WiredWX Hobby Weather ToolsLog in

 


Trojan.Multi.GenAutorunTask.a detected

3 posters

descriptionSolvedTrojan.Multi.GenAutorunTask.a detected

more_horiz
Hi,

Two objects were detected by Kaspersky: system memory Trojan.Multi.GenAutorunTask.a and file Trojan.script.startpageTask.a: "c:\windows\system32\Tasks_migrated\cFos\Registration Tasks\open Browser

MBAM scan came up clean.

Edge doesn't work and my start menu is different

OTL logfile created on: 2017-02-01 7:46:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SheldonB\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
15.93 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.93% Memory free
18.30 Gb Paging File | 16.01 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.40 Gb Total Space | 134.62 Gb Free Space | 57.93% Space Free | Partition Type: NTFS
Drive D: | 931.39 Gb Total Space | 827.74 Gb Free Space | 88.87% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-BAMJFKH | User Name: Sheldon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2017-02-01 19:46:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SheldonB\Downloads\OTL.exe
PRC - [2017-01-20 07:57:12 | 002,780,112 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2016-12-19 22:38:14 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016-10-25 16:21:04 | 015,534,648 | ---- | M] (Node.js) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
PRC - [2016-10-25 16:21:04 | 000,420,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
PRC - [2016-10-25 16:20:52 | 001,413,176 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
PRC - [2016-09-12 23:03:52 | 000,480,216 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
PRC - [2016-09-12 23:03:52 | 000,223,704 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
PRC - [2016-07-16 07:42:56 | 000,416,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2016-06-28 01:54:28 | 000,241,544 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
PRC - [2016-06-28 01:54:28 | 000,241,544 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
PRC - [2015-08-21 03:57:31 | 001,360,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
PRC - [2015-08-21 03:57:31 | 000,398,648 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe
PRC - [2015-08-14 03:18:00 | 000,415,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2015-08-14 03:11:34 | 000,207,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2015-05-19 10:11:04 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
PRC - [2015-05-08 02:26:52 | 000,954,648 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
PRC - [2015-05-08 02:26:50 | 000,936,728 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
PRC - [2014-03-05 12:29:44 | 000,555,832 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2013-04-18 05:57:32 | 000,313,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2012-12-04 09:52:22 | 000,174,592 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2011-10-17 14:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016-12-15 18:25:34 | 011,926,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7983f943973b5c35b032bf6d8398e8bf\System.Web.ni.dll
MOD - [2016-12-12 07:14:00 | 000,774,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e0772eed6f7073053565ec73ba6a9200\System.Runtime.Remoting.ni.dll
MOD - [2016-12-12 07:14:00 | 000,214,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d68ea12bfe9ee2551ac844605014acd8\System.ServiceProcess.ni.dll
MOD - [2016-12-12 07:13:59 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\649d90e2133d3555a2359bf4673bc283\System.Configuration.ni.dll
MOD - [2016-12-10 17:54:19 | 005,466,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\026d44ef25a1b7ac0ec4018d2e110bd7\System.Xml.ni.dll
MOD - [2016-12-10 17:54:17 | 012,438,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0f305c60a30db4482e9663104bbcf7a8\System.Windows.Forms.ni.dll
MOD - [2016-12-10 17:54:14 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\cdcce378eb7a99479cfdfb6f332d3f72\System.Drawing.ni.dll
MOD - [2016-12-10 17:53:58 | 008,002,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\c7d0e65d5d01d4d5381bb1d40c4c56c7\System.ni.dll
MOD - [2016-10-25 16:21:04 | 003,776,056 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\poco.dll
MOD - [2016-10-25 16:21:04 | 000,901,688 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
MOD - [2016-10-25 16:21:04 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016-10-25 16:20:51 | 060,819,000 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
MOD - [2016-10-25 15:57:38 | 002,808,256 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
MOD - [2016-10-25 15:57:38 | 000,968,248 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
MOD - [2016-10-25 15:57:38 | 000,512,960 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node
MOD - [2016-10-25 15:57:38 | 000,506,424 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
MOD - [2016-10-25 15:57:38 | 000,440,888 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node
MOD - [2016-10-25 15:57:38 | 000,436,792 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
MOD - [2016-10-25 15:57:38 | 000,357,944 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node
MOD - [2016-10-25 15:57:38 | 000,338,488 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
MOD - [2016-10-25 15:57:38 | 000,255,936 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
MOD - [2016-10-25 15:57:38 | 000,246,840 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
MOD - [2016-08-06 15:28:38 | 011,500,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9ad5d97ade63ecd8b60f63393a947d6e\mscorlib.ni.dll
MOD - [2016-07-13 18:33:28 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
MOD - [2016-07-13 18:33:26 | 000,974,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2017-01-20 07:54:02 | 004,355,024 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2016-12-21 02:51:53 | 002,275,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2016-12-14 00:43:24 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2016-12-14 00:36:59 | 000,539,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2016-12-14 00:23:43 | 001,231,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2016-12-09 06:28:24 | 000,764,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2016-11-11 05:22:23 | 000,082,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2016-11-11 05:20:50 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:64bit: - [2016-11-11 05:20:10 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2016-11-11 05:19:59 | 000,411,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2016-11-11 05:19:35 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2016-11-11 05:16:35 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2016-11-11 05:14:35 | 002,104,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2016-11-11 05:06:19 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2016-11-11 05:05:32 | 004,136,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2016-11-11 05:04:16 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2016-11-10 18:35:32 | 000,458,176 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV:64bit: - [2016-11-02 06:30:35 | 000,635,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:64bit: - [2016-11-02 06:22:02 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016-11-02 06:19:44 | 000,805,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:64bit: - [2016-11-02 06:16:47 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016-11-02 06:16:27 | 000,770,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2016-10-25 16:21:05 | 000,458,296 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerNetworkService)
SRV:64bit: - [2016-10-25 16:21:05 | 000,458,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerLocalSystem)
SRV:64bit: - [2016-10-25 16:21:03 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe -- (NVIDIA Wireless Controller Service)
SRV:64bit: - [2016-10-14 23:37:03 | 001,980,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016-10-05 05:18:56 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2016-09-15 12:40:41 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:64bit: - [2016-09-15 12:38:15 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2016-09-15 12:38:00 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:64bit: - [2016-09-15 12:38:00 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:64bit: - [2016-09-15 12:35:45 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016-09-15 12:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2016-09-15 12:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2016-09-15 12:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2016-09-15 12:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2016-09-15 12:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2016-09-15 12:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2016-09-15 12:35:03 | 001,013,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2016-09-15 12:23:51 | 001,020,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2016-09-07 00:59:55 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2016-09-07 00:55:30 | 000,781,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016-09-07 00:40:44 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2016-08-20 01:17:48 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2016-08-05 23:36:20 | 000,447,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2016-08-05 23:34:01 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2016-07-28 00:27:36 | 000,449,112 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IntelCpHDCPSvc.exe -- (cplspcon)
SRV:64bit: - [2016-07-28 00:27:36 | 000,374,360 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0)
SRV:64bit: - [2016-07-16 07:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2016-07-16 07:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2016-07-16 07:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2016-07-16 07:43:10 | 001,836,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2016-07-16 07:43:06 | 000,347,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2016-07-16 07:43:04 | 000,103,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2016-07-16 07:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2016-07-16 07:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:64bit: - [2016-07-16 07:42:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2016-07-16 07:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2016-07-16 07:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2016-07-16 07:42:37 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2016-07-16 07:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2016-07-16 07:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016-07-16 07:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2016-07-16 07:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_5bf96)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_5bf96)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_5bf96)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_5bf96)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_5bf96)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_5bf96)
SRV:64bit: - [2016-07-16 07:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_5bf96)
SRV:64bit: - [2016-07-16 07:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2016-07-16 07:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2016-07-16 07:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2016-07-16 07:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2016-07-16 07:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2016-07-16 07:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016-07-16 07:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2016-07-16 07:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2016-07-16 07:42:09 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2016-07-16 07:42:09 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2016-07-16 07:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2016-07-16 07:42:09 | 000,326,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2016-07-16 07:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:64bit: - [2016-07-16 07:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2016-07-16 07:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2016-07-16 07:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2016-07-16 07:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2016-07-16 07:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2016-07-16 07:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2016-07-16 07:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2016-07-16 07:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2016-07-16 07:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:64bit: - [2016-07-16 07:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2016-07-16 07:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2015-09-08 16:51:02 | 000,250,848 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2015-06-25 06:16:52 | 001,062,312 | ---- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\Turbo LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2015-05-22 02:24:00 | 000,881,152 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2015-05-07 15:59:08 | 000,272,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV - [2017-01-26 19:40:52 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017-01-18 21:30:28 | 001,464,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016-12-19 22:38:14 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016-12-09 04:54:48 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2016-11-11 03:19:35 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2016-11-11 03:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016-09-20 12:54:54 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016-08-05 23:33:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016-07-28 00:27:36 | 000,302,168 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2016-07-16 07:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016-07-16 07:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2016-06-28 01:54:28 | 000,241,544 | ---- | M] (AO Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe -- (KSDE1.0.0)
SRV - [2016-06-28 01:54:28 | 000,241,544 | ---- | M] (AO Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe -- (AVP17.0.0)
SRV - [2015-08-21 03:57:31 | 001,360,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2015-08-21 03:57:31 | 000,398,648 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2015-08-14 03:18:00 | 000,415,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2015-08-14 03:11:34 | 000,207,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2015-05-19 10:11:04 | 000,007,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe -- (isaHelperSvc)
SRV - [2015-05-19 10:11:00 | 000,335,872 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe -- (Intel(R)
SRV - [2015-05-08 02:26:52 | 000,954,648 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe -- (asHmComSvc)
SRV - [2015-05-08 02:26:50 | 000,936,728 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe -- (asComSvc)
SRV - [2012-12-04 09:52:22 | 000,174,592 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011-10-17 14:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2017-02-01 19:35:40 | 000,251,848 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017-02-01 19:35:40 | 000,110,536 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2017-02-01 19:35:40 | 000,091,584 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2017-02-01 19:35:40 | 000,043,968 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2017-02-01 17:02:20 | 000,176,584 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2017-01-31 07:15:54 | 000,085,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klupd_klif_kimul.sys -- (klupd_klif_kimul)
DRV:64bit: - [2017-01-20 07:47:44 | 000,077,416 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2016-12-10 17:43:54 | 000,218,920 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klupd_klif_arkmon.sys -- (klupd_klif_arkmon)
DRV:64bit: - [2016-12-10 17:43:54 | 000,104,720 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klupd_klif_klbg.sys -- (klupd_klif_klbg)
DRV:64bit: - [2016-12-09 18:15:44 | 000,245,512 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klupd_klif_klark.sys -- (klupd_klif_klark)
DRV:64bit: - [2016-12-09 18:14:10 | 000,164,888 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klupd_klif_mark.sys -- (klupd_klif_mark)
DRV:64bit: - [2016-12-09 06:30:39 | 000,377,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2016-12-08 07:44:11 | 000,134,880 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp)
DRV:64bit: - [2016-12-08 07:44:10 | 001,019,616 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2016-12-08 07:44:10 | 000,057,424 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2016-11-11 18:01:08 | 014,172,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispi.inf_amd64_c775b600ccf2cdac\nvlddmkm.sys -- (nvlddmkm)
DRV:64bit: - [2016-11-11 06:00:25 | 000,219,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2016-11-11 05:26:51 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2016-11-02 06:55:52 | 000,048,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:64bit: - [2016-10-25 16:21:05 | 000,047,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016-10-25 16:20:56 | 000,029,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016-10-19 18:43:36 | 000,212,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016-10-15 00:37:01 | 000,063,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2016-10-15 00:30:16 | 000,557,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016-10-14 23:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2016-10-05 06:35:31 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016-10-05 06:09:07 | 000,064,352 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:64bit: - [2016-09-15 13:29:54 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016-09-15 13:29:03 | 000,081,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016-09-15 13:15:56 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2016-09-15 13:14:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:64bit: - [2016-09-15 12:36:57 | 000,719,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2016-09-12 23:03:50 | 000,435,032 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2016-09-10 09:21:43 | 000,118,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2016-09-07 01:29:32 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2016-09-05 04:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2016-09-05 04:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2016-08-20 02:06:57 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2016-08-20 01:20:50 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2016-08-16 19:18:06 | 000,195,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys -- (VBoxNetLwf)
DRV:64bit: - [2016-08-16 19:18:06 | 000,121,248 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp6.sys -- (VBoxNetAdp)
DRV:64bit: - [2016-08-06 00:29:13 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2016-08-06 00:16:50 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2016-07-28 00:27:34 | 007,946,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2016-07-16 10:27:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2016-07-16 10:27:05 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2016-07-16 07:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2016-07-16 07:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2016-07-16 07:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2016-07-16 07:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2016-07-16 07:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2016-07-16 07:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2016-07-16 07:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2016-07-16 07:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:64bit: - [2016-07-16 07:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2016-07-16 07:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2016-07-16 07:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2016-07-16 07:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2016-07-16 07:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2016-07-16 07:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2016-07-16 07:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:64bit: - [2016-07-16 07:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2016-07-16 07:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2016-07-16 07:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2016-07-16 07:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2016-07-16 07:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2016-07-16 07:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2016-07-16 07:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:64bit: - [2016-07-16 07:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016-07-16 07:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2016-07-16 07:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2016-07-16 07:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2016-07-16 07:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2016-07-16 07:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2016-07-16 07:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2016-07-16 07:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2016-07-16 07:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2016-07-16 07:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:64bit: - [2016-07-16 07:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:64bit: - [2016-07-16 07:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2016-07-16 07:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2016-07-16 07:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2016-07-16 07:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2016-07-16 07:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2016-07-16 07:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2016-07-16 07:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2016-07-16 07:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2016-07-16 07:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2016-07-16 07:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2016-07-16 07:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2016-07-16 07:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2016-07-16 07:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2016-07-16 07:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2016-07-16 07:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2016-07-16 07:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2016-07-16 07:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2016-07-16 07:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2016-07-16 07:41:54 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2016-07-16 07:41:54 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2016-07-16 07:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:64bit: - [2016-07-16 07:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2016-07-16 07:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2016-07-16 07:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2016-07-16 07:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2016-07-16 07:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2016-07-16 07:41:54 | 000,033,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:64bit: - [2016-07-16 07:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2016-07-16 07:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2016-07-16 07:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:64bit: - [2016-07-16 07:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2016-07-16 07:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2016-07-16 07:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2016-07-16 07:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2016-07-16 07:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2016-07-16 07:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2016-07-16 07:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2016-07-16 07:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101)
DRV:64bit: - [2016-07-16 07:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2016-07-16 07:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2016-07-16 07:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2016-07-16 07:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2016-07-16 07:41:53 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:64bit: - [2016-07-16 07:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016-07-16 07:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2016-07-16 07:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2016-07-16 07:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2016-07-16 07:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2016-07-16 07:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2016-07-16 07:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2016-07-16 07:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2016-07-16 07:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2016-07-16 07:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2016-07-16 07:41:53 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2016-07-16 07:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2016-07-16 07:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2016-07-16 07:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2016-07-16 07:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2016-07-16 07:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016-07-16 07:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2016-07-16 07:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:64bit: - [2016-07-16 07:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2016-07-16 07:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2016-07-16 07:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2016-07-16 07:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2016-07-16 07:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2016-07-16 07:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2016-07-16 07:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2016-07-16 07:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2016-07-16 07:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2016-07-16 07:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2016-07-16 07:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2016-07-16 07:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2016-07-16 07:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2016-07-16 07:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2016-07-16 07:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2016-07-16 07:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2016-07-16 07:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2016-07-16 07:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:64bit: - [2016-06-26 15:14:40 | 000,191,312 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2016-06-18 01:36:24 | 000,085,320 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2016-06-15 00:23:44 | 000,086,352 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klbackupflt.sys -- (klbackupflt)
DRV:64bit: - [2016-06-14 17:47:52 | 000,194,480 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2016-06-10 06:41:26 | 000,238,936 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km.sys -- (cm_km)
DRV:64bit: - [2016-06-07 23:33:14 | 000,063,920 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbackupdisk.sys -- (klbackupdisk)
DRV:64bit: - [2016-06-07 01:31:06 | 000,052,152 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kltap.sys -- (kltap)
DRV:64bit: - [2016-06-02 03:43:38 | 000,554,416 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2016-05-31 23:31:20 | 000,045,488 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2016-05-31 23:24:06 | 000,078,216 | ---- | M] (AO Kaspersky Lab) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:64bit: - [2016-05-19 00:57:36 | 000,052,136 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2016-05-11 16:59:16 | 000,787,424 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2016-04-19 22:18:40 | 000,559,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d65x64.sys -- (e1dexpress)
DRV:64bit: - [2016-03-31 00:09:04 | 000,028,792 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\klelam.sys -- (klelam)
DRV:64bit: - [2015-07-29 07:44:00 | 001,462,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2015-07-28 21:37:20 | 000,184,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64)
DRV:64bit: - [2015-07-01 03:40:31 | 002,001,864 | R--- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cfosspeed)
DRV:64bit: - [2015-06-17 17:04:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2015-06-07 01:52:56 | 000,041,656 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2014-10-23 22:57:00 | 000,024,824 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2014-10-22 16:23:18 | 007,546,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2014-05-23 06:34:46 | 000,032,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2012-10-26 15:42:22 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012-10-26 15:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (lvrs64)
DRV - [2016-11-11 18:01:08 | 014,172,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c775b600ccf2cdac\nvlddmkm.sys -- (nvlddmkm)
DRV - [2016-07-16 07:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 37 C3 07 C9 05 66 D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "CA"
FF - prefs.js..browser.search.region: "CA"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.9.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0.2
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SK216DF&PC=SK216&q="
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-ca"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com: C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 17.0.0\FFEXT\LIGHT_PLUGIN_FIREFOX\ADDON.XPI [2016-12-08 07:43:27 | 000,104,713 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08 07:43:27 | 000,104,713 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 51.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 38.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 38.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2016-02-12 11:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheldon\AppData\Roaming\Mozilla\Extensions
[2016-09-18 08:30:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\extensions
[2016-09-18 08:30:11 | 000,014,651 | ---- | M] () (No name found) -- C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\extensions\bingsearch.full@microsoft.com.xpi
[2016-02-12 22:43:59 | 000,562,116 | ---- | M] () (No name found) -- C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2016-09-18 08:30:11 | 000,006,103 | ---- | M] () -- C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\searchplugins\bing-.xml
[2017-01-26 19:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
O1 HOSTS File: ([2015-10-30 03:21:30 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Kaspersky Protection) - {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O2 - BHO: (Kaspersky Protection) - {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Kaspersky Protection Toolbar) - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Kaspersky Protection Toolbar) - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Turbo LAN] C:\Program Files\ASUS\Turbo LAN\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AO Link Server] C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\ALRun.exe -start File not found
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [BingSvc] C:\Users\Sheldon\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKCU..\Run: [OneDrive] C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.166.166.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c5e6ecaa-5d15-40e4-98db-46bfd66187cb}: DhcpNameServer = 192.168.2.1 142.166.166.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f092fbd3-2508-49c2-a6a9-f87960439d44}: DhcpNameServer = 192.168.2.1 142.166.166.166
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017-02-01 17:02:20 | 000,176,584 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMChameleon.sys
[2017-02-01 17:02:12 | 000,110,536 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\farflt.sys
[2017-02-01 17:02:12 | 000,091,584 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2017-02-01 17:02:09 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2017-02-01 17:02:07 | 000,251,848 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2017-02-01 17:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017-02-01 17:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017-02-01 17:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017-01-29 10:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
[2017-01-29 10:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 5
[2017-01-28 16:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2017-01-28 16:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2017-01-28 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2017-01-25 14:01:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\poqexec.exe
[2017-01-25 14:01:12 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\poqexec.exe
[2017-01-10 19:16:37 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2017-01-10 19:16:36 | 017,188,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2017-01-10 19:16:35 | 006,285,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2017-01-10 19:16:35 | 004,130,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2017-01-10 19:16:35 | 001,988,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2017-01-10 19:16:35 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2017-01-10 19:16:34 | 005,611,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2017-01-10 19:16:34 | 004,474,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2017-01-10 19:16:34 | 003,134,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll
[2017-01-10 19:16:34 | 001,702,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2017-01-10 19:16:34 | 001,454,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2017-01-10 19:16:34 | 001,300,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2017-01-10 19:16:34 | 001,235,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2017-01-10 19:16:34 | 000,557,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2017-01-10 19:16:34 | 000,263,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2017-01-10 19:16:34 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2017-01-10 19:16:33 | 008,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2017-01-10 19:16:33 | 001,600,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2017-01-10 19:16:33 | 001,071,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2017-01-10 19:16:33 | 001,005,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3D12.dll
[2017-01-10 19:16:33 | 000,936,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2017-01-10 19:16:33 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2017-01-10 19:16:33 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Cred.dll
[2017-01-10 19:16:33 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2017-01-10 19:16:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2017-01-10 19:16:33 | 000,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2017-01-10 19:16:33 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
[2017-01-10 19:16:33 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.BioFeedback.dll
[2017-01-10 19:16:33 | 000,218,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\offlinesam.dll
[2017-01-10 19:16:33 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.CredDialogController.dll
[2017-01-10 19:16:32 | 005,398,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aclui.dll
[2017-01-10 19:16:32 | 002,206,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2017-01-10 19:16:32 | 001,490,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2017-01-10 19:16:32 | 000,245,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\offlinesam.dll
[2017-01-10 19:16:31 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2017-01-10 19:16:30 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVP9DEC.dll
[2017-01-10 19:16:30 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptui.dll
[2017-01-10 19:16:30 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptui.dll
[2017-01-10 19:16:30 | 000,319,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64.dll
[2017-01-10 19:16:30 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSCard.dll
[2017-01-10 19:16:30 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ScDeviceEnum.dll
[2017-01-10 19:16:30 | 000,136,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ImplatSetup.dll
[2017-01-10 19:16:30 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatepolicy.dll
[2017-01-10 19:16:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2017-01-10 19:16:29 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2017-01-10 19:16:29 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2017-01-10 19:16:29 | 000,382,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2017-01-10 19:16:29 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2017-01-10 19:16:28 | 013,869,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2017-01-10 19:16:27 | 019,413,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2017-01-10 19:16:27 | 006,044,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2017-01-10 19:16:27 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
[2017-01-10 19:16:27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2017-01-10 19:16:26 | 008,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2017-01-10 19:16:26 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2017-01-10 19:16:26 | 006,474,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2017-01-10 19:16:26 | 001,908,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll
[2017-01-10 19:16:26 | 001,513,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2017-01-10 19:16:25 | 006,664,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mspaint.exe
[2017-01-10 19:16:25 | 004,749,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2017-01-10 19:16:25 | 002,482,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2017-01-10 19:16:25 | 001,557,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2017-01-10 19:16:25 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2017-01-10 19:16:24 | 009,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2017-01-10 19:16:24 | 001,694,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2017-01-10 19:16:24 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadcloudap.dll
[2017-01-10 19:16:24 | 000,328,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2017-01-10 19:16:23 | 022,563,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2017-01-10 19:16:22 | 001,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2017-01-10 19:16:21 | 004,149,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2017-01-10 19:16:21 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2017-01-10 19:16:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017-01-10 19:16:20 | 002,748,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll
[2017-01-10 19:16:20 | 000,947,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVP9DEC.dll
[2017-01-10 19:16:20 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatehandlers.dll
[2017-01-10 19:16:20 | 000,076,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
[2017-01-10 19:16:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LaunchWinApp.exe
[2017-01-10 19:16:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LaunchWinApp.exe
[2017-01-10 19:16:19 | 007,469,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2017-01-10 19:16:19 | 004,612,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2017-01-10 19:16:19 | 003,616,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2017-01-10 19:16:19 | 001,300,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVPXENC.dll
[2017-01-10 19:16:19 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll
[2017-01-10 19:16:19 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneBackupHandler.dll
[2017-01-10 19:16:19 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpencom.dll
[2017-01-10 19:16:19 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeveloperOptionsSettingsHandlers.dll
[2017-01-10 19:16:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncSettings.dll
[2017-01-10 19:16:19 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudBackupSettings.dll
[2017-01-10 19:16:19 | 000,092,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2017-01-10 19:16:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll
[2017-01-10 19:16:18 | 005,511,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aclui.dll
[2017-01-10 19:16:18 | 003,892,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2017-01-10 19:16:18 | 002,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2017-01-10 19:16:18 | 001,852,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2017-01-10 19:16:18 | 001,231,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll
[2017-01-10 19:16:18 | 001,002,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2017-01-10 19:16:18 | 000,534,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2017-01-10 19:16:18 | 000,418,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2017-01-10 19:16:18 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\domgmt.dll
[2017-01-10 19:16:17 | 001,360,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2017-01-10 19:16:17 | 001,356,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ClipUp.exe
[2017-01-10 19:16:17 | 001,277,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2017-01-10 19:16:17 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2017-01-10 19:16:17 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2017-01-10 19:16:17 | 000,590,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2017-01-10 19:16:17 | 000,584,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2017-01-10 19:16:17 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2017-01-10 19:16:17 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgentUserBroker.exe
[2017-01-10 19:16:17 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2017-01-10 19:16:17 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2017-01-10 19:16:16 | 001,201,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2017-01-10 19:16:16 | 000,980,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2017-01-10 19:16:16 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2017-01-10 19:16:16 | 000,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2017-01-10 19:16:16 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BlockedShutdown.dll
[2017-01-10 19:16:16 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BioFeedback.dll
[2017-01-10 19:16:16 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll
[2017-01-10 19:16:16 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncSettings.dll
[2017-01-10 19:16:16 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.CredDialogController.dll
[2017-01-10 19:16:16 | 000,089,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\remoteaudioendpoint.dll
[2017-01-10 19:16:15 | 007,816,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2017-01-10 19:16:15 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsettingsprovider.dll
[2017-01-10 19:16:15 | 000,455,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2017-01-10 19:16:15 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcfg.dll
[2017-01-10 19:16:15 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudBackupSettings.dll
[2017-01-10 19:16:15 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2017-01-10 19:16:11 | 001,692,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2017-01-10 19:16:10 | 002,998,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2017-01-10 19:16:10 | 002,275,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2017-01-10 19:16:09 | 000,886,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2017-01-10 19:16:09 | 000,860,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2017-01-10 19:16:09 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2017-01-10 19:16:09 | 000,509,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2017-01-10 19:16:07 | 001,292,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVPXENC.dll
[2017-01-10 19:16:07 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ConsoleLogon.dll
[2017-01-10 19:16:07 | 000,241,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHost.dll
[2017-01-10 19:16:07 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32k.sys
[2017-01-10 19:16:06 | 003,733,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2017-01-10 19:16:06 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provengine.dll
[2017-01-10 19:16:05 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2017-01-10 19:16:05 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KnobsCore.dll
[2017-01-10 19:16:05 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KnobsCsp.dll
[2017-01-10 19:16:05 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProvPluginEng.dll
[2017-01-10 18:59:52 | 000,000,000 | -HSD | C] -- C:\found.000
 
