453034 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-10-31.pdf
2017-07-24 08:36 - 2017-07-24 08:36 - 000206704 _____ C:\Users\AIRWORX 2\Documents\FTIBank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
2017-07-24 08:29 - 2017-07-24 08:29 - 000453034 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-10-31.pdf
2017-07-24 08:28 - 2017-07-24 08:28 - 000477980 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-09-30.pdf
2017-07-24 08:27 - 2017-07-24 08:27 - 000479815 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-06-30.pdf
2017-07-24 08:25 - 2017-07-24 08:25 - 000469343 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-08-31.pdf
2017-07-24 08:18 - 2017-07-24 08:18 - 003286340 _____ C:\Users\AIRWORX 2\Downloads\DOC071317-002.pdf
2017-07-24 06:56 - 2017-07-24 14:50 - 000002073 _____ C:\Users\AIRWORX 2\Desktop\my post.txt
2017-07-24 05:55 - 2017-07-24 05:55 - 000000000 _____ C:\Users\AIRWORX 2\defogger_reenable
2017-07-24 05:54 - 2017-07-24 05:54 - 000050477 _____ C:\Users\AIRWORX 2\Downloads\Defogger.exe
2017-07-24 05:30 - 2017-07-24 05:30 - 002001544 _____ C:\Users\AIRWORX 2\Downloads\pc-decrapifier-3.0.1.exe
2017-07-24 05:12 - 2017-07-24 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-24 05:12 - 2017-07-24 05:12 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-07-24 05:10 - 2017-07-24 05:10 - 019709440 ____N (Luis Cobian, CobianSoft) C:\Users\AIRWORX 2\Downloads\cbSetup.exe
2017-07-24 05:04 - 2017-08-07 12:26 - 000069848 _____ C:\Users\AIRWORX 2\Desktop\Addition.txt
2017-07-24 05:01 - 2017-08-10 12:27 - 000086751 _____ C:\Users\AIRWORX 2\Desktop\FRST.txt
2017-07-24 05:01 - 2017-08-10 12:26 - 000000000 ____D C:\FRST
2017-07-24 04:15 - 2017-07-24 04:15 - 000059467 ____N C:\Users\AIRWORX 2\Downloads\HS-5.8.17 #3104 CJump Allen April Inv&Rep SH (1).pdf
2017-07-24 04:12 - 2017-07-24 04:12 - 000071158 ____N C:\Users\AIRWORX 2\Downloads\07.11.17 Olathe-Holmes III LLC.pdf
2017-07-24 04:10 - 2017-07-24 04:10 - 000196464 ____N C:\Users\AIRWORX 2\Downloads\07.01.17 Olathe-AT&T.pdf
2017-07-24 04:09 - 2017-07-24 04:09 - 000480772 ____N C:\Users\AIRWORX 2\Downloads\07.17 Olathe-BOA Stmt.pdf
2017-07-24 04:08 - 2017-07-24 04:08 - 000072792 ____N C:\Users\AIRWORX 2\Downloads\06.30.17 Houston-CocaCola.pdf
2017-07-24 04:07 - 2017-07-24 04:07 - 000073576 ____N C:\Users\AIRWORX 2\Downloads\06.30.17 Dallas II-CocaCola.pdf
2017-07-24 04:01 - 2017-07-24 04:01 - 000044143 ____N C:\Users\AIRWORX 2\Downloads\Texas Notice of Tax-Fee Due.pdf
2017-07-24 03:48 - 2017-07-24 03:48 - 000257899 ____N C:\Users\AIRWORX 2\Downloads\1718abcdecalendar.pdf
2017-07-24 03:47 - 2017-07-24 03:47 - 001494216 ____N C:\Users\AIRWORX 2\Downloads\1718districtcalendar071917.pdf
2017-07-21 07:57 - 2017-07-21 07:57 - 001118208 ____N C:\Users\AIRWORX 2\Desktop\eventviewer.evtx
2017-07-21 07:54 - 2017-07-21 07:54 - 000626956 ____N C:\Users\AIRWORX 2\Desktop\sys info.txt
2017-07-21 05:16 - 2017-08-07 14:34 - 000003784 _____ C:\Users\AIRWORX 2\Downloads\fixlist.txt
2017-07-21 02:37 - 2017-07-21 02:37 - 000031963 ____N C:\Users\AIRWORX 2\Downloads\Backup_17-17-07 10-43AM (1).zip
2017-07-21 02:36 - 2017-07-21 02:36 - 000031963 ____N C:\Users\AIRWORX 2\Downloads\Backup_17-17-07 10-43AM.zip
2017-07-21 02:18 - 2017-07-21 02:18 - 000001516 ____N C:\Users\AIRWORX 2\Desktop\malware bytes quar.txt
2017-07-20 12:57 - 2017-07-20 12:57 - 000000000 ____D C:\WINDOWS\ERUNT
2017-07-20 12:56 - 2017-07-20 12:58 - 000000646 _____ C:\DelFix.txt
2017-07-20 12:30 - 2015-08-09 11:12 - 000043104 _____ (NirSoft) C:\Users\AIRWORX 2\Desktop\AppCrashView.exe
2017-07-20 12:30 - 2015-08-09 11:12 - 000015426 ____N C:\Users\AIRWORX 2\Desktop\AppCrashView.chm
2017-07-20 12:30 - 2015-08-09 11:12 - 000007123 ____N C:\Users\AIRWORX 2\Desktop\readme.txt
2017-07-20 12:29 - 2017-07-20 12:29 - 000047265 ____N C:\Users\AIRWORX 2\Desktop\appcrashview.zip
2017-07-20 08:55 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-20 08:54 - 2017-07-20 08:55 - 065033984 ____N (Malwarebytes ) C:\Users\AIRWORX 2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-20 08:16 - 2017-07-20 08:16 - 135729424 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (3).exe
2017-07-20 04:48 - 2017-07-20 04:48 - 001818624 ____N C:\Users\AIRWORX 2\Downloads\MBSASetup-x64-EN.msi
2017-07-19 08:41 - 2017-07-19 08:42 - 000066957 _____ C:\WINDOWS\system32\AIRWORX
2017-07-19 08:36 - 2017-07-19 08:40 - 000051333 ____N C:\Users\AIRWORX 2\Desktop\sfcdetails.txt
2017-07-19 07:56 - 2017-07-19 07:56 - 000342981 ____N C:\Users\AIRWORX 2\Downloads\PATIENT ACQUAINTENCE FORM 2017-signed.pdf
2017-07-19 07:13 - 2017-07-19 07:13 - 044003024 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50.exe
2017-07-19 06:58 - 2017-07-19 06:58 - 006361088 ____N C:\Users\AIRWORX 2\Desktop\windows security logs.evtx
2017-07-19 06:56 - 2017-07-19 06:56 - 001118208 ____N C:\Users\AIRWORX 2\Desktop\recent events.evtx
2017-07-19 06:56 - 2017-07-19 06:56 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\LocaleMetaData
2017-07-19 05:13 - 2017-07-19 05:13 - 000335756 ____N C:\Users\AIRWORX 2\Desktop\reliability history.XML
2017-07-19 04:31 - 2017-07-19 04:31 - 000006054 ____N C:\Users\AIRWORX 2\Desktop\Kas findings some not addressed.txt
2017-07-19 03:06 - 2017-07-19 03:06 - 000012672 ____N C:\Users\AIRWORX 2\Desktop\full scan kas.txt
2017-07-19 03:05 - 2017-07-19 03:05 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\Vul scan.txt
2017-07-18 19:47 - 2017-07-18 19:47 - 000455756 ____N C:\Users\AIRWORX 2\Downloads\OFFICE POLICIES FOR PPWORK 2017 WITH LOGO-signed.pdf
2017-07-18 14:04 - 2017-07-19 07:59 - 000100526 ____N C:\Users\AIRWORX 2\Downloads\HIPAA Privacy Authorization Form.pdf
2017-07-18 14:04 - 2017-07-18 14:04 - 000377763 ____N C:\Users\AIRWORX 2\Downloads\OFFICE POLICIES FOR PPWORK 2017 WITH LOGO.pdf
2017-07-18 14:04 - 2017-07-18 14:04 - 000179165 ____N C:\Users\AIRWORX 2\Downloads\PATIENT ACQUAINTENCE FORM 2017.pdf
2017-07-18 13:40 - 2017-07-18 13:58 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\kc
2017-07-18 13:16 - 2017-07-18 13:16 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\ks items found.txt
2017-07-18 13:15 - 2017-07-18 13:15 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\kas items found.txt
2017-07-18 13:05 - 2017-07-18 13:05 - 000631136 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (2).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000631136 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (2) (1).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000627784 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (3).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000413116 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (1).pdf
2017-07-18 13:02 - 2017-07-18 13:02 - 000531500 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts April 2016.pdf
2017-07-18 12:59 - 2017-07-18 12:59 - 000779604 ____N C:\Users\AIRWORX 2\Downloads\KC May 2016 Receipts.pdf
2017-07-18 12:59 - 2017-07-18 12:59 - 000779604 ____N C:\Users\AIRWORX 2\Desktop\KC May 2016 Receipts (1).pdf
2017-07-18 12:56 - 2017-07-18 12:56 - 000888660 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts June 2016.pdf
2017-07-18 12:54 - 2017-07-18 12:54 - 000218291 ____N C:\Users\AIRWORX 2\Downloads\KC Reports 8.1.pdf
2017-07-18 12:51 - 2017-07-18 12:51 - 001149113 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts July 2016.pdf
2017-07-18 12:49 - 2017-07-18 12:49 - 000234159 ____N C:\Users\AIRWORX 2\Downloads\CCI09012016.pdf
2017-07-18 12:48 - 2017-07-18 12:48 - 000458582 ____N C:\Users\AIRWORX 2\Downloads\9.7.16 (1).pdf
2017-07-18 12:46 - 2017-07-18 12:46 - 000005049 ____N C:\Users\AIRWORX 2\Downloads\Aged Receivables.pdf
2017-07-18 12:45 - 2017-07-18 12:45 - 000413116 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016.pdf
2017-07-18 12:41 - 2017-07-18 12:41 - 000197013 ____N C:\Users\AIRWORX 2\Downloads\CCF01102017 (1).pdf
2017-07-18 12:38 - 2017-07-18 12:38 - 000023765 ____N C:\Users\AIRWORX 2\Downloads\KC Tramp Specs.pdf
2017-07-18 12:34 - 2017-07-18 12:34 - 000195196 ____N C:\Users\AIRWORX 2\Downloads\07-15-17.pdf
2017-07-18 12:31 - 2017-07-18 12:31 - 000384839 ____N C:\Users\AIRWORX 2\Downloads\CCF06172017_0001.pdf
2017-07-18 12:30 - 2017-07-18 12:30 - 000374743 ____N C:\Users\AIRWORX 2\Downloads\CCF07092017 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000101084 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700104306)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000098532 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700058437)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000096973 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700180809)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000095005 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700030432)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000092177 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700012338)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000088715 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700081692)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000085982 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700224605)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:23 - 2017-07-18 12:23 - 000433166 ____N C:\Users\AIRWORX 2\Downloads\CUSTSTMT.PDF
2017-07-18 12:22 - 2017-07-18 12:22 - 000604455 ____N C:\Users\AIRWORX 2\Downloads\20161221131018092.pdf
2017-07-18 12:21 - 2017-07-18 12:21 - 000174841 ____N C:\Users\AIRWORX 2\Downloads\20161221131237330 (1).pdf
2017-07-18 12:11 - 2017-07-18 12:11 - 000084006 ____N C:\Users\AIRWORX 2\Documents\https___email02.godaddy.com_view_print_multi.pdf
2017-07-18 11:24 - 2017-07-18 11:24 - 001143460 ____N C:\Users\AIRWORX 2\Downloads\Coke contract Houston.pdf
2017-07-18 11:24 - 2017-07-18 11:24 - 000176568 ____N C:\Users\AIRWORX 2\Downloads\Airowx Cosmic Jump Contract signed by Maura-signed.pdf
2017-07-18 11:04 - 2017-07-18 11:04 - 000384804 ____N C:\Users\AIRWORX 2\Downloads\img034 (1).pdf
2017-07-18 11:02 - 2017-07-18 11:02 - 000147945 ____N C:\Users\AIRWORX 2\Downloads\Airworx Contract Coke (1).pdf
2017-07-18 11:00 - 2017-07-18 11:00 - 000151856 ____N C:\Users\AIRWORX 2\Downloads\Airworx Contract Coke.pdf
2017-07-18 11:00 - 2017-07-18 11:00 - 000129543 ____N C:\Users\AIRWORX 2\Downloads\Airowx Cosmic Jump Contract signed by Maura.pdf
2017-07-18 10:57 - 2017-07-18 10:57 - 000384804 ____N C:\Users\AIRWORX 2\Downloads\img034.pdf
2017-07-18 10:39 - 2017-07-18 10:39 - 000194482 ____N C:\Users\AIRWORX 2\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity1.pdf
2017-07-18 10:38 - 2017-07-18 10:38 - 000203708 ____N C:\Users\AIRWORX 2\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
2017-07-18 07:12 - 2017-07-18 07:12 - 000000000 ____D C:\ProgramData\Emsisoft
2017-07-18 07:08 - 2017-07-18 07:09 - 320730544 ____N C:\Users\AIRWORX 2\Downloads\EmsisoftEmergencyKit.exe
2017-07-18 06:18 - 2017-07-18 06:18 - 000037290 ____N C:\Users\AIRWORX 2\Downloads\redeppening (1).pdf
2017-07-18 06:13 - 2017-07-18 06:13 - 000469373 ____N C:\Users\AIRWORX 2\Downloads\Jason Le Incident.pdf
2017-07-18 06:12 - 2017-07-18 06:12 - 000197755 ____N C:\Users\AIRWORX 2\Downloads\6.4.2017.pdf
2017-07-18 06:04 - 2017-07-18 06:04 - 000350407 ____N C:\Users\AIRWORX 2\Downloads\Baur 4 national treasure.pdf
2017-07-18 06:02 - 2017-07-18 06:02 - 000374743 ____N C:\Users\AIRWORX 2\Downloads\CCF07092017.pdf
2017-07-18 05:54 - 2017-07-18 05:54 - 001004434 ____N C:\Users\AIRWORX 2\Downloads\CCF02012017.pdf
2017-07-18 05:43 - 2017-07-18 05:43 - 000000801 ____N C:\Users\AIRWORX 2\Downloads\Downloads - Shortcut.lnk
2017-07-18 04:35 - 2017-07-17 10:14 - 005542722 ____N C:\Users\AIRWORX 2\Downloads\SysInspector-AIRWORX2-PC-170717-072446.xml
2017-07-18 03:46 - 2017-07-18 03:46 - 000006522 ____N C:\Users\AIRWORX 2\Documents\case.txt
2017-07-17 10:26 - 2017-07-17 10:26 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-07-17 10:25 - 2017-07-17 10:25 - 002724512 ____N (Sysinternals - www.sysinternals.com) C:\Users\AIRWORX 2\Downloads\procexp.exe
2017-07-17 10:14 - 2017-07-17 10:14 - 000504650 _____ C:\Users\AIRWORX 2\SysInspector-AIRWORX2-PC-170717-072446.zip
2017-07-17 09:55 - 2017-07-17 09:55 - 000000000 _____ C:\WINDOWS\system32\wmic
2017-07-17 09:22 - 2017-07-17 09:22 - 141475088 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (2).exe
2017-07-17 09:21 - 2017-07-17 09:21 - 007340032 ____N C:\Users\AIRWORX 2\Downloads\msert (1).exe
2017-07-17 09:14 - 2017-07-17 09:14 - 001048576 ____N C:\Users\AIRWORX 2\Downloads\msert.exe
2017-07-17 07:40 - 2017-07-17 07:40 - 006754944 ____N (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu.exe
2017-07-17 07:11 - 2017-07-17 07:11 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\DBG
2017-07-17 03:31 - 2017-07-24 04:50 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Cleanup apps
2017-07-14 11:00 - 2017-07-14 11:00 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics
2017-07-14 10:40 - 2017-07-14 10:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001
2017-07-14 09:14 - 2017-07-14 09:14 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-07-14 06:50 - 2017-07-14 06:50 - 000000020 ___SH C:\Users\AIRWORX 2\ntuser.ini
2017-07-14 06:30 - 2017-07-14 06:30 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-14 06:30 - 2017-07-14 06:30 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-14 06:30 - 2017-07-14 06:30 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-14 06:30 - 2017-07-14 06:30 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-14 06:30 - 2017-07-14 06:30 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-14 06:30 - 2017-07-14 06:30 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-14 06:30 - 2017-07-14 06:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-14 06:30 - 2017-07-14 06:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 004709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 004672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 002625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-07-14 06:22 - 2017-07-14 06:22 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-07-14 06:22 - 2017-07-14 06:22 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-14 06:22 - 2017-07-14 06:22 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-14 06:22 - 2017-07-14 06:22 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-07-14 06:22 - 2017-07-14 06:22 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-14 06:20 - 2017-07-14 06:23 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2017-07-14 06:20 - 2017-07-14 06:23 - 000015243 _____ C:\WINDOWS\diagerr.xml
2017-07-14 06:17 - 2017-07-20 04:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-14 06:17 - 2017-07-14 06:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-14 06:14 - 2017-07-28 02:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files\MSBuild
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\inetpub
2017-07-14 06:13 - 2017-07-14 06:13 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-14 06:13 - 2017-02-10 12:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-14 06:13 - 2017-02-10 12:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-14 06:12 - 2017-08-10 10:37 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBB8FF06-B999-4A95-A7CE-15C213181723}
2017-07-14 06:12 - 2017-08-09 13:12 - 000000006 _____ C:\WINDOWS\Tasks\SA.DAT
2017-07-14 06:12 - 2017-07-15 06:57 - 000003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-14 06:12 - 2017-07-14 06:12 - 000002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2671885098-678752524-1400920573-1001
2017-07-14 06:12 - 2017-07-14 06:12 - 000002134 _____ C:\WINDOWS\System32\Tasks\RGP Backup
2017-07-14 06:12 - 2017-07-14 06:12 - 000002118 _____ C:\WINDOWS\System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882}
2017-07-14 06:12 - 2017-07-14 06:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-07-14 06:11 - 2017-08-10 03:41 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-14 06:11 - 2017-08-09 17:15 - 000003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAIRWORX 2
2017-07-14 06:11 - 2017-07-14 06:12 - 000003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-07-14 06:11 - 2017-07-14 06:12 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d
2017-07-14 06:11 - 2017-07-14 06:12 - 000003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-07-14 06:11 - 2017-07-14 06:12 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8