========== Files - Modified Within 30 Days ==========
 
[2017-02-01 19:42:29 | 001,409,250 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017-02-01 19:42:29 | 001,260,706 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017-02-01 19:42:29 | 000,468,272 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017-02-01 19:37:34 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017-02-01 19:35:43 | 000,000,180 | ---- | M] () -- C:\WINDOWS\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2017-02-01 19:35:40 | 000,251,848 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2017-02-01 19:35:40 | 000,110,536 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\farflt.sys
[2017-02-01 19:35:40 | 000,091,584 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2017-02-01 19:35:40 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2017-02-01 19:35:33 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2017-02-01 19:35:32 | 2545,278,975 | -HS- | M] () -- C:\hiberfil.sys
[2017-02-01 17:02:20 | 000,176,584 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMChameleon.sys
[2017-02-01 17:02:05 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017-02-01 16:47:20 | 000,265,280 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017-01-31 07:15:54 | 000,085,984 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\klupd_klif_kimul.sys
[2017-01-29 10:12:00 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 5.2.lnk
[2017-01-28 16:14:47 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2017-01-20 07:47:44 | 000,077,416 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\mbae64.sys
 
========== Files Created - No Company Name ==========
 
[2017-02-01 17:02:05 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017-02-01 17:02:04 | 000,077,416 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\mbae64.sys
[2017-01-31 07:15:54 | 000,085,984 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\klupd_klif_kimul.sys
[2017-01-29 10:12:00 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 5.2.lnk
[2017-01-28 16:14:47 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016-12-13 19:23:56 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016-11-15 19:01:17 | 000,269,600 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1.dll
[2016-11-15 19:01:17 | 000,110,880 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo.exe
[2016-11-15 18:59:51 | 035,222,464 | ---- | C] () -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2016-10-13 18:44:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\GPU-Z.INI
[2016-09-30 05:51:18 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016-09-09 14:25:58 | 000,269,600 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1-1-0-26-0.dll
[2016-09-09 14:25:28 | 000,110,880 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016-08-06 15:14:19 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016-08-06 15:14:11 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016-07-16 07:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016-07-16 07:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016-07-16 07:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016-07-16 07:43:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016-07-16 07:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016-07-16 07:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016-07-16 07:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016-07-16 07:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016-07-16 07:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016-07-16 07:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2016-06-27 17:08:14 | 000,048,640 | ---- | C] () -- C:\WINDOWS\SysWow64\ASGT.exe
[2016-05-02 08:47:39 | 000,014,876 | ---- | C] () -- C:\Users\Sheldon\AppData\Roaming\ekiga.conf
[2016-02-12 22:32:42 | 008,224,024 | ---- | C] () -- C:\WINDOWS\PE_Rom.dll
[2016-02-12 09:58:05 | 000,014,464 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsUpIO.sys
[2016-02-12 09:14:00 | 000,000,663 | ---- | C] () -- C:\WINDOWS\Ascd_ProcessLog.ini
[2016-02-12 09:13:51 | 000,039,983 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2016-02-12 09:13:48 | 000,015,232 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys
 