2017-07-14 06:11 - 2017-07-14 06:12 - 000003070 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6
2017-07-14 06:11 - 2017-07-14 06:12 - 000003070 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19
2017-07-14 06:11 - 2017-07-14 06:12 - 000003070 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-14 06:11 - 2017-07-14 06:12 - 000002802 _____ C:\WINDOWS\System32\Tasks\[email protected]
2017-07-14 06:11 - 2017-07-14 06:12 - 000002310 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2017-07-14 06:11 - 2017-07-14 06:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-07-14 06:11 - 2017-07-14 06:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-07-14 05:56 - 2017-07-14 05:56 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-14 05:49 - 2017-07-14 05:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-14 05:47 - 2017-07-14 05:47 - 000000000 ____D C:\ProgramData\USOShared
2017-07-14 05:46 - 2017-08-09 13:11 - 000000000 ____D C:\Users\AIRWORX 2
2017-07-14 05:46 - 2017-07-14 06:05 - 000000000 ____D C:\Users\Administrator
2017-07-14 05:45 - 2017-08-04 03:20 - 001401184 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-14 05:44 - 2017-07-14 05:44 - 000939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-07-14 05:44 - 2017-07-14 05:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-14 05:39 - 2017-07-14 05:39 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-07-14 05:39 - 2017-07-14 05:39 - 000000000 ____D C:\Program Files\AMD
2017-07-14 05:39 - 2017-07-14 05:39 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-07-14 05:39 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-14 05:38 - 2017-07-14 05:38 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-07-14 05:36 - 2017-08-10 07:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-14 05:36 - 2017-07-18 03:53 - 000532544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-14 04:28 - 2017-07-14 04:28 - 000002103 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-07-14 03:44 - 2017-07-14 03:44 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-07-14 02:37 - 2017-07-14 02:38 - 195931824 ____N (Kaspersky Lab) C:\Users\AIRWORX 2\Downloads\kts17.0.0.611abcden_12159.exe
2017-07-13 13:47 - 2017-07-14 05:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-12 12:58 - 2017-07-12 12:58 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-07-12 12:58 - 2017-07-12 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-07-12 12:58 - 2017-07-12 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-07-12 12:58 - 2017-07-12 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-07-12 09:28 - 2017-08-07 09:22 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-07-12 06:53 - 2017-08-07 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-12 06:53 - 2017-07-20 08:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-11 13:45 - 2017-08-08 05:09 - 000031995 _____ C:\VEW.txt
2017-07-11 09:24 - 2017-08-09 10:34 - 000000602 _____ C:\junk.txt
2017-07-11 04:04 - 2017-08-04 11:07 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-11 04:03 - 2017-08-04 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-11 04:03 - 2017-08-04 10:48 - 000000000 ____D C:\Program Files\RogueKiller
2017-07-11 04:03 - 2017-07-11 05:12 - 000000000 ____D C:\ProgramData\RogueKiller
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-10 11:50 - 2017-02-20 08:22 - 000000000 ____D C:\Program Files\Recuva
2017-08-10 03:41 - 2017-01-24 15:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-10 02:22 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 20:18 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-09 20:18 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-09 13:12 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-09 13:11 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-09 13:11 - 2016-07-01 17:30 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-09 13:11 - 2015-07-13 07:14 - 000132824 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-08-09 11:55 - 2014-01-11 04:08 - 000180232 ____N C:\WINDOWS\Minidump\080917-30328-01.dmp
2017-08-09 11:52 - 2014-03-06 03:09 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 11:52 - 2014-03-06 03:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 11:36 - 2017-06-26 07:43 - 000002065 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-08-09 11:17 - 2017-02-16 07:37 - 000000000 ____D C:\Users\AIRWORX 2\.android
2017-08-09 02:26 - 2014-11-12 15:43 - 000099886 ____H C:\Users\AIRWORX 2\Desktop\.ppinfocache
2017-08-09 02:26 - 2014-11-12 15:43 - 000010568 ____H C:\Users\AIRWORX 2\Desktop\maxdesk.ini2
2017-08-09 02:26 - 2014-11-12 15:43 - 000008344 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn2
2017-08-09 02:26 - 2014-11-12 15:33 - 007196349 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn
2017-08-09 02:26 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\.oit
2017-08-08 10:12 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Nuance
2017-08-07 14:57 - 2014-01-23 11:29 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Fundraisers
2017-08-07 12:27 - 2014-07-02 11:24 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 08:40 - 2013-10-14 16:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-08-07 08:37 - 2013-10-14 16:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-07 08:34 - 2014-01-10 13:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Packages
2017-08-04 10:43 - 2015-01-29 18:03 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ElevatedDiagnostics
2017-08-03 10:06 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-03 04:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-02 12:59 - 2014-03-27 13:37 - 000000000 ____D C:\Program Files (x86)\DahuaTech
2017-08-02 12:02 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-02 10:02 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-02 10:02 - 2014-03-13 11:19 - 000000000 ____D C:\ProgramData\LogMeIn
2017-08-02 09:23 - 2015-06-05 11:23 - 000000000 ____D C:\Program Files (x86)\SetupLogs
2017-08-02 09:01 - 2015-04-20 17:06 - 000000000 __RDO C:\Users\AIRWORX 2\OneDrive
2017-08-02 09:01 - 2014-04-18 14:27 - 000000000 ____D C:\Program Files (x86)\ASAP Utilities
2017-08-02 08:07 - 2014-09-11 15:41 - 000000496 _____ C:\Users\AIRWORX 2\Desktop\ITSupport247 (3).website
2017-08-02 08:06 - 2015-01-07 12:51 - 000001552 _____ C:\Users\AIRWORX 2\Desktop\iexplore - Shortcut.lnk
2017-08-02 03:02 - 2017-07-07 09:56 - 017225690 _____ C:\Users\AIRWORX 2\Desktop\calls and txtsBook2.xlsx
2017-08-01 13:25 - 2014-01-11 04:08 - 000178568 ____N C:\WINDOWS\Minidump\080117-28453-01.dmp
2017-08-01 05:58 - 2014-03-04 13:12 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ESET
2017-07-31 15:37 - 2014-01-21 15:23 - 000000000 ___RD C:\Users\AIRWORX 2\Google Drive
2017-07-31 15:16 - 2015-07-08 12:08 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Western Digital
2017-07-31 02:19 - 2015-11-12 07:03 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-31 02:17 - 2015-10-29 23:28 - 000000000 ____D C:\Users\Default.migrated
2017-07-28 12:54 - 2014-03-26 13:47 - 000007609 _____ C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2017-07-28 02:14 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-27 10:31 - 2012-07-25 22:26 - 000000222 _____ C:\WINDOWS\win.ini
2017-07-27 03:54 - 2017-06-26 09:52 - 000181160 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2017-07-26 19:40 - 2015-01-29 16:07 - 000000519 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-07-26 09:41 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-26 07:02 - 2016-02-09 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxAct
2017-07-26 04:53 - 2014-05-15 13:29 - 000000000 ____D C:\Program Files (x86)\Brother
2017-07-26 04:50 - 2014-12-30 17:16 - 000000000 ____D C:\Program Files (x86)\AVIGenerator2.0
2017-07-26 04:50 - 2014-05-15 13:29 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
2017-07-24 11:00 - 2017-02-20 09:27 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\VERIZON
2017-07-24 05:40 - 2014-10-29 11:50 - 000000000 ____D C:\Users\Public\Documents\CyberLink
2017-07-24 05:40 - 2013-10-14 16:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-07-24 05:39 - 2013-10-14 16:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-07-21 10:44 - 2014-06-19 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SurveillanceSystem
2017-07-20 06:51 - 2014-03-26 16:20 - 000000000 ___RD C:\Users\AIRWORX 2\Dropbox
2017-07-19 03:26 - 2014-06-19 09:37 - 000000000 ____D C:\Program Files (x86)\SurveillanceSystem
2017-07-18 22:47 - 2016-03-08 09:58 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Outlook Files
2017-07-18 20:18 - 2015-07-30 12:30 - 000525312 _____ C:\Users\AIRWORX 2\Outlook.pst
2017-07-18 13:40 - 2014-09-04 12:53 - 000021516 ____H C:\Users\AIRWORX 2\Downloads\.ppinfocache
2017-07-18 13:27 - 2014-03-26 12:59 - 000042262 ____H C:\Users\AIRWORX 2\Documents\PP11Thumbs.ptn2
2017-07-18 04:26 - 2017-02-20 09:10 - 000001887 ____N C:\Users\AIRWORX 2\Desktop\Recuva.lnk
2017-07-18 04:25 - 2016-10-02 22:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ConnectedDevicesPlatform
2017-07-18 03:55 - 2017-02-13 05:55 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-18 03:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-17 03:43 - 2016-04-19 19:11 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Alarm Activity Formatted Download_files
2017-07-15 06:57 - 2016-07-02 19:55 - 000002424 _____ C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-15 03:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-14 10:51 - 2017-06-20 08:47 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2017-07-14 10:46 - 2014-08-04 13:01 - 000000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2017-07-14 06:50 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-14 06:50 - 2016-04-26 23:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-14 06:35 - 2017-03-18 14:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-14 06:32 - 2017-03-18 14:06 - 000000000 ____D C:\WINDOWS\Setup
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-14 06:24 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-14 06:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-14 06:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-14 06:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-14 06:23 - 2017-03-18 04:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-14 06:19 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-14 06:14 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-14 06:14 - 2017-03-18 13:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-07-14 06:14 - 2017-03-18 13:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-07-14 06:14 - 2017-03-18 13:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-07-14 06:12 - 2017-03-18 19:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-07-14 06:12 - 2014-10-29 11:58 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-14 06:11 - 2017-03-18 14:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-14 06:02 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-14 05:59 - 2017-06-27 05:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkasoft Evidence Center Ultimate
2017-07-14 05:59 - 2017-06-13 19:20 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-14 05:59 - 2017-05-10 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly Uploader
2017-07-14 05:59 - 2017-05-03 08:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Lawyer
2017-07-14 05:59 - 2017-04-21 05:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cox Cloud Drive
2017-07-14 05:59 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-14 05:59 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-07-14 05:59 - 2017-03-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Escaperoom Software
2017-07-14 05:59 - 2017-03-16 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-07-14 05:59 - 2017-02-20 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-07-14 05:59 - 2016-12-21 09:20 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-14 05:59 - 2016-10-27 03:53 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-07-14 05:59 - 2016-09-30 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-07-14 05:59 - 2016-05-12 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2017-07-14 05:59 - 2016-04-28 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-14 05:59 - 2016-04-26 23:20 - 000000000 ____D C:\WINDOWS\ShellNew
2017-07-14 05:59 - 2015-06-08 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-14 05:59 - 2014-12-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIGenerator2.0
2017-07-14 05:59 - 2014-04-18 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASAP Utilities
2017-07-14 05:59 - 2014-03-13 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2017-07-14 05:59 - 2014-03-13 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2017-07-14 05:59 - 2014-03-12 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Create 7
2017-07-14 05:59 - 2014-03-12 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2017-07-14 05:59 - 2014-03-04 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-07-14 05:59 - 2014-03-04 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rock Gym Pro
2017-07-14 05:59 - 2013-10-14 16:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-14 05:59 - 2013-10-14 16:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\IME
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\et-EE
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-07-14 05:52 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-07-14 05:52 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-07-14 05:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-14 05:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\InputMethod
2017-07-14 05:51 - 2016-02-04 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-07-14 05:51 - 2014-03-04 12:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2017-07-14 05:50 - 2017-06-26 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-07-14 05:50 - 2017-05-31 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-07-14 05:50 - 2014-03-13 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-07-14 05:50 - 2014-03-04 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2017-07-14 05:50 - 2013-10-14 16:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-07-14 05:49 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-07-14 05:49 - 2013-08-22 08:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-14 05:47 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-14 05:46 - 2013-04-03 17:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-07-14 05:44 - 2017-03-18 04:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-14 04:28 - 2014-03-04 16:20 - 000000000 ____D C:\ProgramData\Adobe
2017-07-13 13:48 - 2015-10-19 12:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-07-11 12:11 - 2017-06-13 19:20 - 000000000 ____D C:\Program Files\UNP
2017-07-11 12:03 - 2017-06-27 16:06 - 000000000 ____D C:\WINDOWS\pss
==================== Files in the root of some directories =======
2015-04-01 09:26 - 2005-12-08 19:51 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2017-04-14 06:58 - 2017-04-14 06:58 - 000000000 _____ () C:\Users\AIRWORX 2\AppData\Roaming\IVOPEN.$$$
2014-12-17 10:09 - 2014-12-17 10:10 - 000012962 _____ () C:\Users\AIRWORX 2\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-03-26 13:47 - 2017-07-28 12:54 - 000007609 _____ () C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2015-12-09 12:34 - 2015-12-09 12:34 - 000000145 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-03-24 15:02 - 2014-10-23 13:06 - 000000226 _____ () C:\ProgramData\RSUserCfg.ini
Files to move or delete:
====================
C:\Users\AIRWORX 2\ASAP_Utilities_5-2-1_HS_Setup.exe
C:\Users\AIRWORX 2\WDMyCloud_win.exe
Some files in TEMP:
====================
2017-08-01 04:48 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\dllnt_dump.dll
2017-08-07 13:39 - 2017-08-07 13:49 - 001503232 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\libmysqlinstanceconf.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000455328 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcp120.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000970912 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcr120.dll