========== ZeroAccess Check ==========
 
[2016-08-06 15:16:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016-11-11 06:01:16 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016-11-11 03:47:14 | 005,722,832 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016-07-16 07:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016-07-16 07:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016-07-16 07:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
OTL Extras logfile created on: 2017-02-01 7:46:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SheldonB\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
15.93 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.93% Memory free
18.30 Gb Paging File | 16.01 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.40 Gb Total Space | 134.62 Gb Free Space | 57.93% Space Free | Partition Type: NTFS
Drive D: | 931.39 Gb Total Space | 827.74 Gb Free Space | 88.87% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-BAMJFKH | User Name: Sheldon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 53 22 03 6B 17 F0 D1 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132B12B2-116F-4607-A4F4-B37925E54507}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe |
"{37CB7B40-C6AF-4EE0-991A-A79BEDBAF897}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{66B8C5A3-3DE5-49B3-8138-B5D5A409A660}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{B14E03BA-0DC3-48C1-B21F-205F9F22046B}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe |
"{BBEE5500-23C3-4F46-B6A0-0DA5C90F83CD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FEE83BBC-0874-47F6-8372-05FFCD230B19}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FF007EE3-7B2B-44D2-9DA0-D4434042A5AE}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00450B5C-170B-42DF-94CB-362D00F88E93}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{017F91A2-6893-4DAE-95F7-89294F06EB7E}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{019BBCE7-861C-4808-8D43-36363490EF9F}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{01E3EA33-BC2B-42B6-BE6A-1379B5F281F6}" = dir=in | name=@{microsoft.skypeapp_11.10.152.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{02908FC7-8BB5-4A1E-BC21-CF43524569B7}" = dir=in | name=onenote |
"{0295B785-B6E4-425E-8910-2F67623F639F}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{02C19448-283D-4A81-89C4-8D9852BD9103}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{08B545DD-50FE-4F2F-910F-414B6D15BAEB}" = dir=out | name=candy crush soda saga |
"{0CAA9318-E173-4A5F-8419-EB1641544D86}" = dir=in | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{0FAFBDD5-A232-4FD7-924A-A9D1B1261AB8}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{0FDBC307-89A6-46C6-97AE-7419DECD7ED6}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite iii\push notice\pushnotifyserver.exe |
"{112DFBA8-6429-4202-BA94-7ADB7E119E83}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aow3\aow3.exe |
"{113172B4-6CE3-495C-8BF1-F5EB18C5D512}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{116A7C78-6359-4D96-B3F2-842FA2623921}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deserts of kharak\technicalmanual\dok_manual.exe |
"{127E003D-F73F-4566-B82A-B653A9B9A898}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{138067E1-A079-427A-9B15-905595ABA0C7}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{17611CCE-5EA4-4C6D-9A98-A139AA416358}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{19D343E6-5BDE-4FA1-9A5D-E829304223C8}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{1B4B6F86-F095-42C2-805C-899ED7D10F43}" = dir=in | name=@{microsoft.skypeapp_11.10.152.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{2079DF4B-E81F-48F6-9BEA-3ACAB3CF3014}" = dir=in | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{211DEFB6-B75C-44B6-BB00-F91D558898DB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aow3\aow3.exe |
"{2255FCBF-C55E-47FA-B8C1-8E786F1978F6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 2\launcher.exe |
"{232615D2-604A-481D-B124-2C02EAF184FD}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{268C5581-A82C-4CD0-BB2D-65FD94E5C1ED}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{2764DB7D-87AE-49F7-8E2C-8904D21084AB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{28282D32-6DD6-4C18-933E-DE112F58E0EB}" = dir=out | name=xbox |
"{289D4205-E466-4AFE-AEE3-2BF72D5E9533}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{293EDBAC-FFA3-40EE-89FD-839F5C55A3EE}" = dir=in | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{2995E6E9-FC38-45FE-831C-45B28A14DD59}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{2A843C51-BA10-4149-8303-9B81F55672E3}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{2B293D8F-E401-40CC-80E8-2584DC62A27C}" = dir=out | name=@{microsoft.skypeapp_11.10.152.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{30E21BD2-B23D-443D-94C2-E4CE13C3FD7F}" = dir=in | name=hp all-in-one printer remote |
"{319BA093-5A0D-44CF-93F6-935583F8FDDE}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{3211BAB0-1450-4F67-9DA3-0394D3359B03}" = dir=in | name=sway |
"{3389CB30-7000-418E-9814-EA713698B753}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{33CDEF63-6E15-4FE2-973B-33EC3142ED6C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deserts of kharak\technicalmanual\dok_manual.exe |
"{3582AE83-A882-413D-98D2-59928581047B}" = dir=out | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{367A7708-6146-40D1-A900-D20E14E11F0E}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{3ADD9C8F-69FC-4A92-AD50-E3C5CD4A2F89}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aow3\aow3_debug.exe |
"{3B755D6C-AB24-406B-8A6C-D60982D5A1B4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 2\launcher.exe |
"{3CB72CB9-9EF5-4770-958D-DD2F3104D3AE}" = dir=in | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{3FB04E75-2EA5-4B32-B509-7CE79CCBCEF7}" = dir=in | name=@{microsoft.zunemusic_10.16122.10271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{400BFF8A-F0E1-41A1-B04C-216A123C97BB}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{41801EB5-9654-40F3-9809-5C7EAF7EA17B}" = dir=out | name=@{microsoft.people_10.1.3410.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{41A213B0-F7E5-4A84-BE7A-55EA5369D1FD}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{44368774-F482-44F2-8481-D31D2A903831}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\age of mythology\aomx.exe |
"{44AA6261-83E3-413B-AB74-2FC052E0CCDE}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{450FF75F-4EBD-4B09-A441-7E6D833322D5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aow3\aow3_debug.exe |
"{461E3D27-4253-4C4C-A501-913629685275}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{48F51960-CF19-405B-A512-B449B4A19141}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{492F7752-476D-410A-BA25-2F056577D193}" = dir=in | name=microsoft solitaire collection |
"{4962F94E-AE9A-4B43-9711-C606DBCD12A9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe |
"{499C2D47-F11C-4596-936C-D16127492C16}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{49F79C0B-3485-4859-AF0D-21E17E086943}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{4D7FB005-9C7B-489F-A11E-3B8782C4CBE6}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{4FB466F5-D071-47B5-B85A-45162DE55852}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{51B49F54-8200-4D5B-86CD-0C6420FED77B}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{521DB314-4915-463B-85A2-2942511D3A8E}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{52311E6A-46A6-48F8-90AF-269C932A38AD}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{5262C24F-1C39-4807-A150-77878BAE5F4E}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{52F43CC9-C06E-4548-B505-43E5CADEA433}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{539A29DE-19FC-4276-8A6D-CC369E7C1417}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{53AABAD1-4F65-43B3-A988-93EB4BD5E8C2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deserts of kharak\desertsofkharak64.exe |
"{53B29A52-7A8F-4964-AC66-CF40B4A8C14A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53E8F6C9-4EA4-4EEF-9637-9BD6CD5AB335}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{541EEA34-6314-47B6-AF9D-27EA48C6D037}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{54F4A664-EC02-40B5-ABE3-58955FE08926}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{5538FE47-836B-47F7-8E71-1705E64B2EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite iii\push notice\pushnotifyserver.exe |
"{556529BC-9982-4949-81AB-2FC44B9EDCAE}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\csiinstaller\c65448bc-e467-4ec7-b4a5-246697f52957\installer\hpbcsiinstaller.exe |
"{57CD4294-9D9F-456E-A356-A6C0857E2B3C}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{57F50ADB-0B1C-4854-930A-334002D22526}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\star wars x-wing alliance\alliance.exe |
"{5C38F455-1D40-41A7-AD9E-A430CD6705D1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\divinity original sin enhanced edition\shipping\eocapp.exe |
"{5E8D5313-6113-4CFA-A197-08EE49B54741}" = dir=out | name=twitter |
"{5F3EFB40-AC8F-45DE-8B76-3BFCCCD05E3C}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{607357C4-F637-47E2-9BE7-6EE17079E7F4}" = dir=in | name=microsoft solitaire collection |
"{61014270-7686-481F-B79C-803E0B2C1AB2}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{613E843F-CE92-4851-B587-79AA7802AD1D}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{61ACA316-9FAE-4D63-A733-526DB4DE724A}" = dir=out | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{61E9A1CB-C72D-4894-857B-DCB808D60A9F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\star wars x-wing alliance\alliance.exe |
"{62A02104-481E-49ED-AC0A-B6D4F239681D}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{6457AA60-8A8C-4F25-89DE-67FDAE592725}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{65286A06-16D7-42C1-8E02-63209D727298}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deserts of kharak\desertsofkharak64.exe |
"{66C263EA-07B0-4214-A945-5F2719AF69DE}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{673B8387-68E7-48BD-92CB-29FAAF527CD8}" = dir=out | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{673D3537-CE03-4FEE-A029-308BC402079E}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{67C1686F-21C2-4EFF-86AF-75D18FDDC49E}" = dir=out | name=windows_ie_ac_001 |
"{688997E4-6656-45FD-92F8-DDB6D59F3FEF}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{69DA641E-D1D9-4579-8279-3E7CE25BECAC}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{6A4A03C9-B399-472F-84D9-7552BDE921E2}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{6BB60E54-E1B1-4B0E-B920-9709344B9E26}" = dir=out | name=candy crush soda saga |
"{6CF040AE-F788-4010-A420-441727213459}" = dir=out | name=microsoft solitaire collection |
"{6E612D32-46F5-420D-814A-EBE240EEF3DF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\homeworld\hwlauncher\launcher.exe |
"{70DADBD6-136C-4A0B-8E24-B5714F525166}" = dir=out | name=microsoft sticky notes |
"{71440BEE-FDA1-44A4-B89C-38F0CAF63A59}" = dir=out | name=onenote |
"{71490E27-4295-42FE-B29F-E0CD579F5570}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{71AD5FE2-BEE7-41FA-9347-F478D5D6E6EA}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{72D923A2-E1EE-4FFC-95A6-269D72A77C5A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{76EA2B42-4A91-41E4-A582-687CB0C5D48C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\age of mythology\launcher.exe |
"{7920548C-75F4-44F2-926F-2D8E3FBB6444}" = dir=out | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{7CAA536B-33D9-4AB8-A6BD-4A25037F1064}" = dir=out | name=store purchase app |
"{807A52AF-4E65-465B-A179-6EE0ACC29454}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{82E88D87-3791-40D1-8432-727DA727DB2A}" = dir=in | name=microsoft sticky notes |
"{836A5D0A-703E-4093-846E-DAB00C8BFC6B}" = dir=out | name=@{microsoft.zunemusic_10.16122.10271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{86C7E2F4-4D66-41A6-82B6-B2B2C861369B}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{86FD8790-3E21-4FD4-AE17-F6C358436B09}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{8AD7DD71-9861-47E7-B0FB-FC645CF5ACD4}" = dir=out | name=@{microsoft.zunevideo_10.16122.10291.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{8EA24947-F218-4B55-AF99-187F008E349E}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{92C45B58-C2DF-4DB1-862D-B854F18EFE15}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{9621E10B-7C1C-45A2-A38F-8036EA55505F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98241B03-A716-4928-957A-023E8FCE4B2E}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{9897FC92-530B-4BDA-800A-EE9E20940751}" = dir=in | name=@{microsoft.zunevideo_10.16122.10291.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{9A85E628-D4DE-4887-AE47-6ACF2E213846}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{9B953821-20B2-4CD0-8B72-7F26C0F6B72B}" = dir=out | name=sway |
"{9BC16571-1212-453C-82AC-DB92EB5328F7}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{9C512E32-4084-47F5-8CFB-D0DF7378EE79}" = dir=out | name=@{microsoft.getstarted_4.4.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{9CF11AF5-084E-41D9-992E-FE5819E3D205}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{9D735CF2-7163-47ED-830E-98CE21448B63}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9DC0510A-B1CF-4999-A6FF-8351909FD5E6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\limbo\limbo.exe |
"{9E43FFB6-F1FF-438D-8C8D-E732DC21C00C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\limbo\limbo.exe |
"{9FC9EA52-FF18-40BC-9FCA-77260B9E1DDD}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{A4F81187-5049-412C-9E38-156853A814EF}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{A502947E-3CE0-40AD-B143-B41FB83485C0}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{A616F6D7-F23C-46A7-9648-BC62A8EE4520}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{A7253201-601C-4D43-9485-E9F2474DB205}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{A7DCA21A-9444-4B3B-B962-E481659DBD29}" = dir=in | name=microsoft sticky notes |
"{A8320EE5-A79D-439B-929A-72D183018EC3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe |
"{A88F6404-B213-42F1-AC2B-B7B584E478CE}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{ADE3E420-B908-4D7E-AE7A-EC931733CFE0}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{AE47006E-EFAD-4F2D-8496-E55E56F8104C}" = dir=out | name=@{microsoft.zunemusic_10.16122.10271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{AE5AD1EF-BE0A-40D3-93E5-196F47F30F6B}" = dir=out | name=@{microsoft.getstarted_4.4.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{AE6C5154-8F6D-4164-8656-9A973A06CC95}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aow3\aow3launcher.exe |
"{B04A917E-AA98-4984-B930-80513382646B}" = dir=in | name=@{microsoft.zunevideo_10.16122.10291.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{B21AA911-9571-48AF-A7BE-84F5495D3BFF}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{B2818641-C2F0-4ED8-8EFB-0140656F745F}" = dir=in | name=sway |
"{B2CACBF4-F508-47E5-8C3E-C177F1654EEB}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{B3BE5766-6E04-4D87-8321-118ACECA6B6F}" = dir=out | name=microsoft solitaire collection |
"{B3CA9FB7-A43E-4593-AA22-664C3E317321}" = dir=in | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{B4748332-F127-4CAE-9C7F-32B92EF35768}" = dir=out | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{B4A13C12-D5BF-4E1B-BFCD-E96D9C0421A1}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\csiinstaller\c65448bc-e467-4ec7-b4a5-246697f52957\installer\hpbcsiinstaller.exe |
"{B4E32057-48CE-4F65-9D58-156D0A4A3C1B}" = dir=in | app=c:\program files (x86)\hp\hp laserjet pro mfp m125-m126\bin\hpnetworkcommunicatorcom.exe |
"{B534C47B-6F23-4DBA-AF9A-CD3FA8113AB6}" = dir=out | name=@{microsoft.skypeapp_11.10.152.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{B53F4850-0935-4555-A788-332465D8FDC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B554ADDE-F808-4042-BD47-C5BA5D9AA6E7}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{B635C3CB-1BD7-4AFC-8C59-B8A54860C11A}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{B7CED904-6316-4695-A94B-25F648D7F001}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{B8246960-1091-46AC-9D4D-693048D3E279}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{B8A9BA90-BD05-43B4-B8A3-CE604E019A75}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{BB9D9D9A-D2C9-4628-AEFE-45AE7335F398}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{BC0C4EA6-3B70-4414-AC9B-DCD604CAAB5E}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{BCF80D51-96B9-4C76-B443-5C30C35414D8}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{BE16ECD2-2668-4EC6-8795-65E5E3EFB669}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{BFCBB9EF-0037-414C-8D09-F433F75F772A}" = dir=out | name=@{microsoft.zunevideo_10.16122.10291.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{C4C6FE71-987B-48ED-AC75-D6124F1ED6AC}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{C505742F-7A82-418A-B5DA-F1A1EA05E3C7}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{C579005F-60AB-437B-B624-F881F9E02922}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\age of mythology\aomx.exe |
"{C6762A4E-7526-44D2-82E8-9F056B7D820D}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{C9E20DB0-3BF1-4448-92CB-4E6923437A31}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{CB1120B6-DE97-445D-9547-6CFC0D75AD2F}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{CC374621-7E55-4EE9-8519-38902C8124BE}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{CCDE4252-C2BB-4053-8CF4-483D8CE7DB82}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{D16A9109-C70F-4016-8C70-A65DA86E8285}" = dir=out | name=store purchase app |
"{D21F536D-3D22-45C2-8036-D4737BBB9E9B}" = dir=in | name=onenote |
"{D5AD0285-8113-4218-A8F3-FA1A7EE489C8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aow3\aow3launcher.exe |
"{D70F6F1C-A47E-4B5B-8089-8403B2733EBA}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{D98F2F6C-75B6-4CFE-9C39-AE8F852D4DDA}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{DAB68098-9AFC-45C4-A963-BFF0237D2AA0}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{DC06C8A4-437F-4660-98C1-A092FBB451E0}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{DC9B8203-9F0F-4585-B307-599630AB1BEF}" = dir=in | app=c:\program files (x86)\hp\hp laserjet pro mfp m125-m126\bin\ewsproxy.exe |
"{DCE1A935-66DA-4352-B5CA-4962089214E6}" = dir=out | name=sway |
"{DD0D7C90-2004-4353-A283-C0F58404644A}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{DF168604-4EB5-4884-9ABC-56191B70C285}" = dir=out | name=xbox |
"{E026E00E-C76F-41B0-98C5-5527056FE5B5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{E090D752-7105-4127-8BE1-54170B011196}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\homeworld\hwlauncher\launcher.exe |
"{E0EB4210-9F92-47B8-879C-7938C3C682D3}" = dir=out | name=hp all-in-one printer remote |
"{E4533506-562F-4192-92F5-9E0B0C2860A9}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{E6D3A0A8-F774-4A95-A17D-A1CBE30DE33D}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{E85EA17A-4F0D-4D76-93FE-C0B5A81BD64C}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{E96A63B2-3BFB-45E9-83B7-1FC374467D31}" = dir=out | name=onenote |
"{EADAE430-9A0C-43A3-93E3-603AE734038C}" = dir=in | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{EB21C2EE-5103-4283-AC36-FAAE6768986E}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{EB717C54-EC91-4EA7-96B8-F7963AA1B2D8}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{EE0861B1-CC96-4781-8D45-8B4839DC8906}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\divinity original sin enhanced edition\shipping\eocapp.exe |
"{EE3985A6-922D-4E0C-9A69-23C7940F451F}" = dir=in | name=xbox |
"{F00B02BA-FFE1-4613-AD2F-8DE126A55F7E}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{F06B3249-8E4D-43C2-88B2-4163020E9805}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F1D46C0F-74E0-41ED-9A46-1164ABCBF8B3}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{F2F003AA-1C57-4F2C-8698-C44FF4F7CD5D}" = dir=out | name=twitter |
"{F3A3DC68-F56E-4583-B83E-328C657C6D5E}" = dir=out | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{F4F92BFF-F969-491F-A023-957836730226}" = protocol=6 | dir=in | app=d:\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{F5E31107-51CA-409A-8F88-F80F0DB7C9B7}" = dir=out | name=@{microsoft.people_10.1.3410.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{F7260574-AA5A-4088-AF18-69738EAA4455}" = dir=in | name=@{microsoft.zunemusic_10.16122.10271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F89A968C-5A2F-430F-8ED9-236B880B97A4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\age of mythology\launcher.exe |
"{FA45981B-845E-4A51-BC9F-A8CC12E0EAAD}" = dir=out | name=microsoft sticky notes |
"{FE35BB80-0300-4BC1-B6D0-E3F4FB1F206C}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{FEDA47CF-5BCD-4B50-BBD0-86D967683823}" = protocol=17 | dir=in | app=d:\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{FF267C19-B137-4E93-8223-1920D1E6EDCD}" = dir=in | name=xbox |
"TCP Query User{10ED5A3B-AAB7-430C-A37D-FBECFA5208DE}D:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe" = protocol=6 | dir=in | app=d:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe |
"TCP Query User{1EAF95A2-B30E-4BAD-8906-E9D47C460603}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe |
"TCP Query User{CFFAF53A-57AB-4EE3-AA03-0E9FE856E548}D:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe" = protocol=6 | dir=in | app=d:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe |
"TCP Query User{D7A86BFE-AB66-4A7F-A860-70629FDFA13F}D:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe" = protocol=6 | dir=in | app=d:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe |
"TCP Query User{E67D7F0B-8EF9-43C2-ABDC-4E5FA0C1B418}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{FDEA73B2-F75F-419B-B92B-F8949938DF8B}C:\program files (x86)\jitsi\jitsi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jitsi\jitsi.exe |
"UDP Query User{2CE9D7D4-8FA5-44C1-9C0E-37E5F787825F}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{407263E9-FD2B-4C27-BC6D-9F35CC351983}D:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe" = protocol=17 | dir=in | app=d:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe |
"UDP Query User{40A0206E-963C-4A3D-B1EC-889BB01B1C34}D:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe" = protocol=17 | dir=in | app=d:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe |
"UDP Query User{64C6D6DF-ABEC-493A-8421-2288DFD128C6}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe |
"UDP Query User{823C9072-147A-4F5F-BC4B-94FEA43B4E41}D:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe" = protocol=17 | dir=in | app=d:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe |
"UDP Query User{921BF120-DD9C-440D-B71C-05A924A61B1D}C:\program files (x86)\jitsi\jitsi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jitsi\jitsi.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb" = GOG.com Heroes of Might and Magic 3
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{30E20E5D-5E4E-4874-A35A-952DB3582C29}" = HP Unified IO
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.0.6.1469
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}" = Oracle VM VirtualBox 5.1.4
"{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}" = Apple Mobile Device Support
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{638A518B-0D2E-4143-ACF8-F3D83D822E85}" = Intel(R) Network Connections 20.2.4001.0
"{7D84E343-A23D-451C-B123-0195B2D903A6}" = Intel® Trusted Connect Service Client
"{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}" = Apple Application Support (64-bit)
"{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}" = Intel(R) Chipset Device Software
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{94BC10B9-159A-44E8-BEA1-34BF765FEA58}" = Intel(R) ME UninstallLegacy
"{95265B86-188E-3F62-9CDB-60FCE59EC721}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24210
"{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}" = iTunes
"{a218c2db-d769-44eb-b757-b7fc41b6596c}.sdb" = Star Wars X-Wing Alliance
"{A5536A08-5A7F-4330-8947-0372B500A3BD}" = Intel(R) Management Engine Components
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 375.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 375.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 375.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 3.1.0.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 369.04
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 2.13.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.13.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA Wireless Controller Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.34.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService" = NVIDIA NetworkService Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.UserElevated" = NVIDIA Elevated User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NvNodejs
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NvTelemetry
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.13.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 3.30.2
"{C0B2C673-ECAA-372D-94E5-E89440D087AD}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24210
"{C6C06C9F-B452-4C7A-AB83-F5931AB9B372}" = Intel(R) Management Engine Components
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"CPUID ASUS CPU-Z_is1" = CPUID ASUS CPU-Z 1.72.1
"PROSetDX" = Intel(R) Network Connections 20.2.4001.0
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 244160" = Homeworld Remastered Collection
"Steam App 252950" = Rocket League
"Steam App 266840" = Age of Mythology: Extended Edition
"Steam App 361670" = STAR WARS™: X-Wing Alliance™
"Steam App 48000" = LIMBO
"Turbo LAN" = Turbo LAN v10.09
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}" = ASUS GPU TweakII
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0BFDA228-F4D0-42C0-90B2-8C47F147AEB1}" = HPDXP
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{178F0383-A2F1-427C-9881-6EACB8728C76}" = hppLaserJetService
"{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}" = hppM125LaserJetService
"{1CF84962-50F8-48CA-9082-B70F3A02C686}" = Kaspersky Secure Connection
"{1FF95F73-AB46-472B-AF7A-D032400F1FFA}" = UFile 2015
"{23658c02-145e-483d-ba6b-1eb82c580529}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
"{2AEAE3EB-AF83-4A1E-A749-2C263F62955B}" =
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30DD7187-F392-4D83-8AED-D9A2DC64EF15}" = HPLJUTCore
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{4B230374-6475-4A73-BA6E-41015E9C5013}" = Intel® Security Assist
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{581A9CCB-1AD7-4BB4-A698-590305F773FB}" = hpStatusAlertsM125-M126
"{59516745-D476-49FD-B281-371844FA1C21}" = TP-LINK Archer T9E Driver
"{5A11EF83-9E0A-4B5C-8D2F-1FF9551A5E8C}" = HP Product FWUpdater
"{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper
"{60c073df-e736-4210-9c3a-5fc2b651cef3}" = Intel(R) Chipset Device Software
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}" = hpStatusAlerts
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79CD8EA1-DEB1-4582-9E41-8634223BDCD4}" = LibreOffice 5.2.5.1
"{7AAE9187-C24F-4073-A951-36C370E7A3A5}" = ASUS Boot Setting
"{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}" = SlimDX Runtime .NET 4.0 x86 (January 2012)
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{82E7776B-E837-4584-BD0D-E2F54A0F6960}" = HP LaserJet Pro MFP M125-M126 HP Device Toolbox
"{8FD71E98-EE44-3844-9DAD-9CB0BBBC603C}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24210
"{9A0C3AE6-A6C3-46C4-95A5-E3745CCE3D57}" = hpbM126DSService
"{9BA1A894-B42F-4805-BC8C-349C905A3930}" = Apple Application Support (32-bit)
"{9E7CB788-5C1F-4A18-95AA-8F4B1618A80C}" = HPLJUTM125_126
"{AC76BA86-0804-1033-1959-001824211354}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1CB7E99-4685-45CB-867E-2FB58EDA0A39}" = HP Unified IO
"{B2894225-82C7-4006-B243-6272589993B2}" = HPLJProMFPM125M126
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{c65448bc-e467-4ec7-b4a5-246697f52957}" = HP LaserJet Pro MFP M125-M126
"{C84C5C3A-6D85-4741-9F9D-03A9084CD2E5}" = HyStream
"{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}" = ASUS Product Register Program
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CD36E28B-6023-469A-91E7-049A2874EC13}" = AI Suite 3
"{D8C8656B-0BD8-39C3-B741-F889B7C144E5}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24210
"{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}" = Kaspersky Anti-Virus
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F84EA1B1-5184-4145-B6E6-5E5D33D85FE4}" = HP LJ M125126 Scan HP Scan
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.31
"1207659194_is1" = Eador - Masters of the Broken World
"1420648167_is1" = Lords of Xulima
"1445609115_is1" = Sorcerer King™
"Battle.net" = Battle.net
"GOGPACKFTL_is1" = FTL -  Advanced Edition
"GOGPACKHOMM3COMPLETE_is1" = Heroes of Might and Magic 3 Complete
"InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}" = ASUS GPU TweakII
"InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}" = Kaspersky Secure Connection
"InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}" = Kaspersky Anti-Virus
"Lords of Xulima - Deluxe Edition Upgrade_is1" = Lords of Xulima - Deluxe Edition Upgrade
"Mozilla Firefox 51.0.1 (x86 en-US)" = Mozilla Firefox 51.0.1 (x86 en-US)
"Mozilla Thunderbird 45.7.0 (x86 en-US)" = Mozilla Thunderbird 45.7.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars" = PokerStars
"StarCraft II" = StarCraft II
"Steam" = Steam
"Steam App 226840" = Age of Wonders III
"Steam App 281610" = Homeworld: Deserts of Kharak
"Steam App 373420" = Divinity: Original Sin Enhanced Edition
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2017-02-01 7:32:01 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT | ID = 467
Description = svchost (10476) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol:
 Index 00000002 of table FolderMetadata is corrupted (0).
 