2016-07-30 17:08 - 2016-07-30 17:08 - 003112960 _____ (Jason York) C:\Users\AIRWORX 2\AppData\Local\Temp\pc-decrapifier.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000510752 _____ (Acronis) C:\Users\AIRWORX 2\AppData\Local\Temp\setupapp_amd64.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000540432 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\setupnt64.dll
2017-07-26 04:50 - 2006-05-24 10:10 - 000455600 _____ (Macrovision Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\_isC014.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe
[2017-07-14 06:30] - [2017-07-14 06:30] - 000706560 _____ (Microsoft Corporation) 31E3287EF6D97C5864A301CEA75BBBA1
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2017-07-14 06:22] - [2017-07-14 06:22] - 001085440 _____ (Microsoft Corporation) 0E79A4C76CAAA0CFE9CA42C13E5AA086
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-07 04:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by AIRWORX 2 (10-08-2017 12:28:52)
Running from C:\Users\AIRWORX 2\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 13:25:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2671885098-678752524-1400920573-500 - Administrator - Disabled) => C:\Users\Administrator
AIRWORX 2 (S-1-5-21-2671885098-678752524-1400920573-1001 - Administrator - Enabled) => C:\Users\AIRWORX 2
DefaultAccount (S-1-5-21-2671885098-678752524-1400920573-503 - Limited - Disabled)
Guest (S-1-5-21-2671885098-678752524-1400920573-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{05E5AD66-7CD0-4719-A229-0D3A7A5240D2}) (Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.1 - Bastien Mensink - A Must in Every Office BV)
Broderbund Family Lawyer (HKLM-x32\...\{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase) Hidden
Broderbund Family Lawyer (HKLM-x32\...\InstallShield_{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase)
Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EMET 5.52 (HKLM-x32\...\{BC26560D-1FC4-4DD5-8756-7E0606A79AE3}) (Version: 5.52 - Microsoft Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Escaperoom Software (HKLM-x32\...\{7BAA7E0D-9B92-4FE7-AEC8-F11EAE801922}) (Version: 3.1.0.0 - Escaperoom Software)
ESET Smart Security (HKLM\...\{2B587448-4CE3-4196-A237-A425E557F052}) (Version: 10.1.204.0 - ESET, spol. s r.o.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}) (Version: 5.1.12 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{97EFE060-CE35-4709-9B3A-5D3C8F686FED}) (Version: 5.0.90 - MySQL AB)
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rock Gym Pro (HKLM-x32\...\{827570FB-0E88-444C-ADBC-9E799571E292}) (Version: 1.1.21247 - RGP Development LLC)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shutterfly Uploader (HKLM-x32\...\{CD928A00-1C70-4353-B9B9-7BC8600F3E43}) (Version: 2.9.0.737 - Shutterfly, Inc.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.03 - TaxAct, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WorkForce GT-1500 Scanner Driver Update (HKLM-x32\...\{37D0F29D-AB95-4598-ACF0-D3CC38C161D9}) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [Zeon.MFCDirectShellExt] -> {353C642C-F13D-4699-9FF2-EFAF490B6C69} => C:\Program Files (x86)\Nuance\PDFCreate\bin\DirectShellExt.dll [2010-07-16] (Zeon International Investment Corp. )
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {005B78DE-9ECF-4C1D-85D3-6330FE864BA6} - System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {073958F3-8E5F-4CF7-8625-ABD15377481E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {264F49CB-3415-488D-B8DA-9F6F8BE48331} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {2EE58945-C40B-43A8-A167-173E412D9D98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37C32B19-9630-4A28-9E5A-8EA8CD06CFA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {46064571-564C-4D46-9842-A167DDF1D942} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4FD0925E-6E79-4BC0-A382-3D5CCA5C36B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {56FA405C-914E-41DB-A1DA-640837A26134} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {5DB34D0B-4B82-47F6-B06D-2D195446A83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7A8C073B-9921-4385-A061-FF8B5410A453} - System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\SAAZOD\Uninstall\uninstall.exe -c "/U:C:\PROGRA~2\SAAZOD\Uninstall\uninstall.xml"
Task: {8258540A-E194-4B1C-A446-B100E53A7B7B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {8A6CE6D2-BAFF-47BD-B636-5632FA76D78E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8EE60D19-E484-4EC5-87B6-BEB1AE19CF50} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8F630B83-069D-434E-B4C4-59AD3C10A507} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {916845C6-0741-433C-AC62-C4B3A5F302DB} - System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {ACE8B2E6-FDA5-4314-A2D5-4B96CC439AEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B0F52980-9E9F-4BE0-971E-08686D2B7726} - System32\Tasks\HPCeeScheduleForAIRWORX 2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B9FA1D84-F00D-445B-8400-F7C7E90DD53E} - System32\Tasks\RGP Backup => C:\Program Files (x86)\Rock Gym Pro\Backup.exe [2017-06-04] ()
Task: {C106B638-AC38-49F0-9475-A87BCA16EDD6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E622463C-A190-4A30-A528-A6EF1AACE5FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {E6505B7C-6B08-451F-A300-AF1087B421C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FD8EB85B-000D-4D3B-861F-700C79FA8A4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\600fb694c0849943\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 9"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Brandi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) ==============
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2005-09-09 03:24 - 2005-09-09 03:24 - 000102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 12:53 - 2017-07-12 13:01 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-24 11:41 - 2017-07-12 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 15:18 - 2017-07-12 13:01 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-25 12:07 - 2017-07-12 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-28 16:09 - 2017-07-12 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 11:59 - 2017-07-12 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-10-19 12:08 - 2017-07-12 12:58 - 000697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Control Panel\Desktop\\Wallpaper -> c:\users\airworx 2\appdata\local\microsoft\windows\themes\transcodedwallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: CDPUserSvc_492c3 => 2
MSCONFIG\Services: CDPUserSvc_5d4d8 => 2
MSCONFIG\Services: MessagingService_492c3 => 3
MSCONFIG\Services: MessagingService_5d4d8 => 3
MSCONFIG\Services: OneSyncSvc_492c3 => 2
MSCONFIG\Services: OneSyncSvc_5d4d8 => 2
HKLM\...\StartupApproved\StartupFolder: => "BackupRemind.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Lathem.USBTM.UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{4E0064DA-7DC1-46E8-A80F-30CBA40D4B4B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{FB9DD912-3695-46A5-AB95-70BCD176799A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{AAE31264-8CE8-4629-B563-610EEF1CD042}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
31-07-2017 09:26:21 Scheduled Checkpoint
07-08-2017 08:34:46 Configured Media Suite
09-08-2017 11:18:24 Removed 7-Zip 9.20 (x64 edition)
09-08-2017 11:19:24 Removed 7-Zip 9.20 (x64 edition)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
==================== Memory info ===========================
Processor: AMD A8-6500 APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7365.48 MB
Available physical RAM: 4594.13 MB
Total Virtual: 10372.53 MB
Available Virtual: 7202.86 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1842.47 GB) (Free:1706.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume) (Fixed) (Total:298.09 GB) (Free:106.28 GB) NTFS
Drive f: (Aug 03 2017) (CDROM) (Total:4.38 GB) (Free:3.57 GB) UDF
Drive g: (HP_TOOLS) (Removable) (Total:1.91 GB) (Free:1.68 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8834CD72)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 497B7DD2)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 500A0DFF)
No partition Table on disk 2.