Error - 2017-02-01 7:35:57 PM | Computer Name = DESKTOP-BAMJFKH | Source = Application Error | ID = 1000
Description = Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.693,
 time stamp: 0x585a26c4  Faulting module name: eModel.dll, version: 11.0.14393.693,
 time stamp: 0x585a27a4  Exception code: 0xc0000409  Fault offset: 0x00000000000d4ad0
Faulting
 process id: 0x478  Faulting application start time: 0x01d27ce3ef5c86dc  Faulting application
 path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting
 module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
Report
 Id: 5e8720ef-ee74-481f-ab80-974715df8b5f  Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting
 package-relative application ID: MicrosoftEdge
 
Error - 2017-02-01 7:35:58 PM | Computer Name = DESKTOP-BAMJFKH | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 2017-02-01 7:36:07 PM | Computer Name = DESKTOP-BAMJFKH | Source = Application Error | ID = 1000
Description = Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.693,
 time stamp: 0x585a26c4  Faulting module name: KERNELBASE.dll, version: 10.0.14393.479,
 time stamp: 0x582588e6  Exception code: 0x00000004  Fault offset: 0x0000000000017788
Faulting
 process id: 0x1730  Faulting application start time: 0x01d27ce3f5b60877  Faulting application
 path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting
 module path: C:\WINDOWS\System32\KERNELBASE.dll  Report Id: a4655865-592e-4a59-8b76-2a7c48658b99
Faulting
 package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe  Faulting
 package-relative application ID: MicrosoftEdge
 
Error - 2017-02-01 7:36:08 PM | Computer Name = DESKTOP-BAMJFKH | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 2017-02-01 7:37:40 PM | Computer Name = DESKTOP-BAMJFKH | Source = SecurityCenter | ID = 16
Error - 2017-02-01 7:37:43 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT
 | ID = 467
 
Description = svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).
Error - 2017-02-01 7:40:33 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT
 | ID = 467
 
Description = svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).
Error - 2017-02-01 7:40:39 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT
 | ID = 467
 
Description = svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).
Error - 2017-02-01 7:43:01 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT
 | ID = 467
 
Description = svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).
Error - 2017-02-01 7:43:01 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT
 | ID = 447
 
Description = svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).
Error - 2017-02-01 7:43:01 PM | Computer Name = DESKTOP-BAMJFKH | Source = ESENT
 | ID = 447
 
Description = svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).
 
Error encountered while reading event logs.
 
< End of report >

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Hello there, and welcome back...

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Sheldon (administrator) on DESKTOP-BAMJFKH (01-02-2017 22:13:55)
Running from C:\Users\SheldonB\Desktop
Loaded Profiles: Sheldon & SheldonB (Available Profiles: Sheldon & SheldonB)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(cFos Software GmbH) C:\Program Files\ASUS\Turbo LAN\spd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(cFos Software GmbH) C:\Program Files\ASUS\Turbo LAN\cfosspeed.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(OldTimer Tools) C:\Users\SheldonB\Downloads\OTL.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8502160 2015-09-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1404144 2015-09-08] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Turbo LAN] => C:\Program Files\ASUS\Turbo LAN\cFosSpeed.exe [2881960 2015-06-25] (cFos Software GmbH)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [555832 2014-03-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AO Link Server] => C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\ALRun.exe -start
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKU\S-1-5-21-404982144-3513266834-2388539628-1001\...\Run: [Steam] => D:\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-404982144-3513266834-2388539628-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-404982144-3513266834-2388539628-1001\...\Run: [BingSvc] => C:\Users\Sheldon\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-404982144-3513266834-2388539628-1001\...\RunOnce: [Uninstall C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-404982144-3513266834-2388539628-1004\...\RunOnce: [Uninstall C:\Users\SheldonB\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SheldonB\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{c5e6ecaa-5d15-40e4-98db-46bfd66187cb}: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{f092fbd3-2508-49c2-a6a9-f87960439d44}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKU\S-1-5-21-404982144-3513266834-2388539628-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKU\S-1-5-21-404982144-3513266834-2388539628-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: jnypoext.default
FF ProfilePath: C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default [2016-09-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jnypoext.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\jnypoext.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\jnypoext.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\jnypoext.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Homepage: Mozilla\Firefox\Profiles\jnypoext.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-ca
FF Extension: (Bing Search) - C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-09-18]
FF Extension: (NoScript) - C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-12]
FF SearchPlugin: C:\Users\Sheldon\AppData\Roaming\Mozilla\Firefox\Profiles\jnypoext.default\searchplugins\bing-.xml [2016-09-18]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-05-08] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2015-08-21] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe [398648 2015-08-21] (ASUSTeK Computer Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 cFosSpeedS; C:\Program Files\ASUS\Turbo LAN\spd.exe [1062312 2015-06-25] (cFos Software GmbH)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [449112 2016-07-28] (Intel Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [250848 2015-09-08] (DTS, Inc)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-07-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28472 2015-07-06] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7546544 2014-10-22] (Broadcom Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [559080 2016-04-19] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-08] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2016-12-10] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2017-01-31] ()
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2016-12-09] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2016-12-10] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2016-12-09] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-08] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-01] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c775b600ccf2cdac\nvlddmkm.sys [14172608 2016-11-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 RZMAELSTROMVADService; C:\WINDOWS\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-01 22:13 - 2017-02-01 22:14 - 00020223 _____ C:\Users\SheldonB\Desktop\FRST.txt
2017-02-01 22:13 - 2017-02-01 22:13 - 00000000 ____D C:\FRST
2017-02-01 22:11 - 2017-02-01 22:13 - 02420736 _____ (Farbar) C:\Users\SheldonB\Desktop\FRST64.exe
2017-02-01 22:11 - 2017-02-01 22:11 - 02420736 _____ (Farbar) C:\Users\SheldonB\Downloads\FRST64.exe
2017-02-01 20:15 - 2017-02-01 20:15 - 00000289 _____ C:\Users\SheldonB\Documents\geekpolice.txt
2017-02-01 19:51 - 2017-02-01 19:51 - 00198828 _____ C:\Users\SheldonB\Downloads\OTL.Txt
2017-02-01 19:51 - 2017-02-01 19:51 - 00114708 _____ C:\Users\SheldonB\Downloads\Extras.Txt
2017-02-01 19:45 - 2017-02-01 19:46 - 00602112 _____ (OldTimer Tools) C:\Users\SheldonB\Downloads\OTL.exe
2017-02-01 17:42 - 2017-02-01 17:43 - 00093260 _____ C:\Users\SheldonB\Downloads\funcaptcha_audio_365589257185884c6.34189331-9417.wav
2017-02-01 17:02 - 2017-02-01 19:35 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-01 17:02 - 2017-02-01 19:35 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-01 17:02 - 2017-02-01 19:35 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-01 17:02 - 2017-02-01 19:35 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-01 17:02 - 2017-02-01 17:02 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-01 17:02 - 2017-02-01 17:02 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-01 17:02 - 2017-02-01 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-01 17:02 - 2017-02-01 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-01 17:02 - 2017-02-01 17:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-01 17:02 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-01 17:01 - 2017-02-01 17:01 - 55566792 _____ (Malwarebytes ) C:\Users\SheldonB\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-31 07:15 - 2017-01-31 07:15 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-01-30 20:35 - 2017-01-30 20:35 - 00000089 _____ C:\Users\SheldonB\Desktop\Glass.rdp
2017-01-29 10:12 - 2017-01-29 10:12 - 00001235 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk
2017-01-29 10:11 - 2017-01-29 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2017-01-29 10:11 - 2017-01-29 10:11 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2017-01-28 16:38 - 2017-02-01 19:51 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-01-28 16:14 - 2017-01-28 16:14 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-28 16:14 - 2017-01-28 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-28 16:14 - 2017-01-28 16:14 - 00000000 ____D C:\Program Files\iTunes
2017-01-28 16:14 - 2017-01-28 16:14 - 00000000 ____D C:\Program Files\iPod
2017-01-25 15:14 - 2017-01-25 15:14 - 00000090 _____ C:\Users\SheldonB\Desktop\Bamburgh.rdp
2017-01-25 14:01 - 2016-12-21 03:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:01 - 2016-12-21 00:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-10 19:16 - 2016-12-21 04:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 19:16 - 2016-12-21 04:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 19:16 - 2016-12-21 04:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 19:16 - 2016-12-21 03:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 19:16 - 2016-12-21 03:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 19:16 - 2016-12-21 03:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 19:16 - 2016-12-21 03:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 19:16 - 2016-12-21 03:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 19:16 - 2016-12-21 03:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 19:16 - 2016-12-21 03:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 19:16 - 2016-12-21 03:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 19:16 - 2016-12-21 03:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 19:16 - 2016-12-21 03:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 19:16 - 2016-12-21 03:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 19:16 - 2016-12-21 03:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 19:16 - 2016-12-21 03:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 19:16 - 2016-12-21 03:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 19:16 - 2016-12-21 03:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 19:16 - 2016-12-21 03:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 19:16 - 2016-12-21 03:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 19:16 - 2016-12-21 03:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 19:16 - 2016-12-21 03:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 19:16 - 2016-12-21 03:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 19:16 - 2016-12-21 03:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 19:16 - 2016-12-21 03:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 19:16 - 2016-12-21 03:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 19:16 - 2016-12-21 03:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 19:16 - 2016-12-21 03:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 19:16 - 2016-12-21 03:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 19:16 - 2016-12-21 03:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 19:16 - 2016-12-21 03:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 19:16 - 2016-12-21 03:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 19:16 - 2016-12-21 03:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 19:16 - 2016-12-21 03:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 19:16 - 2016-12-21 03:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 19:16 - 2016-12-21 03:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 19:16 - 2016-12-21 03:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 19:16 - 2016-12-21 03:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 19:16 - 2016-12-21 03:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 19:16 - 2016-12-21 02:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 19:16 - 2016-12-21 02:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 19:16 - 2016-12-21 02:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 19:16 - 2016-12-21 02:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 19:16 - 2016-12-21 02:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 19:16 - 2016-12-21 02:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 19:16 - 2016-12-21 02:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 19:16 - 2016-12-21 02:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 19:16 - 2016-12-21 02:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 19:16 - 2016-12-21 02:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 19:16 - 2016-12-21 02:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 19:16 - 2016-12-21 02:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 19:16 - 2016-12-21 02:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 19:16 - 2016-12-21 02:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 19:16 - 2016-12-21 02:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 19:16 - 2016-12-21 02:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 19:16 - 2016-12-21 02:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 19:16 - 2016-12-21 02:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 19:16 - 2016-12-21 02:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 19:16 - 2016-12-21 02:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 19:16 - 2016-12-21 01:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 19:16 - 2016-12-21 01:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 19:16 - 2016-12-21 01:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 19:16 - 2016-12-21 01:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 19:16 - 2016-12-21 01:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 19:16 - 2016-12-21 01:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 19:16 - 2016-12-21 01:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 19:16 - 2016-12-21 01:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 19:16 - 2016-12-21 01:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 19:16 - 2016-12-21 00:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 19:16 - 2016-12-21 00:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 19:16 - 2016-12-21 00:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 19:16 - 2016-12-21 00:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:16 - 2016-12-21 00:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 19:16 - 2016-12-21 00:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 19:16 - 2016-12-21 00:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 19:16 - 2016-12-21 00:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 19:16 - 2016-12-21 00:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 19:16 - 2016-12-21 00:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 19:16 - 2016-12-21 00:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 19:16 - 2016-12-21 00:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 19:16 - 2016-12-21 00:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 19:16 - 2016-12-21 00:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 19:16 - 2016-12-21 00:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 19:16 - 2016-12-21 00:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 19:16 - 2016-12-21 00:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 19:16 - 2016-12-21 00:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 19:16 - 2016-12-21 00:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 19:16 - 2016-12-21 00:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 19:16 - 2016-12-21 00:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 19:16 - 2016-12-21 00:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 19:16 - 2016-12-21 00:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 19:16 - 2016-12-21 00:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 19:16 - 2016-12-21 00:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 19:16 - 2016-12-21 00:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 19:16 - 2016-12-21 00:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 19:16 - 2016-12-21 00:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 19:16 - 2016-12-14 01:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 19:16 - 2016-12-14 01:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 19:16 - 2016-12-14 01:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 19:16 - 2016-12-14 01:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 19:16 - 2016-12-14 01:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 19:16 - 2016-12-14 01:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 19:16 - 2016-12-14 01:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 19:16 - 2016-12-14 01:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 19:16 - 2016-12-14 01:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 19:16 - 2016-12-14 01:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 19:16 - 2016-12-14 01:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 19:16 - 2016-12-14 01:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 19:16 - 2016-12-14 01:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 19:16 - 2016-12-14 01:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 19:16 - 2016-12-14 01:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 19:16 - 2016-12-14 01:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 19:16 - 2016-12-14 01:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 19:16 - 2016-12-14 01:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 19:16 - 2016-12-14 00:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 19:16 - 2016-12-14 00:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 19:16 - 2016-12-14 00:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 19:16 - 2016-12-14 00:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 19:16 - 2016-12-14 00:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 19:16 - 2016-12-14 00:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 19:16 - 2016-12-14 00:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 19:16 - 2016-12-14 00:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:16 - 2016-12-14 00:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 19:16 - 2016-12-14 00:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 19:16 - 2016-12-14 00:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 19:16 - 2016-12-14 00:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 19:16 - 2016-12-14 00:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 19:16 - 2016-12-14 00:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 19:16 - 2016-12-14 00:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 19:16 - 2016-12-14 00:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 19:16 - 2016-12-14 00:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 19:16 - 2016-12-14 00:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 19:16 - 2016-12-14 00:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 19:16 - 2016-12-14 00:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 19:16 - 2016-12-14 00:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 19:16 - 2016-12-14 00:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 19:16 - 2016-12-14 00:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 19:16 - 2016-12-14 00:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 19:16 - 2016-12-14 00:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 19:16 - 2016-12-14 00:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 19:16 - 2016-12-14 00:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 19:16 - 2016-12-14 00:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 19:16 - 2016-12-14 00:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 19:16 - 2016-12-14 00:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 19:16 - 2016-12-14 00:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 19:16 - 2016-12-14 00:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 19:16 - 2016-12-14 00:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 19:16 - 2016-12-14 00:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 19:16 - 2016-12-14 00:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 19:16 - 2016-12-14 00:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 19:16 - 2016-12-14 00:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 19:16 - 2016-12-14 00:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 19:16 - 2016-12-14 00:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 19:16 - 2016-12-14 00:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 19:16 - 2016-12-14 00:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 19:16 - 2016-12-14 00:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 19:16 - 2016-12-14 00:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 19:16 - 2016-12-14 00:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 19:16 - 2016-12-14 00:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 19:16 - 2016-12-14 00:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 19:16 - 2016-11-02 08:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 19:16 - 2016-11-02 07:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 19:16 - 2016-11-02 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 19:16 - 2016-11-02 06:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 19:16 - 2016-11-02 06:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 19:16 - 2016-08-02 00:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:59 - 2017-01-10 18:59 - 00000000 __SHD C:\found.000
2017-01-09 20:20 - 2017-01-09 20:20 - 00724425 _____ C:\Users\SheldonB\Desktop\12 DAYS OF FITNESS AT HOME .pdf
2017-01-09 20:20 - 2017-01-09 20:20 - 00601941 _____ C:\Users\SheldonB\Desktop\Bonus 1 hiit.pdf
2017-01-06 18:06 - 2017-01-06 18:06 - 00050487 _____ C:\Users\SheldonB\Downloads\document.pdf
2017-01-04 06:52 - 2017-01-04 06:52 - 02579102 _____ C:\Users\SheldonB\Desktop\menu.pdf
2017-01-03 16:39 - 2017-01-03 16:39 - 00000202 _____ C:\Users\SheldonB\Desktop\STAR WARS X-Wing Alliance.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-01 22:09 - 2016-08-06 15:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-01 20:09 - 2016-10-13 17:58 - 00000000 ____D C:\Users\SheldonB\AppData\Local\CrashDumps
2017-02-01 19:51 - 2016-11-16 20:27 - 00000000 ____D C:\Users\SheldonB\AppData\LocalLow\Mozilla
2017-02-01 19:42 - 2016-02-12 08:56 - 01260706 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-01 19:37 - 2016-02-12 12:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-01 19:36 - 2016-10-12 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-01 19:35 - 2016-08-06 15:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-01 19:35 - 2016-08-06 15:13 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-01 19:35 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-01 19:24 - 2016-10-12 19:58 - 00000000 ____D C:\Users\Sheldon\AppData\Roaming\Skype
2017-02-01 19:24 - 2016-10-12 19:58 - 00000000 ____D C:\Users\Sheldon\AppData\Local\CrashDumps
2017-02-01 18:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-01 18:48 - 2016-02-17 18:59 - 00000000 ____D C:\Users\SheldonB\AppData\Local\Packages
2017-02-01 18:35 - 2016-08-06 15:14 - 00000000 ____D C:\Users\Sheldon
2017-02-01 18:31 - 2016-10-12 19:58 - 00000000 ____D C:\Users\Sheldon\AppData\Local\Steam
2017-02-01 18:30 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-01 18:30 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-01 18:30 - 2016-02-12 08:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 18:30 - 2016-02-12 08:59 - 00000000 ____D C:\Users\Sheldon\AppData\Local\Packages
2017-02-01 16:47 - 2016-08-06 15:13 - 00265280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-01 16:47 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-28 16:22 - 2016-11-21 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-28 16:22 - 2016-11-16 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 16:22 - 2016-02-12 11:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 16:21 - 2016-08-06 15:14 - 00000000 ____D C:\Users\SheldonB
2017-01-28 16:14 - 2016-02-17 18:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-25 14:20 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-22 13:14 - 2016-04-01 09:48 - 00000000 ____D C:\Users\SheldonB\AppData\Roaming\Skype
2017-01-22 10:20 - 2016-04-01 09:48 - 00000000 ____D C:\ProgramData\Skype
2017-01-21 18:34 - 2016-02-18 20:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 18:26 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 23:13 - 2016-11-14 07:33 - 00000000 ____D C:\Users\SheldonB\Desktop\TL Phone
2017-01-10 20:09 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 20:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 20:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 20:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 20:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 19:28 - 2016-02-12 12:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 19:27 - 2016-02-12 12:48 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 19:08 - 2016-08-06 15:17 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-03 16:39 - 2016-02-17 23:13 - 00000000 ____D C:\Users\SheldonB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2016-05-02 08:47 - 2016-05-02 08:54 - 0014876 _____ () C:\Users\Sheldon\AppData\Roaming\ekiga.conf
2016-08-06 15:14 - 2016-08-06 15:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-10-12 19:52 - 2016-09-16 18:36 - 0746088 _____ (NVIDIA Corporation) C:\Users\Sheldon\AppData\Local\Temp\nvSCPAPI.dll
2016-10-12 19:52 - 2016-10-18 15:31 - 0860960 _____ (NVIDIA Corporation) C:\Users\Sheldon\AppData\Local\Temp\nvSCPAPI64.dll
2016-10-12 20:00 - 2016-10-18 15:31 - 0353336 _____ (NVIDIA Corporation) C:\Users\Sheldon\AppData\Local\Temp\nvStInst.exe
2017-02-01 19:24 - 2017-02-01 19:24 - 0000000 _____ () C:\Users\Sheldon\AppData\Local\Temp\obpqchlm.dll
2016-08-15 16:45 - 2017-01-22 10:19 - 43918808 _____ (Skype Technologies S.A.) C:\Users\SheldonB\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-25 15:35