==================== End of Addition.txt ============================
#116
Posted 10 August 2017 - 02:45 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Fixlist worked.
Doesn't matter if Windows Defender updates or not. Might have already had it. When you installed ESET it disables Windows Defender.
==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
The other one I can't tell much about. You would have to click on one of the Errors so I could see its details.
Actually I was talking about the list of upgrades you get from Control Panel, Windows Updates, View Update History. Looks something like:
#117
Posted 11 August 2017 - 11:21 AM
BrandiCopas
- Topic Starter
-
- Member
-
- 79 posts
Member
So, the following are a few weird logs I found on my desktop, or in system files, that made me think infection, most likely rootkit of some sort, that may encrypt...
Note, oddly they begin on 7/14/17[
07/14/2017 05:38.11.493] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/14/2017 05:38.11.931] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/14/2017 05:38.12.165] WudfCoInstaller: ImpersonationLevel set to 2
[07/14/2017 05:38.12.337] WudfCoInstaller: Using "Win7" service configuration
[07/14/2017 05:38.12.868] WudfCoInstaller: Service WudfSvc started successfully.
[07/14/2017 05:38.13.259] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/14/2017 05:38.16.853] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[07/14/2017 05:38.51.571] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/14/2017 05:38.51.650] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/14/2017 05:38.51.696] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/14/2017 05:38.51.743] WudfCoInstaller: ImpersonationLevel set to 2
[07/14/2017 05:38.51.790] WudfCoInstaller: Using "Win7" service configuration
[07/14/2017 05:38.51.853] WudfCoInstaller: Service WudfSvc is already running.
[07/14/2017 05:38.51.884] WudfCoInstaller: Final status: error(0) The operation completed successfully.
dispci.dll: ============BEGIN DisplayClassInstaller============
[07/14/2017 05:38.52.056] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
dispci.dll: DispCISkipClassInstaller: SetupDiGetSelectedDriver failed with error 0xe0000203.
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x8e1712c0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DispCISkipClassInstaller: SetupDiGetSelectedDriver failed with error 0xe0000203.
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_1002&DEV_990E&SUBSYS_2AE0103C&REV_00\3&267A616A&2&08
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnAllowInstall============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xd1
dispci.dll: ============END OnAllowInstall==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x18 and device PCI\VEN_1002&DEV_990E&SUBSYS_2AE0103C&REV_00\3&267A616A&2&08
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnInstallDeviceFiles============
dispci.dll: ============END OnInstallDeviceFiles==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x15 and device PCI\VEN_1002&DEV_990E&SUBSYS_2AE0103C&REV_00\3&267A616A&2&08
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x8e200308
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x8e172c40
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xd1
dispci.dll: ============BEGIN OnInstallDevice============
dispci.dll: ============END OnInstallDevice==============
dispci.dll: DisplayClassInstaller: Returning 0x00000000 for DIF 0x2 and device PCI\VEN_1002&DEV_990E&SUBSYS_2AE0103C&REV_00\3&267A616A&2&08
dispci.dll: ============END DisplayClassInstaller==============
AudMig: Applying saved Audio settings
AudMig: Copying the migration information to a permanent location
AudMig: Done copying the migration information to a permanent location. Now delete upgrade data.
AudMig: Copying the endpoint migration information to mmdevices key
AudMig: Done copying the endpoint migration information to mmdevices key
AudMig: Applying saved Audio settings
AudMig: The migration information has already been backed up
AudMig: Applying saved Audio settings
AudMig: The migration information has already been backed up
AudMig: Applying saved Audio settings
AudMig: The migration information has already been backed up
AudMig: Applying saved Audio settings
AudMig: The migration information has already been backed up
AudMig: Applying saved Audio settings
AudMig: The migration information has already been backed up
AudMig: Applying saved Audio settings
AudMig: The migration information has already been backed up
AudMig: The migration information has already been backed up
2017-07-14 06:20:02, Info MIG MigHost started with command line: {DCC29036-8EF3-4859-BFF4-25BB6D253426} /InitDoneEvent:MigHost.{DCC29036-8EF3-4859-BFF4-25BB6D253426}.Event /ParentPID:1608
2017-07-14 06:20:02, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:20:02, Info MIG MigHost: Initialized successfully with CLSID[{DCC29036-8EF3-4859-BFF4-25BB6D253426}] and LogDir=[]
2017-07-14 06:20:03, Info MIG MigHost: Exiting process.
2017-07-14 06:20:03, Info MIG MigHost started with command line: {2CBD2072-0383-4F3A-8CA2-AC4433E2071B} /InitDoneEvent:MigHost.{2CBD2072-0383-4F3A-8CA2-AC4433E2071B}.Event /ParentPID:1608
2017-07-14 06:20:03, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:20:03, Info MIG MigHost: Initialized successfully with CLSID[{2CBD2072-0383-4F3A-8CA2-AC4433E2071B}] and LogDir=[]
2017-07-14 06:20:04, Info MIG MigHost: Exiting process.
2017-07-14 06:20:04, Info MIG MigHost started with command line: {6E248F3E-1EEB-440A-8FC0-9C280CCA896B} /InitDoneEvent:MigHost.{6E248F3E-1EEB-440A-8FC0-9C280CCA896B}.Event /ParentPID:1608
2017-07-14 06:20:04, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:20:04, Info MIG MigHost: Initialized successfully with CLSID[{6E248F3E-1EEB-440A-8FC0-9C280CCA896B}] and LogDir=[]
2017-07-14 06:20:11, Info MIG MigHost: Exiting process.
2017-07-14 06:20:11, Info MIG MigHost started with command line: {08209BC5-BD71-4C81-91B4-A7BE2594D246} /InitDoneEvent:MigHost.{08209BC5-BD71-4C81-91B4-A7BE2594D246}.Event /ParentPID:1608
2017-07-14 06:20:11, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:20:11, Info MIG MigHost: Initialized successfully with CLSID[{08209BC5-BD71-4C81-91B4-A7BE2594D246}] and LogDir=[]
2017-07-14 06:20:14, Info MIG MigHost: Exiting process.
2017-07-14 06:20:14, Info MIG MigHost started with command line: {DBEB2D32-CFA8-44D4-A133-C3119C75AE50} /InitDoneEvent:MigHost.{DBEB2D32-CFA8-44D4-A133-C3119C75AE50}.Event /ParentPID:1608
2017-07-14 06:20:14, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:20:14, Info MIG MigHost: Initialized successfully with CLSID[{DBEB2D32-CFA8-44D4-A133-C3119C75AE50}] and LogDir=[]
2017-07-14 06:20:28, Info MIG MigHost: Exiting process.