==================== End of FRST.txt ============================

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Sheldon (01-02-2017 22:14:19)
Running from C:\Users\SheldonB\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-06 19:19:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-404982144-3513266834-2388539628-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-404982144-3513266834-2388539628-503 - Limited - Disabled)
Guest (S-1-5-21-404982144-3513266834-2388539628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-404982144-3513266834-2388539628-1003 - Limited - Enabled)
Sheldon (S-1-5-21-404982144-3513266834-2388539628-1001 - Administrator - Enabled) => C:\Users\Sheldon
SheldonB (S-1-5-21-404982144-3513266834-2388539628-1004 - Limited - Enabled) => C:\Users\SheldonB

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM\...\Steam App 266840) (Version:  - SkyBox Labs)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.26 - ASUSTeK Computer Inc.)
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.05.01 - ASUSTeK Computer Inc.)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU TweakII (x32 Version: 1.3.6.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CPUID ASUS CPU-Z 1.72.1 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.72.1 - CPUID, Inc.)
Divinity: Original Sin Enhanced Edition (HKLM-x32\...\Steam App 373420) (Version:  - Larian Studios)
Eador - Masters of the Broken World (HKLM-x32\...\1207659194_is1) (Version: 2.4.0.22 - GOG.com)
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
Homeworld Remastered Collection (HKLM\...\Steam App 244160) (Version:  - Gearbox Software)
Homeworld: Deserts of Kharak (HKLM-x32\...\Steam App 281610) (Version:  - Blackbird Interactive)
HP LaserJet Pro MFP M125-M126 (HKLM-x32\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM126DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.59 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJProMFPM125M126 (HKLM-x32\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM125_126 (x32 Version: 008.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM125-M126 (x32 Version: 080.046.00113 - Hewlett-Packard) Hidden
HyStream (HKLM-x32\...\{C84C5C3A-6D85-4741-9F9D-03A9084CD2E5}) (Version: 1.00.12 - ASUSTeK Computer Inc.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
LibreOffice 5.2.5.1 (HKLM-x32\...\{79CD8EA1-DEB1-4582-9E41-8634223BDCD4}) (Version: 5.2.5.1 - The Document Foundation)
LIMBO (HKLM\...\Steam App 48000) (Version:  - Playdead)
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Lords of Xulima - Deluxe Edition Upgrade (HKLM-x32\...\Lords of Xulima - Deluxe Edition Upgrade_is1) (Version: 2.1.0.9 - GOG.com)
Lords of Xulima (HKLM-x32\...\1420648167_is1) (Version: 2.3.0.9 - GOG.com)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.7.0 (x86 en-US)) (Version: 45.7.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 5.1.4 (HKLM\...\{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}) (Version: 5.1.4 - Oracle Corporation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Python 2.7 pycrypto-2.6 (HKU\S-1-5-21-404982144-3513266834-2388539628-1004\...\pycrypto-py2.7) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7574 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Sorcerer King™ (HKLM-x32\...\1445609115_is1) (Version: 2.1.0.5 - GOG.com)
Star Wars X-Wing Alliance (HKLM\...\{a218c2db-d769-44eb-b757-b7fc41b6596c}.sdb) (Version:  - )
STAR WARS™: X-Wing Alliance™ (HKLM\...\Steam App 361670) (Version:  - Totally Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM\...\Steam App 20920) (Version:  - CD PROJEKT RED)
TP-LINK Archer T9E Driver (HKLM-x32\...\{59516745-D476-49FD-B281-371844FA1C21}) (Version: 1.3.1 - TP-LINK)
Turbo LAN v10.09 (HKLM\...\Turbo LAN) (Version: 10.09 - cFos Software GmbH, Bonn)
UFile 2015 (HKLM-x32\...\{1FF95F73-AB46-472B-AF7A-D032400F1FFA}) (Version: 19.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08960C99-D257-4BF1-A995-AA6594FA6851} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {0A2112DD-CA4D-4615-8135-5FA3392E2717} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {17929129-1229-442A-9874-9CEF0570C861} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {3950002B-0D82-4561-943B-C7C4F525AE33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {39628D6B-4A31-45DE-8A36-95EBC074B228} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-08-06] (ASUSTeK Computer Inc.)
Task: {464F342F-E268-479C-9BC1-DAA00EFE0B00} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {49953585-4194-4A7F-BB37-8145536080E1} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2015-08-21] (TODO: )
Task: {4B4C6B38-4492-4912-870A-434CA7B56D42} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {5E56E3F2-939F-4CC5-95A8-66E106D0E620} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6C37C902-7155-4988-AC6A-E2D33BCAE41F} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2015-08-21] ()
Task: {6D510A8A-9887-4304-9159-6074BDC8ADAA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {90707D4F-84FA-485A-900A-7F2E89454D0E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {90F046A5-04B2-4DBD-9D91-8C4DAD8E189F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {A66063C9-FDA9-4FB1-8162-B1613CBCCD31} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-01-28] (Hewlett Packard)
Task: {A968C8A9-DBE4-4526-97FC-E1E01F283129} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] ()
Task: {C06A4653-7218-4E02-8D00-6238BA74D548} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-08-17] (TODO: )
Task: {C3B07214-C40B-40B4-8B71-E51C9D5AA81A} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-08-31] ()
Task: {E56B04CE-A1F1-4083-8D8C-904C819B55FB} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {FE128BC5-58F3-467F-810C-DBE1CE17AA9A} - System32\Tasks\ASUS\HyStream service => C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe [2015-06-12] (ASUSTeK Computer Inc.)
Task: {FE94F014-7A25-4743-956F-3BDF6F7EE08F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:24 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-17 19:27 - 2013-04-15 11:50 - 00198144 _____ () C:\WINDOWS\System32\HP1006LM.DLL
2016-02-17 19:28 - 2013-04-15 11:50 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1006PP.dll
2016-02-12 09:57 - 2015-05-08 02:26 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-01 17:02 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-01 17:02 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-01 17:02 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-02-12 09:57 - 2015-08-21 03:57 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2016-10-12 20:03 - 2016-10-25 16:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-12 20:03 - 2016-10-25 16:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-12 20:03 - 2016-10-25 16:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-10-12 19:52 - 2016-11-10 18:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 19:24 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-06 19:31 - 2016-08-06 19:31 - 00959168 _____ () C:\Users\SheldonB\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-13 17:09 - 2016-09-07 00:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 19:16 - 2016-12-21 03:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 19:16 - 2016-12-21 02:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 19:16 - 2016-12-21 02:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 19:16 - 2016-12-21 02:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 19:16 - 2016-12-21 02:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 19:16 - 2016-12-21 02:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 19:16 - 2016-12-21 02:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 06:55 - 2017-01-23 06:55 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 06:55 - 2017-01-23 06:55 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 06:55 - 2017-01-23 06:55 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 18:50 - 2016-12-14 18:50 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-02-12 09:57 - 2017-02-01 19:35 - 00036648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-02-12 09:57 - 2015-05-08 02:26 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2016-10-12 20:03 - 2016-10-25 16:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-12 20:03 - 2016-10-25 16:20 - 60819000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-12 20:03 - 2016-10-25 15:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-12 20:03 - 2016-10-25 15:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-12 20:03 - 2016-10-25 15:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-12 20:03 - 2016-10-25 16:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-12 20:03 - 2016-10-25 16:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-12 20:03 - 2016-10-25 15:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-12 20:03 - 2016-10-25 15:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-12 20:03 - 2016-10-25 15:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-12 20:03 - 2016-10-25 15:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-08-14 03:17 - 2015-08-14 03:17 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-404982144-3513266834-2388539628-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-404982144-3513266834-2388539628-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "AO Link Server"
HKU\S-1-5-21-404982144-3513266834-2388539628-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-404982144-3513266834-2388539628-1004\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{9DC0510A-B1CF-4999-A6FF-8351909FD5E6}] => D:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{9E43FFB6-F1FF-438D-8C8D-E732DC21C00C}] => D:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{B4A13C12-D5BF-4E1B-BFCD-E96D9C0421A1}] => C:\Program Files (x86)\HP\csiInstaller\c65448bc-e467-4ec7-b4a5-246697f52957\Installer\hpbcsiInstaller.exe
FirewallRules: [{556529BC-9982-4949-81AB-2FC44B9EDCAE}] => C:\Program Files (x86)\HP\csiInstaller\c65448bc-e467-4ec7-b4a5-246697f52957\Installer\hpbcsiInstaller.exe
FirewallRules: [{DC9B8203-9F0F-4585-B307-599630AB1BEF}] => C:\Program Files (x86)\HP\HP LaserJet Pro MFP M125-M126\bin\EWSProxy.exe
FirewallRules: [{B4E32057-48CE-4F65-9D58-156D0A4A3C1B}] => C:\Program Files (x86)\HP\HP LaserJet Pro MFP M125-M126\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [UDP Query User{921BF120-DD9C-440D-B71C-05A924A61B1D}C:\program files (x86)\jitsi\jitsi.exe] => C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [TCP Query User{FDEA73B2-F75F-419B-B92B-F8949938DF8B}C:\program files (x86)\jitsi\jitsi.exe] => C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [UDP Query User{64C6D6DF-ABEC-493A-8421-2288DFD128C6}C:\program files (x86)\ekiga\ekiga.exe] => C:\program files (x86)\ekiga\ekiga.exe
FirewallRules: [TCP Query User{1EAF95A2-B30E-4BAD-8906-E9D47C460603}C:\program files (x86)\ekiga\ekiga.exe] => C:\program files (x86)\ekiga\ekiga.exe
FirewallRules: [{5C38F455-1D40-41A7-AD9E-A430CD6705D1}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{EE0861B1-CC96-4781-8D45-8B4839DC8906}] => D:\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{B53F4850-0935-4555-A788-332465D8FDC7}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{823C9072-147A-4F5F-BC4B-94FEA43B4E41}D:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe] => D:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe
FirewallRules: [TCP Query User{D7A86BFE-AB66-4A7F-A860-70629FDFA13F}D:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe] => D:\blizzard\starcraft ii\versions\base41743\sc2_x64.exe
FirewallRules: [UDP Query User{407263E9-FD2B-4C27-BC6D-9F35CC351983}D:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe] => D:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{10ED5A3B-AAB7-430C-A37D-FBECFA5208DE}D:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe] => D:\blizzard\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{3ADD9C8F-69FC-4A92-AD50-E3C5CD4A2F89}] => D:\Steam\steamapps\common\AoW3\AoW3_Debug.exe
FirewallRules: [{450FF75F-4EBD-4B09-A441-7E6D833322D5}] => D:\Steam\steamapps\common\AoW3\AoW3_Debug.exe
FirewallRules: [{112DFBA8-6429-4202-BA94-7ADB7E119E83}] => D:\Steam\steamapps\common\AoW3\AoW3.exe
FirewallRules: [{211DEFB6-B75C-44B6-BB00-F91D558898DB}] => D:\Steam\steamapps\common\AoW3\AoW3.exe
FirewallRules: [{D5AD0285-8113-4218-A8F3-FA1A7EE489C8}] => D:\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{AE6C5154-8F6D-4164-8656-9A973A06CC95}] => D:\Steam\steamapps\common\AoW3\AoW3Launcher.exe
FirewallRules: [{33CDEF63-6E15-4FE2-973B-33EC3142ED6C}] => D:\Steam\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe
FirewallRules: [{116A7C78-6359-4D96-B3F2-842FA2623921}] => D:\Steam\steamapps\common\Deserts of Kharak\TechnicalManual\DoK_Manual.exe
FirewallRules: [{53AABAD1-4F65-43B3-A988-93EB4BD5E8C2}] => D:\Steam\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{65286A06-16D7-42C1-8E02-63209D727298}] => D:\Steam\steamapps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{5F3EFB40-AC8F-45DE-8B76-3BFCCCD05E3C}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D70F6F1C-A47E-4B5B-8089-8403B2733EBA}] => D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{48F51960-CF19-405B-A512-B449B4A19141}] => D:\Steam\Steam.exe
FirewallRules: [{289D4205-E466-4AFE-AEE3-2BF72D5E9533}] => D:\Steam\Steam.exe
FirewallRules: [{9D735CF2-7163-47ED-830E-98CE21448B63}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2764DB7D-87AE-49F7-8E2C-8904D21084AB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9621E10B-7C1C-45A2-A38F-8036EA55505F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53B29A52-7A8F-4964-AC66-CF40B4A8C14A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BB9D9D9A-D2C9-4628-AEFE-45AE7335F398}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71AD5FE2-BEE7-41FA-9347-F478D5D6E6EA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E090D752-7105-4127-8BE1-54170B011196}] => D:\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{6E612D32-46F5-420D-814A-EBE240EEF3DF}] => D:\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{76EA2B42-4A91-41E4-A582-687CB0C5D48C}] => D:\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{F89A968C-5A2F-430F-8ED9-236B880B97A4}] => D:\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{B14E03BA-0DC3-48C1-B21F-205F9F22046B}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{37CB7B40-C6AF-4EE0-991A-A79BEDBAF897}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{66B8C5A3-3DE5-49B3-8138-B5D5A409A660}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF007EE3-7B2B-44D2-9DA0-D4434042A5AE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CFFAF53A-57AB-4EE3-AA03-0E9FE856E548}D:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe] => D:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [UDP Query User{40A0206E-963C-4A3D-B1EC-889BB01B1C34}D:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe] => D:\blizzard\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [{2255FCBF-C55E-47FA-B8C1-8E786F1978F6}] => D:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{3B755D6C-AB24-406B-8A6C-D60982D5A1B4}] => D:\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{E67D7F0B-8EF9-43C2-ABDC-4E5FA0C1B418}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{2CE9D7D4-8FA5-44C1-9C0E-37E5F787825F}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{132B12B2-116F-4607-A4F4-B37925E54507}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F4F92BFF-F969-491F-A023-957836730226}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FEDA47CF-5BCD-4B50-BBD0-86D967683823}] => D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{61E9A1CB-C72D-4894-857B-DCB808D60A9F}] => D:\Steam\steamapps\common\Star Wars X-Wing Alliance\alliance.exe
FirewallRules: [{57F50ADB-0B1C-4854-930A-334002D22526}] => D:\Steam\steamapps\common\Star Wars X-Wing Alliance\alliance.exe
FirewallRules: [{44368774-F482-44F2-8481-D31D2A903831}] => D:\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{C579005F-60AB-437B-B624-F881F9E02922}] => D:\Steam\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{F06B3249-8E4D-43C2-88B2-4163020E9805}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A8320EE5-A79D-439B-929A-72D183018EC3}] => D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4962F94E-AE9A-4B43-9711-C606DBCD12A9}] => D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0FDBC307-89A6-46C6-97AE-7419DECD7ED6}] => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{5538FE47-836B-47F7-8E71-1705E64B2EA0}] => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe

==================== Restore Points =========================

10-01-2017 19:21:19 Windows Update
19-01-2017 18:00:28 Scheduled Checkpoint
25-01-2017 14:20:45 Windows Update
29-01-2017 10:07:11 Installed LibreOffice 5.2.5.1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2017 10:14:01 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).

Error: (02/01/2017 10:14:01 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).

Error: (02/01/2017 10:14:01 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).

Error: (02/01/2017 10:11:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).

Error: (02/01/2017 10:11:00 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).

Error: (02/01/2017 10:11:00 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).

Error: (02/01/2017 10:10:01 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).

Error: (02/01/2017 10:09:43 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (3088) Unistore: Database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol: Index 00000002 of table FolderMetadata is corrupted (0).

Error: (02/01/2017 10:09:43 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).

Error: (02/01/2017 10:09:43 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3088) Unistore: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 412, PgnoRoot: 389) of database C:\Users\SheldonB\AppData\Local\Comms\UnistoreDB\store.vol (392 => 398, 396).


System errors:
=============
Error: (02/01/2017 10:09:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2017 09:02:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:37:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (02/01/2017 07:35:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:35:30 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (02/01/2017 07:35:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:27:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:25:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2017 07:24:46 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BAMJFKH)
Description: The server {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C} did not register with DCOM within the required timeout.

Error: (02/01/2017 07:24:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BAMJFKH)
Description: The server {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-02-01 19:24:23.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-01 19:24:22.528
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-28 16:29:21.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-28 16:28:12.449
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-28 16:23:09.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-11 19:21:35.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-11 19:21:34.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-11 19:21:31.066
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-09 17:15:12.355
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2016-12-25 08:59:02.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 21%
Total physical RAM: 16308.42 MB
Available physical RAM: 12787.09 MB
Total Virtual: 18740.42 MB
Available Virtual: 14920.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:134.46 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:827.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BE4EBFAD)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Please run the following

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it in the same location as FRST, and name it fixlist.txt

start
SearchScopes: HKU\S-1-5-21-404982144-3513266834-2388539628-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
emptytemp:
CMD: ipconfig /flushdns
end


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply. Ensure to restart your computer.




NOTE: You have an old version of the tool below... Please download the all-new version 3.0 of this tool:
Malwarebytes' scanner
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes' scanner to your desktop.

  • Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
  • Click Finish.
  • On the Dashboard, click the 'Check for Updates' button.
  • After the update completes, click the 'Scan Now' button.
  • A Threat Scan will begin. Please allow it to progress through the scanning process.
  • When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open Malwarebytes once more.
  • Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Find the log on your Desktop and Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

Last edited by Dr Jay on 2nd February 2017, 10:35 pm; edited 1 time in total

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
I can't find frst when I enter the system recover options and use the command prompt

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Sorry, we aren't going to work in System Recovery Mode... I have updated my post with better directions, my apologies:
http://www.geekpolice.net/t30427-trojan-multi-genautoruntask-a-detected#214364

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Sheldon (02-02-2017 19:00:12) Run:1
Running from C:\Users\SheldonB\Desktop
Loaded Profiles: Sheldon & SheldonB (Available Profiles: Sheldon & SheldonB)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
SearchScopes: HKU\S-1-5-21-404982144-3513266834-2388539628-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
emptytemp:
CMD: ipconfig /flushdns
end
*****************

HKU\S-1-5-21-404982144-3513266834-2388539628-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10666762 B
Java, Flash, Steam htmlcache => 131770 B
Windows/system/drivers => 36071322 B
Edge => 3561691 B
Chrome => 0 B
Firefox => 178670875 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5640876 B
NetworkService => 13812 B
Sheldon => 50462368 B
SheldonB => 104837269 B

RecycleBin => 0 B
EmptyTemp: => 372 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:00:17 ====

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/2/17
Scan Time: 7:04 PM
Logfile: mbam-feb2.txt
Administrator: No

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1163
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-BAMJFKH\SheldonB

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432785
Time Elapsed: 1 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Please run the Bitdefender QuickScan, and once done, press the View Report link. Post that log in your next reply.




Please launch Malwarebytes scanner which you have installed on your computer.

  • On the Dashboard, select Settings.
  • Click on Protection.
  • Ensure that Scan for rootkits is checked. If not, check it.
  • If you are notified the Database is out of date, click Update Now.
  • Click Scan now.
  • When completed, click the down arrow on Export Log and select Text file (*.txt).
  • Save the file to your desktop as MBAM.txt.
  • Click Apply Actions, then restart your computer, if requested.
  • Please copy and paste the contents of MBAM.txt into your next reply. Also, indicate if it was successful.

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/2/17
Scan Time: 7:04 PM
Logfile: mbam-feb2.txt
Administrator: No

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1163
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-BAMJFKH\SheldonB

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432785
Time Elapsed: 1 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/3/17
Scan Time: 7:45 AM
Logfile: mbam-rootkitscan.txt
Administrator: No

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1170
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-BAMJFKH\SheldonB

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434069
Time Elapsed: 2 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

It was successuful.

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
QuickScan 32-bit v0.9.9.152
---------------------------
Scan date: Fri Feb 03 07:42:14 2017
Machine ID: A83F025F

C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll - upload failed
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll - upload failed
C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll - upload failed


Failed to upload 3 file(s)! Please rescan.
------------------------------------------



Processes
---------
(unsigned) hpwuSchd Application 9288 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(verified) AiCharger Application 904 C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(verified) Firefox 3616 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified) Firefox 6592 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified) Firefox 2716 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified) HPStatusAlerts 9332 C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(verified) Kaspersky Anti-Virus 6044 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(verified) Kaspersky Anti-Virus 6732 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(verified) Malwarebytes Tray Application 7348 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(verified) Node.js 10148 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(verified) NVIDIA Container 4948 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(verified) NVIDIA Share 3092 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(verified) NVIDIA Share 9520 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe


Network activity
----------------
Process firefox.exe (6592) connected on port 443 (HTTP over SSL) --> 52.40.13.190
Process firefox.exe (6592) connected on port 80 (HTTP) --> 72.21.91.29
Process firefox.exe (6592) connected on port 443 (HTTP over SSL) --> 54.192.48.171
Process firefox.exe (6592) connected on port 443 (HTTP over SSL) --> 52.37.201.150
Process firefox.exe (6592) connected on port 80 (HTTP) --> 66.235.153.37
Process firefox.exe (6592) connected on port 443 (HTTP over SSL) --> 142.176.121.227
Process firefox.exe (6592) connected on port 80 (HTTP) --> 66.235.153.37
Process firefox.exe (6592) connected on port 80 (HTTP) --> 142.176.121.232



Autoruns and critical files
---------------------------
(unsigned) hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(verified) AiCharger Application C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(verified) HPStatusAlerts C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(verified) Microsoft OneDrive C:\Users\SheldonB\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(verified) Microsoft® Windows® Operating System C:\Windows\System32\cmd.exe
(verified) Microsoft® Windows® Operating System c:\Windows\System32\userinit.exe


Browser plugins
---------------
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
(verified) Adobe Content Decryption Module for Fir C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\gmp-eme-adobe\17\eme-adobe.dll
(verified) Bitdefender QuickScan C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) gmpopenh264.dll C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
(verified) Intel® Identity Protection Technology C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
(verified) Intel® Identity Protection Technology C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
(verified) Internet Explorer c:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(unsigned) NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
(unsigned) NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
(verified) Plugins PDK c:\program files (x86)\kaspersky lab\kaspersky anti-virus 17.0.0\IEExt\ie_plugin.dll
(verified) Widevine Content Decryption Module C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll


Missing files
-------------
File not found: C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\ALRun.exe -start
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"AO Link Server"