2017-07-14 06:20:28, Info MIG MigHost started with command line: {EB505AB5-3E7F-4AC0-B5D4-7A96A2496146} /InitDoneEvent:MigHost.{EB505AB5-3E7F-4AC0-B5D4-7A96A2496146}.Event /ParentPID:1608
2017-07-14 06:20:28, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:20:28, Info MIG MigHost: Initialized successfully with CLSID[{EB505AB5-3E7F-4AC0-B5D4-7A96A2496146}] and LogDir=[]
2017-07-14 06:23:47, Info MIG MigHost: Exiting process.
2017-07-14 06:23:47, Info MIG MigHost started with command line: {33EA7F66-D115-4166-AF52-41F9E3C51FF3} /InitDoneEvent:MigHost.{33EA7F66-D115-4166-AF52-41F9E3C51FF3}.Event /ParentPID:1608
2017-07-14 06:23:47, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:23:47, Info MIG MigHost: Initialized successfully with CLSID[{33EA7F66-D115-4166-AF52-41F9E3C51FF3}] and LogDir=[]
2017-07-14 06:23:49, Info MIG MigHost: Exiting process.
2017-07-14 06:23:49, Info MIG MigHost started with command line: {CB3F6B8C-EBCB-4796-8DA8-6D5A346C508A} /InitDoneEvent:MigHost.{CB3F6B8C-EBCB-4796-8DA8-6D5A346C508A}.Event /ParentPID:1608
2017-07-14 06:23:49, Info MIG MigHost: CMigPluginSurrogate::Init: Successfully initialized surrogate.
2017-07-14 06:23:49, Info MIG MigHost: Initialized successfully with CLSID[{CB3F6B8C-EBCB-4796-8DA8-6D5A346C508A}] and LogDir=[]
2017-07-14 06:23:50, Info MIG MigHost: Exiting process.
AudMig: Applying saved Audio settings
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\HpOut2Topology \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 17
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 19
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 26
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{2DAD1B2C-F6A2-4112-998E-4F4603A4C202} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{76679761-8EA3-4D0A-A98A-6EE1B170D7FA}
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\MuxedInWave \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedinwave
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 15
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 16
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{76679761-8EA3-4D0A-A98A-6EE1B170D7FA} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{DFBA8EF7-6A23-4738-9D2D-4C2FAA0E6A45}
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\MuxedInTopology \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010002 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010002
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 13
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 15
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 22
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{42E6F0A6-26F2-4176-80E8-06ABF71AA16B} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{1BED433D-1FD1-4C23-B243-A0A92830AC01}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 8
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{52CF20C3-9078-41A3-BBAE-2EEA435F0570} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{D4C0FEF0-5FF4-404B-BB14-1ED833FE68E6}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010000 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010000
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 8
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{4D675A20-305E-4DCA-9689-A90DEFC75477} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{74496454-F91F-4C25-8391-8277C19CB356}
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\MuxedIn2Topology \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 8
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{9D1680F7-B1F6-4020-A71B-AA7AE1172AAD} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{798B9D24-726B-4C32-83B6-5734A77A2BF6}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010000 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010000
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 20
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 22
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 31
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{E1BF8453-1885-4A4A-A220-6DA7D9B3D4E8} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{39E6F9F2-745B-4C00-BC13-7A9235B82226}
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\SpdifOutWave \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\spdifoutwave
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\SpdifOutTopology \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\spdifouttopology
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\spdifouttopology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\spdifouttopology/00010001
AudMig: Migrated {9855c4cd-df8c-449c-a181-8191b68bd06c},0 property at 20
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 25
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 27
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},5 property at 32
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 36
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{EAFF22A3-8B6F-4B52-A23A-6E7A1885E547} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{42A0AB96-4D06-47C1-B66C-F56BCAB316E4}
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\Speaker2Wave \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speaker2wave
AudMig: Device Ids match - \\?\HDAUDIO#FUNC_01&VEN_111D&DEV_7676&SUBSYS_103C2AE0&REV_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\Speaker2Topology \\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speaker2topology
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speaker2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speaker2topology/00010001
AudMig: Migrated {1da5d803-d492-4edd-8c23-e0c0ffee7f0e},3 property at 3
AudMig: Migrated {1da5d803-d492-4edd-8c23-e0c0ffee7f0e},5 property at 4
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 24
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 26
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 35
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{D5CB2E21-DEF1-4A17-AE71-E33748DA05BC} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{A66A7326-1AA4-4714-B16D-1C808EB8B415}
[07/14/2017 10:14.24.313] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/14/2017 10:14.24.450] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/14/2017 10:14.24.479] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/14/2017 10:14.24.530] WudfCoInstaller: ImpersonationLevel set to 2
[07/14/2017 10:14.24.571] WudfCoInstaller: Using "Win7" service configuration
[07/14/2017 10:14.24.605] WudfCoInstaller: Service WudfSvc is already running.
[07/14/2017 10:14.24.655] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/14/2017 10:14.24.955] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[07/17/2017 02:38.29.579] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/17/2017 02:38.29.820] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/17/2017 02:38.29.919] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/17/2017 02:38.30.003] WudfCoInstaller: ImpersonationLevel set to 2
[07/17/2017 02:38.30.072] WudfCoInstaller: Using "Win7" service configuration
[07/17/2017 02:38.30.105] WudfCoInstaller: Service WudfSvc is already running.
[07/17/2017 02:38.30.187] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/17/2017 02:38.31.448] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[07/17/2017 03:55.45.730] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/17/2017 03:55.45.784] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/17/2017 03:55.45.942] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/17/2017 03:55.46.016] WudfCoInstaller: ImpersonationLevel set to 2
[07/17/2017 03:55.46.067] WudfCoInstaller: Using "Win7" service configuration
[07/17/2017 03:55.46.097] WudfCoInstaller: Service WudfSvc is already running.
[07/17/2017 03:55.46.142] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/17/2017 03:55.48.624] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[07/18/2017 02:39.22.429] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/18/2017 02:39.22.541] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/18/2017 02:39.22.559] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/18/2017 02:39.22.589] WudfCoInstaller: ImpersonationLevel set to 2
[07/18/2017 02:39.22.614] WudfCoInstaller: Using "Win7" service configuration
[07/18/2017 02:39.22.640] WudfCoInstaller: Service WudfSvc is already running.
[07/18/2017 02:39.22.699] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/18/2017 02:39.23.550] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010000 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010000
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 7
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{961C4843-955A-445E-BB54-D33839692B9A} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{C9BB5560-AF31-44BA-A4FC-90E671D456AF}
[07/21/2017 02:27.57.146] WudfCoInstaller: ReadWdfSection: Checking WdfSection [MTP.NT.Wdf]
[07/21/2017 02:27.57.286] WudfCoInstaller: Configuring UMDF Service WpdMtpDriver.
[07/21/2017 02:27.57.323] WudfCoInstaller: ImpersonationLevel set to 2
[07/21/2017 02:27.57.357] WudfCoInstaller: KernelModeClientPolicy set to 1
[07/21/2017 02:27.57.402] WudfCoInstaller: Using "Win7" service configuration
[07/21/2017 02:27.57.433] WudfCoInstaller: Service WudfSvc is already running.
[07/21/2017 02:27.57.502] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/21/2017 02:28.03.217] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf.