Scan
----
MD5: 57a83f391380df8de12ba684b669e48d C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
MD5: 5f1091fa113607c9c9b2ecf4fbc76f37 C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
MD5: 37f7dd839a711b5706b1264f4d8d4bdc C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
MD5: ac15768336b24ad9626ed65dfb33464e C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
MD5: 82b37c8894360ea87665d2ddcb582b55 C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.28\AsusFanControlService.exe
MD5: bbf8f831c7720dd5135d8c4c8325187a C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
MD5: f6d02735de16705c1ebe6429592cd355 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: b932e0ee190778d840f1442dfc0f9612 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 596dc69bb40a96fca4b19d9d1e221e34 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: ce5c9977da751ddc30952ac4dcbca788 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
MD5: 86724a200bf1f08a03fb563660fcd928 C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
MD5: 64e96b86d6c5d29c89b206d6f19dabe9 C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
MD5: b170174a8e9f20cb63c562e4a95f4c80 C:\Program Files (x86)\HP\StatusAlerts\bin\Alerts.dll
MD5: b399db248af3502379b7557ff5ec0f0a C:\Program Files (x86)\HP\StatusAlerts\bin\AppConstants.dll
MD5: 6f91437ff71067cb98204231f432b572 C:\Program Files (x86)\HP\StatusAlerts\bin\DMBaseObjects.dll
MD5: 6f5bdc8267e7f887ab3f9d4764eeaa15 C:\Program Files (x86)\HP\StatusAlerts\bin\HPAppTools.dll
MD5: 21dfbff0121ca9742e39b32779d8408a C:\Program Files (x86)\HP\StatusAlerts\bin\HPServiceCommunicator.dll
MD5: 8913fe8d1ce9834a2422ac57f91df782 C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
MD5: b3f65bb440feda13bb34ef1317cc1511 C:\Program Files (x86)\HP\StatusAlerts\bin\HPToolkit.dll
MD5: e01d74d97af5cdc0512a9bbab6144490 C:\Program Files (x86)\HP\StatusAlerts\bin\HPTools.dll
MD5: 15b3750a8306b9632bb9cb962ed9e7dc C:\Program Files (x86)\HP\StatusAlerts\bin\LEDMMapperObjects.dll
MD5: ca6946dd9d47a151edf7a054603f3635 C:\Program Files (x86)\HP\StatusAlerts\bin\LEDMXMLObjects.dll
MD5: 58c50806d92bb4f55ed97ce80fb6b450 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
MD5: 9328f1a1e158da90bcf72ce299def3d0 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
MD5: 25c3e6669946cb890ece2e73dd44b6f2 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
MD5: 37ac03655eceacf37ad4a9996251150f C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
MD5: 8213094ea736a9c575ab0e22ad09b0ba C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
MD5: 1dfc3cca51785254c5604238bb1a5467 C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
MD5: bbe446bab5ccd555a75a9d925ad7b7f8 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\ac_meta.dll
MD5: 03b45c52179e8dae51a0f685c30d06d6 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
MD5: 0b52ca78ebe7c885d64116eab5253ba1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpservice.dll
MD5: e14f3c1c1833a0bb3b639d1bd5f55bf5 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
MD5: 35605dbac24ab135004efc3e61555a65 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpuimain.dll
MD5: 13028d7ce3b53754b1350babb8e03645 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\backup_facade_metainfo.dll
MD5: eac90f7f824172c26ef79a3b4c21a125 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\bi_meta.dll
MD5: 7a2d25fbc9d615898baa56897088ae1b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\content_filtering_meta.dll
MD5: 57579fb647d45f6287d2c78bf3ce7a23 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\dblite.dll
MD5: 45a916a97a898d9ba9f5f30658cb33ef C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\dumpwriter.dll
MD5: d2b9aca7f98dd0bcc50eddf50d834262 c:\program files (x86)\kaspersky lab\kaspersky anti-virus 17.0.0\IEExt\ie_plugin.dll
MD5: 48b4e14571bea9ebefbf44d01dce24b7 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\inproc_agent.dll
MD5: 90084fc1f40d78f7e6cce6fe87d1c084 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\instrumental_meta.dll
MD5: 24337596076711fa682d9b09db85863f C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\instrumental_services.dll
MD5: d58c0ded5c7a99be88b8a7834e4d386a C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.kis.ui.balloons.dll
MD5: 0c2bee711ac012146b597d73dba2c35c C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.kis.ui.dll
MD5: d87700ccecd9774c3b8fba3715200a4b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.kis.ui.loader.dll
MD5: 72bec3e0b342d3f73624c0441b6655e2 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.kis.ui.reports.dataaccess.dll
MD5: 2574cc21fd97763cbbae244ec4e4e4c9 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.kis.ui.shell.dll
MD5: 4eeabaa143161b37dc5ca856ae4226fa C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.kis.ui.visuals.dll
MD5: b90f8c3e2cc592b029db77c55c238abe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.platform.localization.core.dll
MD5: 7ebe7bd7b247895014015c5162f3e15b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.platform.nativeinterop.dll
MD5: b0fed1ac66d168b51d77f4af77fd0564 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.pure.backupdiskscanner.dll
MD5: 6d2e8aafcfa74533963be3e1761c0a20 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.pure.ui.backup.dll
MD5: 66f88a1fdb80799278fb2e005cf64958 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.common.dll
MD5: c3b20351ac35d105dc558460b465d9ad C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.common.vb.dll
MD5: 2168ad2360e10b254f9ccf59b87d0402 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.core.dll
MD5: 7df1b98f9ff964b0c25d246aacf04301 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.core.visuals.dll
MD5: 61cfee454fa7cd67e40967dd5daebaf1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.balloons.dll
MD5: 72cf01b935cc41cc1ee70f54ec2c3ddb C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.ipm.dll
MD5: 452a7a9e520d165da8c6d544845653c6 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.reports.dataaccess.dll
MD5: 8942c437ae330abb9f43565f389e4430 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.reports.dll
MD5: c5d421c0eeec7543604d9d44c8a82708 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.safemoney.dll
MD5: 922e91ce57bd70e4062bb1a92adfd9ef C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.services.dll
MD5: 445b8050761fd7f9a2ba2d6d0d910c10 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kasperskylab.ui.platform.views.dll
MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kl_service.dll
MD5: b409f81fb1687074cf6c5284ad1d87a6 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\microsoft.practices.prism.dll
MD5: 252e9e37cf998800841c259a64cf3722 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\microsoft.practices.prism.interactivity.dll
MD5: 6df78bb163d443d95b21f58808320af7 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\microsoft.practices.servicelocation.dll
MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\msvcp100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\msvcr100.dll
MD5: f91fb791be279ff0363f37ddbc507882 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\nemerle.dll
MD5: 717459e3cd8e6123cb45fe65373f7b7e C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\nemerle.peg.dll
MD5: 2ac2a81d05bb7ca3dc74f5cc05905e4c C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\params.ppl
MD5: d78f94ac95bb8c877452c670e7134a6b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\plugins_meta.dll
MD5: 245fef3e4016ef7e18f82cf0329dc540 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\prcore.dll
MD5: 0a9f6da31971144cc0fe874cbea6c77d C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\product_info.dll
MD5: 2f23da511e57cf718416c7896d4a63d8 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\product_metainfo.dll
MD5: 189acc9ec9145eb48a64ab3f29139350 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\prremote.dll
MD5: 009f607da89752b0289a8f9fcb5db86b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\pxstub.ppl
MD5: 78999cba9ab96123ef27d16f70056794 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\remote_eka_prague_loader.dll
MD5: 7c516156d1e95b53692b2453abbe1125 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\sw_meta.dll
MD5: 5ab96960dab3f6fd16ccfd047d67f8c6 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\system.data.sqlite.dll
MD5: 522cfea73b99fc225c921e912547805f C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\system.windows.interactivity.dll
MD5: f9f349f5107bb6feef34d3e5ca831fc5 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\system_interceptors_meta.dll
MD5: 520f4445b35593ddfb367e4930f3d911 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\ushata.dll
MD5: ac6a5c25cde65cdf226b0067f32f6869 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\vkbd.dll
MD5: cd51fe428282db6d916aac46ef3a40ce C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\winreg.ppl
MD5: 8c8632aa45a1f765966ff9b0474f8881 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\app_core_legacy.dll
MD5: 0b52ca78ebe7c885d64116eab5253ba1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpservice.dll
MD5: 57579fb647d45f6287d2c78bf3ce7a23 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\dblite.dll
MD5: 45a916a97a898d9ba9f5f30658cb33ef C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\dumpwriter.dll
MD5: 24337596076711fa682d9b09db85863f C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\instrumental_services.dll
MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\kl_service.dll
MD5: eff5ea6088db81c6ef6edcda5ee79909 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
MD5: bdb3d8437752ebcd11db04082b1fe8a5 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
MD5: 6129d6efb0aa6e8444790ca08837f090 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeuimain.dll
MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\msvcp100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\msvcr100.dll
MD5: 2ac2a81d05bb7ca3dc74f5cc05905e4c C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\params.ppl
MD5: 245fef3e4016ef7e18f82cf0329dc540 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\prcore.dll
MD5: 273d2eb8c8630b4cb78e53e22308b5b1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_info.dll
MD5: 2f23da511e57cf718416c7896d4a63d8 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_metainfo.dll
MD5: 189acc9ec9145eb48a64ab3f29139350 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\prremote.dll
MD5: 009f607da89752b0289a8f9fcb5db86b C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\pxstub.ppl
MD5: 520f4445b35593ddfb367e4930f3d911 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ushata.dll
MD5: cd51fe428282db6d916aac46ef3a40ce C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\winreg.ppl
MD5: bc0be695e63548171105c57d2e9b98e7 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll
MD5: 6bfbf95b7253f32a77bacdf119b678f3 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll
MD5: 07ba5f40c64134e5749df0e8cfee082e C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll
MD5: cb4e401ce4fc657ccebb85f96840cc8b C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll
MD5: b53d96644f5774fe29ba8bb12d6e5f66 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll
MD5: 49a69484b524c6f9fd641e015dd15154 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll
MD5: 66f65b59dff2f8927dc3c8045d8c3a0a C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll
MD5: 11218c9f81404a51d1eb6b56ba60f9ab C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll
MD5: d67520bff673cab4b2ed1af12de37a1f C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll
MD5: e65f76759251845fa1e6a3cf41b5f231 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll
MD5: 1622347a34eba068916713cf28f46b67 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll
MD5: f7af6bb63229721005c8ac85dc86f5c2 C:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll
MD5: b2a2affaebe900ede45d730c75d811cc C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MD5: 2ef2b10e5f65fb054d2d54bda54d230b C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: da4ea4acb19b938544d22e34bcd53a34 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 23a5b410eaf32364ac7edc2ccc175b36 C:\Program Files (x86)\Mozilla Firefox\lgpllibs.dll
MD5: 3a8f97e74fd376d5d6a040fa951b2662 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: d25c3ff7a4cbbffc7c9fff4f659051ce C:\Program Files (x86)\Mozilla Firefox\msvcp140.dll
MD5: 24b07e74cc7d36b79789feed121807ce C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: a8aec06698b6a650db4a6012906903e0 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 37ae69d2ee27f5591b2ac5e87948a5b9 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 59a510daf4f88960434612f83fdc85e2 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: f378291cb1bae8a3972c6ea1287078c9 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: a2523ea6950e248cbdf18c9ea1a844f6 C:\Program Files (x86)\Mozilla Firefox\vcruntime140.dll
MD5: adf79a49e942c91d1fc9863cbfdd6b58 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 4cd514d678cf4fce3993a103e5d9828c C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 7165dce213dd0b3aafe6b0526c7e7229 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 5fae83bf2faf8aec81dda14705871f9a C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libeay32.dll
MD5: f78842c9f9b56ffabc5b21e8fa9d9483 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
MD5: aefc6b25904a2cc65410ca2d90952499 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\MessageBus.dll
MD5: 488cb162e79b4eb54d0c4d1c9a2b0fea C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
MD5: 00c073c09aed16a90dd3a74e5685df98 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User\NvBackend.dll
MD5: 28cb95ad1bc353b9e1d1c8c3e631ec67 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User\NvTelemetry.dll
MD5: 6e2b1e1e2829d55a5318126aa2a4053c C:\Program Files (x86)\NVIDIA Corporation\NvContainer\poco.dll
MD5: 7f380e21b088094957019d03aeb57d28 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\ssleay32.dll
MD5: d09f73cdc3d9bfdb1be6e2b6a282e529 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
MD5: 3ac537722de58fc88e7ae059064958db C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
MD5: 5a6274a2b9c52fc894b1d379198d447d C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
MD5: 4bf40d8e7a36529aca3c4bba89c393eb C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvAccountAPINode.node
MD5: c3248f838998a393b9a7922dd73f19de C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node
MD5: e8e25774f6749232131d330dcb08885a C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
MD5: 0531e7b0f5f369cccca555e429a969ef C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVGalleryAPINode.node
MD5: 5e408095007d35e7b92742fec265cbba C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
MD5: fdb2a9e5eaef81394d3f4aad482fa5af C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node
MD5: 489ae0ecf3b7162b811e1c52a43eefec C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
MD5: ab8c88b1a2070c1d3b0f7ca4c01f0332 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
MD5: b28f651891be9891c082e6097ec3da80 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node
MD5: c4b37cc644574b25e36f0a1e8b849e18 C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\NvGameShare.dll
MD5: ae9ca277c89fff278d0ecc63800aed02 C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\NvGfeServiceBridge.dll
MD5: 32b25c2a55ff03c21dd09528e2a77e04 C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll
MD5: 2f10a1389d5bacc01bcbd5fa966cc248 C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MD5: 21bfc67e5e4ff5586d3f4e2222c1c71f C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackendAPI32.dll
MD5: f3aab7df6408431c762d8721b68f46e4 C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: 2c85f07c5a258804c1fa5a3c6764c475 C:\Program Files\ASUS\Turbo LAN\spd.exe
MD5: eaaa2b83c4764fdcfbee4a4d6546de92 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: b5c2f92ee1106dfe7bb1cce4d35b6037 C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 7d811ea7a2aaa49b0446d42cbc1cd338 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: b63cf22d1ad2abdc39d85851b2beaa6d C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
MD5: 97c9ebb84a761d48dc17e0e6b913c164 C:\Program Files\iPod\bin\iPodService.exe
MD5: ebbad3264c7683809c4ca7c3df275a52 C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
MD5: 5f08d1a781f5d8869cd89dfa8ac99398 C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll
MD5: 9cacd8c8aca6828a6f516865edef143b C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
MD5: b8a2896ad2de546a10793442bf4c8ffa C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
MD5: 88b3a248885e1a06646905a3cf61cac3 C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
MD5: 16c52c3c701868a21c75afa1c13cae6b C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
MD5: c06f75e8032b22cb6f2f01119837e26c C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
MD5: 80873034b8547cfedb209de1657cf36e C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
MD5: 2354ae342cdad113a0a6a35e445c7a2b C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
MD5: 0cbc0ac1487f433fa2547656f4c4dafe C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
MD5: 9f015231ce6dcdd8d6733888fe3747b2 C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
MD5: 87bbc81291be721ab69e7a43c0ac6281 C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
MD5: 804e3246e3e73d4a936f2f4bcdc53a2d C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
MD5: a6a21a7d544675e98c040da18904cf50 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
MD5: fd5cabbe52272bd76007b68186ebaf00 C:\Program Files\Malwarebytes\Anti-Malware\msvcp120.dll
MD5: 034ccadc1c073e4216e9466b720f9849 C:\Program Files\Malwarebytes\Anti-Malware\msvcr120.dll
MD5: 46d4c009bd925703c125d3d329a54684 C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
MD5: 01a29f0c9516118dbfb8805c71c3057e C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
MD5: 376a23bb3499f37586b91f8a4206a1da C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
MD5: 41f9337269e5b684b2fc288edb1e1b31 C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
MD5: 5a8f3033f2f6eb3671ffb0ca489fa12f C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