[07/24/2017 09:49.29.299] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/24/2017 09:49.29.612] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/24/2017 09:49.29.799] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/24/2017 09:49.29.956] WudfCoInstaller: ImpersonationLevel set to 2
[07/24/2017 09:49.30.081] WudfCoInstaller: Using "Win7" service configuration
[07/24/2017 09:49.30.706] WudfCoInstaller: Service WudfSvc is already running.
[07/24/2017 09:49.30.878] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/24/2017 09:49.32.237] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
AudMig: Applying saved Audio settings
AudMig: Applying saved Audio settings
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{FB4552A2-9B55-4EC9-B8D6-A32EE1E43667} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{663E0FA3-35F1-4E29-AE94-203565FF1ECC}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010002 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010002
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 22
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{7BDE0FE9-DA1A-4028-AB20-65846ACE78E4} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{432D4FAC-A6F0-4C62-9EC5-9F57A0249710}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 24
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 26
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{9937DFE9-F774-49DA-B762-CC80BF931C0B} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{401B04A9-6258-4E5C-A18C-A71D44B98381}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010000 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedin2topology/00010000
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{AD8CDCB2-2DE2-425E-81A5-EFD102BDF9DA} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{AE0A06B3-B554-4592-9108-B5580AE4B520}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010000 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\muxedintopology/00010000
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{EC55DF19-BB23-4410-A3E4-BABB0A950960} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{4FDE6AC6-4D6B-4AC7-976D-042157C847DF}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\spdifouttopology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\spdifouttopology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},5 property at 10
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 28
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 29
AudMig: Migrated {9855c4cd-df8c-449c-a181-8191b68bd06c},0 property at 43
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{191E3B21-C5E7-4A7C-9031-07EE8927A379} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{AF155478-DDE4-48F7-B7A3-DD6C7FEA09A1}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\hpout2topology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 25
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 26
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{32DBBCA6-3385-4127-A938-218BFE524CA9} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{A6944BAD-7968-4DEE-9D73-BAC34DC65453}
AudMig: Device Ids match - {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speaker2topology/00010001 {2}.\\?\hdaudio#func_01&ven_111d&dev_7676&subsys_103c2ae0&rev_1001#4&af41215&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\speaker2topology/00010001
AudMig: Migrated {a45c254e-df1c-4efd-8020-67d146a850e0},2 property at 1
AudMig: Migrated {1da5d803-d492-4edd-8c23-e0c0ffee7f0e},5 property at 14
AudMig: Migrated {b3f8fa53-0004-438e-9003-51a46e139bfc},0 property at 27
AudMig: Migrated {f19f064d-082c-4e27-bc73-6882a1bb8e4c},0 property at 28
AudMig: Migrating role and device state from SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{BBFB3CD2-1301-45EB-99E8-126979615A21} to SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{D912F472-309F-421F-A21C-9F042A1CAB5A}
[07/24/2017 18:01.45.557] WudfCoInstaller: ReadWdfSection: Checking WdfSection [MTP.NT.Wdf]
[07/24/2017 18:01.45.607] WudfCoInstaller: UMDF Service WpdMtpDriver is already installed - removing existing settings in preparation for setting new ones.
[07/24/2017 18:01.45.631] WudfCoInstaller: Configuring UMDF Service WpdMtpDriver.
[07/24/2017 18:01.45.650] WudfCoInstaller: ImpersonationLevel set to 2
[07/24/2017 18:01.45.672] WudfCoInstaller: KernelModeClientPolicy set to 1
[07/24/2017 18:01.45.691] WudfCoInstaller: Using "Win7" service configuration
[07/24/2017 18:01.45.715] WudfCoInstaller: Service WudfSvc is already running.
[07/24/2017 18:01.45.747] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/24/2017 18:01.46.832] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf.
[07/24/2017 19:11.55.998] WudfCoInstaller: ReadWdfSection: Checking WdfSection [MTP.NT.Wdf]
[07/24/2017 19:11.56.036] WudfCoInstaller: UMDF Service WpdMtpDriver is already installed - removing existing settings in preparation for setting new ones.
[07/24/2017 19:11.56.064] WudfCoInstaller: Configuring UMDF Service WpdMtpDriver.
[07/24/2017 19:11.56.088] WudfCoInstaller: ImpersonationLevel set to 2
[07/24/2017 19:11.56.109] WudfCoInstaller: KernelModeClientPolicy set to 1
[07/24/2017 19:11.56.136] WudfCoInstaller: Using "Win7" service configuration
[07/24/2017 19:11.56.157] WudfCoInstaller: Service WudfSvc is already running.
[07/24/2017 19:11.56.179] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/24/2017 19:11.57.549] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf.
[07/25/2017 15:17.46.625] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/25/2017 15:17.46.672] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/25/2017 15:17.46.703] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/25/2017 15:17.46.734] WudfCoInstaller: ImpersonationLevel set to 2
[07/25/2017 15:17.46.750] WudfCoInstaller: Using "Win7" service configuration
[07/25/2017 15:17.46.777] WudfCoInstaller: Service WudfSvc is already running.
[07/25/2017 15:17.46.800] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/25/2017 15:17.47.395] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[07/25/2017 15:17.49.854] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/25/2017 15:17.49.955] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/25/2017 15:17.49.977] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/25/2017 15:17.49.998] WudfCoInstaller: ImpersonationLevel set to 2
[07/25/2017 15:17.50.013] WudfCoInstaller: Using "Win7" service configuration
[07/25/2017 15:17.50.029] WudfCoInstaller: Service WudfSvc is already running.
[07/25/2017 15:17.50.076] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/25/2017 15:17.53.633] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[07/31/2017 06:11.04.851] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[07/31/2017 06:11.05.207] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[07/31/2017 06:11.05.284] WudfCoInstaller: Configuring UMDF Service WpdFs.
[07/31/2017 06:11.05.363] WudfCoInstaller: ImpersonationLevel set to 2
[07/31/2017 06:11.05.501] WudfCoInstaller: Using "Win7" service configuration
[07/31/2017 06:11.06.059] WudfCoInstaller: Service WudfSvc is already running.
[07/31/2017 06:11.06.489] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[07/31/2017 06:11.08.318] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[08/03/2017 13:12.21.790] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[08/03/2017 13:12.21.868] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[08/03/2017 13:12.21.915] WudfCoInstaller: Configuring UMDF Service WpdFs.
[08/03/2017 13:12.21.961] WudfCoInstaller: ImpersonationLevel set to 2
[08/03/2017 13:12.21.993] WudfCoInstaller: Using "Win7" service configuration
[08/03/2017 13:12.22.024] WudfCoInstaller: Service WudfSvc is already running.
[08/03/2017 13:12.22.086] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[08/03/2017 13:12.22.399] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
[08/09/2017 05:17.31.479] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]
[08/09/2017 05:17.31.793] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.
[08/09/2017 05:17.31.990] WudfCoInstaller: Configuring UMDF Service WpdFs.
[08/09/2017 05:17.32.067] WudfCoInstaller: ImpersonationLevel set to 2
[08/09/2017 05:17.32.145] WudfCoInstaller: Using "Win7" service configuration
[08/09/2017 05:17.32.223] WudfCoInstaller: Service WudfSvc is already running.
[08/09/2017 05:17.32.285] WudfCoInstaller: Final status: error(0) The operation completed successfully.
[08/09/2017 05:17.32.785] WudfCoInstaller: Created marker file C:\WINDOWS\system32\drivers\Msft_User_WpdFs_01_11_00.Wdf.
_______________________________________________________________
Next log
#118
Posted 11 August 2017 - 04:05 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Most malware does not make logs. ESET doesn't like stuff in C:\Users\AIRWORX 2\AppData\Roaming\Belkasoft\Evidence Center but apparently you want to keep it. I would delete the whole folder since I don't see it installed.
Similar Topics
Also tagged with one or more of these keywords: Malware, unknown virus
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