MD5: 183de395338e4823fad467e07978f522 C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
MD5: 58f567dbd26b920f22a13a691d74b1b4 C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
MD5: 0c77de06aede4d669de3943b35b0cfc7 C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
MD5: 6eb7aed41ec0e502585d2587e53a4da6 C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
MD5: 20121a13f5dcacb34e401b3e0a8016c2 C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
MD5: 35cc29ae4a67493d53e688370d4ccc5a C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
MD5: 1efce0dcd6bb594da1bde6a42e907df7 C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
MD5: d16539a1b5c3a16986ad69597d6eae85 C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
MD5: 6aebc7136c17478cbc9a772f1e60eb9e C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
MD5: a6ed2e5e268d83b77d15348591cb8ae5 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
MD5: 06c7dad44f4b95aa02be2107486274bc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
MD5: 352919955d0afdbb4900657a671eb9e3 C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
MD5: 5d31780eabba5fb994ae217ff79ac01c C:\Program Files\Windows Defender\MsMpEng.exe
MD5: f9a6050fca8fd24870eb199d7ec54606 C:\Program Files\Windows Defender\NisSrv.exe
MD5: b3f74e43a73504f3c1d2b10948e67ec4 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: ffecef67400c0fbdacab3c7913b78f6d C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klsihk.dll
MD5: 8f2ea5ee0695cce2285d92c44108375c C:\Users\SheldonB\AppData\Local\Microsoft\OneDrive\OneDrive.exe
MD5: 12c0b77ce2eb7e6cca679aa528e208e7 C:\Users\SheldonB\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll
MD5: b8ff5528c19e81b85a800bfcf41f16d4 C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: b1c853e7285e224a69695be88ed31a2c C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\gmp-eme-adobe\17\eme-adobe.dll
MD5: ac8327b0d820f6177ceefff995a76080 C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
MD5: 6f4c70c96fedc4e0a79c49d75fb31819 C:\Users\SheldonB\AppData\Roaming\Mozilla\Firefox\Profiles\r2famy3r.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
MD5: cfa562af7b0bf67505b56e5c00816281 C:\Windows\AppPatch\AcLayers.dll
MD5: be661b7e852493a57bb3a5bbfb58a4c4 C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
MD5: e8b4162a8e5ca2ccdcb25b6002d43fb9 C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
MD5: 30ef350e978fa6956320aedfc75d5411 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9ad5d97ade63ecd8b60f63393a947d6e\mscorlib.ni.dll
MD5: 21bde40517004d5c402dfce159cd05be C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\649d90e2133d3555a2359bf4673bc283\System.Configuration.ni.dll
MD5: 8b8efe0392736c4693e481686f1130d0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\cdcce378eb7a99479cfdfb6f332d3f72\System.Drawing.ni.dll
MD5: 995097f6c5c7125348c60fd137ea06ff C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\b7e8ba480b2362f41783653b073265c1\System.Management.ni.dll
MD5: acade261e57d1fbf60f1c76f31bd3c2f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e0772eed6f7073053565ec73ba6a9200\System.Runtime.Remoting.ni.dll
MD5: 2d5f346241894cec7b7e7592ef3ea480 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d68ea12bfe9ee2551ac844605014acd8\System.ServiceProcess.ni.dll
MD5: 156be932ab20a330531e5fa537cacbcd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7983f943973b5c35b032bf6d8398e8bf\System.Web.ni.dll
MD5: da2f2d32d63a898d19277475b0f435fd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0f305c60a30db4482e9663104bbcf7a8\System.Windows.Forms.ni.dll
MD5: 77506fa9252a9da9142e115ae3b22f7a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\026d44ef25a1b7ac0ec4018d2e110bd7\System.Xml.ni.dll
MD5: 2badb713d035e4f02fbd74e9b3c3eb67 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c7d0e65d5d01d4d5381bb1d40c4c56c7\System.ni.dll
MD5: 4e10fb1a015b49ac68f76c1a3f4d9c0f C:\Windows\explorer.exe
MD5: 4dac0befb5e8d1f6a837f9306d92a643 C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
MD5: 252ea54dcd53421cd4223e2eae5d23ca C:\Windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
MD5: 5c91464f76a59d1417cd39dfd9f0a314 C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
MD5: 1d0451b5bc0414f227328090e9a44f2d C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 76e9b5994c8af4977b166ab752c66991 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MD5: ec464afbe0d68fd3b362669e0bc7ac68 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
MD5: 90ad6b64bea33d0a280b91507f8128cd C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MD5: 2b23d5f76d11ed98897ba40723913b7b C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll
MD5: a1cd75855d53a0380dd1dc51ae571da0 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll
MD5: 48f954a054479b3d13b5eb7bacf76daf C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll
MD5: faaad1340922e4a90d50ab794d467ad6 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll
MD5: 11949b99dd6166e437d4be87de643d36 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero2\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero2.dll
MD5: c1575225d0ac59e6889c7dbe77368c86 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MD5: 02d461eadaac654531c3a89015f661f3 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MD5: 218e07db323d6e814c2b7b5bf73b8a55 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
MD5: 1abd6936eebe52411d142c0485085eeb C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
MD5: 0c5b667e90103ff0523a92ee037d9341 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
MD5: b2dbf83fc811616a5d0d0a7cbe308c8b C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MD5: 993c58027539b0251ddd26d22487edff C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
MD5: a9e47da43d9da776e9098e8d84a4753c C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll
MD5: 5319155626ab69928da8f9b24fa854d4 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll
MD5: e2d397787188c560be487028a191a89f C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MD5: e9b6c308389dfbfe68915e98a89e7b45 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
MD5: d3de7890b2241ad335adcb5b2e28765f C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
MD5: 7bd777b98b90e7e426cb286ced4ce109 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
MD5: 9bef41e48992c85b2385118d107b537f C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
MD5: e40f910c532767e22ed9110e4ec87936 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MD5: cb8d1aacfd6dc97530ad1d7f1bcf9ced C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MD5: d247833262165d1f48e0c893c6890716 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
MD5: bf3543f46f43307362c65b0f7a056c24 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
MD5: 59241194dbdf30a2b4029e402f377900 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: efa857e2b0cc7c9dfef48a2187b910f7 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: 942a0fd4301180517656df2d7df45574 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 58d8e6b37f33776fcdce3e91df25faba C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
MD5: 25cee067aed86ff988c8d31bd7212a21 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: fe3a877218f498f90dd1d097fb770bfa C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: 7210d35665fb3a0353a2b7ad2acb293c C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 2f12004529cc3612b0b43bfeb167733e C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 7531d3f8dc93ccbcc29e012286260a60 C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
MD5: 0487cfc8ab4470573d6e268c20bbe29c C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 9806f14fa613b53d1ce056c00648ff6c C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
MD5: 15edb85eed1134dc44882be733047303 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: fa0f679dbb827a17e99afc0096f1885b C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: 09440fa30c020b4443391fafcf4876e3 C:\Windows\servicing\TrustedInstaller.exe
MD5: 0fec5f30e705eadaea5e9144f2fb12dc C:\Windows\System32\cmd.exe
MD5: 1d090d82282336cd790733fae33641e9 C:\Windows\System32\coremessaging.dll
MD5: e0201a4bb639042959a11457a52dd627 C:\Windows\System32\dhcpcore.dll
MD5: 6046950fc9ca5b7a7e084c189658dacb C:\Windows\System32\dllhost.exe
MD5: 34c935af2a414572b412b3556586d783 C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
MD5: eecb0fd97bd18e223d3a92d9b7e6fd65 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c775b600ccf2cdac\nvd3dum.dll
MD5: 25c83321b51908e5f35f1ed17f443591 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c775b600ccf2cdac\nvlddmkm.sys
MD5: 93403b347583bd8d560563b0b485aa5d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c775b600ccf2cdac\nvwgf2um.dll
MD5: 297bfca82aa994ce9b95706146764fbc C:\Windows\System32\es.dll
MD5: af46710ddb8b0e304aa4fd2b940cabd8 C:\Windows\System32\explorer.exe
MD5: be6a279ed7023652dd94fa19e9b27882 C:\Windows\System32\hidserv.dll
MD5: 0675de1739ec0e6cc8a9ec5ce459236a C:\Windows\System32\keyiso.dll
MD5: 35ba17ff927b79eddee436adeb98ef21 C:\Windows\System32\mprdim.dll
MD5: 9d69473a54b200870a407b0e7103ee28 C:\Windows\System32\msiexec.exe
MD5: 8e6958813b6faaff8a6ee9f2a7040299 C:\Windows\System32\mswsock.dll
MD5: 390e89b590bf63eebf88abc15078a198 C:\Windows\System32\NapiNSP.dll
MD5: c4a39409d825d4808832c7b9243fc9b7 C:\Windows\System32\netlogon.dll
MD5: a8c6fcb5a946ab8a9553f43529dfda9a C:\Windows\System32\nlaapi.dll
MD5: 0faa756716218e68d46f9e2fee624242 C:\Windows\System32\pla.dll
MD5: 3f0f179c20f3633d2ec06774430ba831 C:\Windows\System32\pnrpnsp.dll
MD5: e5d081908b6dd64bdfc125a56428aea5 C:\Windows\System32\provsvc.dll
MD5: c0c426db80a332672b9648c595bd5d1d C:\Windows\System32\qwave.dll
MD5: e27c1f78981297d6ca2cec040158e469 C:\Windows\System32\SearchIndexer.exe
MD5: eb4f3bde38abf0aeecdfea76e2cb1eff C:\Windows\System32\SessEnv.dll
MD5: 25fd6dc3d4ec699e4ef5cfb91bfc6ecf C:\Windows\System32\shsvcs.dll
MD5: 71c635d7796d394138bffbb8c2559cfb C:\Windows\System32\smphost.dll
MD5: 1f8434dd4907c832e6e90d6298eab85b C:\Windows\System32\svchost.exe
MD5: 0cba864dbb0e503101c746befc01bbde C:\Windows\System32\tapisrv.dll
MD5: 58a2c2cc89d528de8fe8d3eadc8fbae4 C:\Windows\System32\Unistore.dll
MD5: ac79703ebf464c6ea2ae2cc65e6878a0 C:\Windows\System32\upnphost.dll
MD5: fa900e6cccf0a429d5b720c6f0e2274b c:\Windows\System32\userinit.exe
MD5: 2e63ca57869cfa25cb072befe64a2640 C:\Windows\System32\wdi.dll
MD5: dc496ecfc465280a610188c9b316da21 C:\Windows\System32\WebClnt.dll
MD5: a185bcc083628a702d61f384b2d37de3 C:\Windows\System32\Windows.Internal.Management.dll
MD5: fe68cce3d2985526fb00c692e92e0fe2 C:\Windows\System32\windows.staterepository.dll
MD5: df51c1442a3db8ade2b78dcdec2419fd C:\Windows\System32\winhttp.dll
MD5: 6b408458867bf3b61f363c0eb423f87f C:\Windows\System32\winrnr.dll
MD5: b124b6d66ee6fab7b59fd114a633a1d1 C:\Windows\System32\WsmSvc.dll
MD5: 876577374f31702acc9e8584db453c9b C:\Windows\SysWOW64\advapi32.dll
MD5: 6d1a29096e54589362357cdf0ba1e9e9 C:\Windows\SysWOW64\apphelp.dll
MD5: 0c3c22395bba6b4f6af5075a0ffada86 C:\Windows\SysWOW64\AudioSes.dll
MD5: bc00c6f4e771d0c71d677d87a9897753 C:\Windows\SysWOW64\BCP47Langs.dll
MD5: c041ed5ce66bedfa0ceac973c8e5dac5 C:\Windows\SysWOW64\bcrypt.dll
MD5: dbb08db2f47433858c6606484f5fe545 C:\Windows\SysWOW64\bcryptprimitives.dll
MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 C:\Windows\SysWOW64\cfgmgr32.dll
MD5: 87d1e3eb90a316f1fd6dd60a2457189a C:\Windows\SysWOW64\clbcatq.dll
MD5: 09fb1e45c38939b300140f01d14d0e6a C:\Windows\SysWOW64\combase.dll
MD5: 053b12d5d2e45a7e01e43f008552620c C:\Windows\SysWOW64\comdlg32.dll
MD5: 5d52820bcf597eac5b109d1494b149ba C:\Windows\SysWOW64\crypt32.dll
MD5: 3d4308bac53b881b16d9bd1006abdc65 C:\Windows\SysWOW64\cryptbase.dll
MD5: 0e874792ff73e37ad88f47be222e1d59 C:\Windows\SysWOW64\cryptnet.dll
MD5: 0ce6aff79009aeec169c9a75b7567d30 C:\Windows\SysWOW64\cryptsp.dll
MD5: 6be1dae295eadf4a058f83c164a27089 C:\Windows\SysWOW64\cscapi.dll
MD5: 86f3dd8105ea18131bad4a145f31b668 C:\Windows\SysWOW64\d2d1.dll
MD5: 14165f6bc67b1b51dd9f55c339d63cb0 C:\Windows\SysWOW64\d3d11.dll
MD5: 17c406d38c3989ff3bdb17d08c1991ce C:\Windows\SysWOW64\d3d9.dll
MD5: 7d1cee0aec344815661c8c45cefc1643 C:\Windows\SysWOW64\DataExchange.dll
MD5: f9e3229224fec57a53f5b2a4b21942e0 C:\Windows\SysWOW64\dbgcore.dll
MD5: 529408e2c123d00d4cc2bebcc8479566 C:\Windows\SysWOW64\dbghelp.dll
MD5: 550ba2c78144d79bd4ce88f9be77be9f C:\Windows\SysWOW64\dciman32.dll
MD5: 15c27a751b2da417d6f9948369e8cb90 C:\Windows\SysWOW64\dcomp.dll
MD5: e728fb4102bf63937b40e38b8c3728b1 C:\Windows\SysWOW64\ddraw.dll
MD5: a1c818c3666dc5d95c40f36ef7b70685 C:\Windows\SysWOW64\devobj.dll
MD5: cf0766d323fb5bdd661fd9dd81708860 C:\Windows\SysWOW64\dhcpcsvc.dll
MD5: 8a581a8ee691fd046af2af51f2de9f02 C:\Windows\SysWOW64\dhcpcsvc6.dll
MD5: 227cfe3eda82029aac1c088a16297cd7 C:\Windows\SysWOW64\dnsapi.dll
MD5: d204c988115dd69889e3c0172e92bcff C:\Windows\SysWOW64\dpapi.dll
MD5: ff5221c2e5d5cc82f93eb7c99dc2852f C:\Windows\SysWOW64\drivers\AiCharger.sys
MD5: 6fdda70d46b51e80ca2311064d05df19 C:\Windows\SysWOW64\drivers\AndroidAFDx64.sys
MD5: 798de15f187c1f013095bbbeb6fb6197 C:\Windows\SysWOW64\drivers\AsIO.sys
MD5: 1392b92179b07b672720763d9b1028a5 C:\Windows\SysWOW64\drivers\AsUpIO.sys
MD5: a839b2cf099c3f328e6d369e29b14e02 C:\Windows\SysWOW64\dwmapi.dll
MD5: 63cf9e094a62a787937b955d654c55de C:\Windows\SysWOW64\DWrite.dll
MD5: 0fa371c4d87d47e4d2e39655de14f521 C:\Windows\SysWOW64\dxgi.dll
MD5: 3e26ca9b5ccd4c04506c0109bede3b36 C:\Windows\SysWOW64\dxva2.dll
MD5: 804dce6d165d93ed74a5472b84b6d429 C:\Windows\SysWOW64\evr.dll
MD5: f050c5ed0c243759023d91f25c2da94c C:\Windows\SysWOW64\ExplorerFrame.dll
MD5: 6d95c6266d85ea039fd2843f81fabd93 C:\Windows\SysWOW64\fltLib.dll
MD5: ba22c7afe02e09916c5664e1dd98a879 C:\Windows\SysWOW64\FWPUCLNT.DLL
MD5: a38bcc4df4da792c71f6fba54299f893 C:\Windows\SysWOW64\gdi32.dll
MD5: 56a1f18f27a325a4c17bf7ea963dbd2b C:\Windows\SysWOW64\gdi32full.dll
MD5: 727f75213c1971268d82bc573aa8f424 C:\Windows\SysWOW64\glu32.dll
MD5: 204bff7c714045b641862ee3a8ecf88f C:\Windows\SysWOW64\gpapi.dll
MD5: ff1b2a98c6e96f4541b24ecc2820db80 C:\Windows\SysWOW64\icm32.dll
MD5: 464235f5db3faf56c594a7b74d3837e3 c:\Windows\SysWOW64\ieframe.dll
MD5: 5e03e98e09a3a8bfa0277b2fe565b296 C:\Windows\SysWOW64\iertutil.dll
MD5: bfcfb0177935e235b1febade3694839d C:\Windows\SysWOW64\imagehlp.dll
MD5: 203f58ba41b48a59d6a047e0233db422 C:\Windows\SysWOW64\imm32.dll
MD5: 2eaa99959c52b2aa192ddc3730daad35 C:\Windows\SysWOW64\IntelCpHeciSvc.exe
MD5: 0a358dc3eff8e9c8c28a216385ffd9e9 C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: 845fd176fad495db046400ac93747976 C:\Windows\SysWOW64\kernel.appcore.dll
MD5: 956db4b52f2ce6365ade6b5d2d74a267 C:\Windows\SysWOW64\kernel32.dll
MD5: 4a0b06dd8211cda36d209fe61283db58 C:\Windows\SysWOW64\KernelBase.dll
MD5: 19d8119776943ed31455c54472dbfafc C:\Windows\SysWOW64\linkinfo.dll
MD5: 9b1ce49762baab1db9d02f98cd5cb984 C:\Windows\SysWOW64\mf.dll
MD5: 8bcbf263a1a513a6d5041c42b0fbaedf C:\Windows\SysWOW64\mfperfhelper.dll
MD5: a7aa7586a6e1cdd99667bdd8a9ad54bc C:\Windows\SysWOW64\mfplat.dll
MD5: dd8eac114e86965fcd82552f889ed23a C:\Windows\SysWOW64\MMDevAPI.dll
MD5: 25335383bc43aacdcd22836a3e732bdc C:\Windows\SysWOW64\mpr.dll
MD5: 5e8336c79be0c2f1080b575e434dd0e4 C:\Windows\SysWOW64\msasn1.dll
MD5: 60009a9d6b55655b7dc63353bc93b72e C:\Windows\SysWOW64\MSAudDecMFT.dll
MD5: 98989fdc88686e7d6a3ebedb41135cb1 C:\Windows\SysWOW64\mscms.dll
MD5: 2582aa6c1f88d34b37b7f82d790d232e C:\Windows\SysWOW64\mscoree.dll
MD5: 8ee8bdf714d986ac30193fe75478047c C:\Windows\SysWOW64\msctf.dll
MD5: 67bdb704614e9a44e8be03fa334e50f9 C:\Windows\SysWOW64\msctfui.dll
MD5: db22bf6e188f54e592c1bbfbd4f79497 C:\Windows\SysWOW64\msimg32.dll
MD5: 4f374782286ded5127d350cedbc2849e C:\Windows\SysWOW64\mskeyprotect.dll
MD5: 677a1a604ea11ceee78cd62ac0a79972 C:\Windows\SysWOW64\msmpeg2vdec.dll
MD5: fd5cabbe52272bd76007b68186ebaf00 C:\Windows\SysWOW64\msvcp120.dll
MD5: 8dd0eab4f85b2fea280677b117785b15 C:\Windows\SysWOW64\msvcp_win.dll
MD5: 034ccadc1c073e4216e9466b720f9849 C:\Windows\SysWOW64\msvcr120.dll
MD5: 856da04454a75cf6e7453d53cd90a29d C:\Windows\SysWOW64\msvcr120_clr0400.dll
MD5: 2b3053473d66ad4c34e05b4ab4a9636e C:\Windows\SysWOW64\msvcrt.dll
MD5: 8e6958813b6faaff8a6ee9f2a7040299 C:\Windows\SysWOW64\mswsock.dll
MD5: 390e89b590bf63eebf88abc15078a198 C:\Windows\SysWOW64\NapiNSP.dll
MD5: f2cae3c03d4eb93f9dc22d2d6e3d91cd C:\Windows\SysWOW64\ncrypt.dll
MD5: 5ca2520bcb004c8180b7afa45e879417 C:\Windows\SysWOW64\ncryptsslp.dll
MD5: a8c6fcb5a946ab8a9553f43529dfda9a C:\Windows\SysWOW64\nlaapi.dll
MD5: bc36aaf42722db03d8aab9f17b6c6ad9 C:\Windows\SysWOW64\nsi.dll
MD5: cda0441be02bb525b159b3949d9dc67d C:\Windows\SysWOW64\ntasn1.dll
MD5: aa3b16977532312a378b532db494b653 C:\Windows\SysWOW64\ntdll.dll
MD5: cf7308d27a2b2851249a7ce892017305 C:\Windows\SysWOW64\ntmarta.dll
MD5: b14ec96f7a15decf967560e981e592c8 C:\Windows\SysWOW64\ntshrui.dll
MD5: e3b51cbf04cfdb9ad6032f433cb8de9c C:\Windows\SysWOW64\nvapi.dll
MD5: 3d13f92cb781a48c76dff475624a3962 C:\Windows\SysWOW64\nvspbridge.dll
MD5: 1955f36f2f46498bd8c08a28538bb4ff C:\Windows\SysWOW64\nvspcap.dll
MD5: e74f2c29ecf25124be3da75fbd6a0e46 C:\Windows\SysWOW64\ole32.dll
MD5: af5121afe8c7eaa52e869b422162a77c C:\Windows\SysWOW64\oleacc.dll
MD5: abf355047ecebff79fe5224bcff9a2e5 C:\Windows\SysWOW64\oleaut32.dll
MD5: df275c9659ed8215695b572a8ce17fbc C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
MD5: 22331fd3ddd5ad8a9bf8ef609cf613ff C:\Windows\SysWOW64\opengl32.dll
MD5: 748c272726fbc78aa29381d110fb5252 C:\Windows\SysWOW64\pdh.dll
MD5: cb5343ff52a702a9acfaae6be972fe09 C:\Windows\SysWOW64\perfhost.exe
MD5: 3f0f179c20f3633d2ec06774430ba831 C:\Windows\SysWOW64\pnrpnsp.dll
MD5: a6f22ca344fd1b7d75d49ecc718693c8 C:\Windows\SysWOW64\powrprof.dll
MD5: ca6447ddca724f0c5c0cafde184efe64 C:\Windows\SysWOW64\profapi.dll
MD5: 69a2169e9b8a13e8d6211d2d978100cc C:\Windows\SysWOW64\propsys.dll
MD5: 7b73fc5ad82af0fb84212106455e0d48 C:\Windows\SysWOW64\psapi.dll
MD5: 49f66601f196554bc9b36310ce84f011 C:\Windows\SysWOW64\rasadhlp.dll
MD5: 3880361de2c511c7c5735b91016c4862 C:\Windows\SysWOW64\rmclient.dll
MD5: 056e20bf43207e95a92d38b539656e3e C:\Windows\SysWOW64\rpcrt4.dll
MD5: 9a03702c5ebbc4761770bae67764b219 C:\Windows\SysWOW64\rsaenh.dll
MD5: 5bc2d871eb445a70eb762ece7c574bbd C:\Windows\SysWOW64\RTWorkQ.dll
MD5: a4de7801642001f4836e9fa6a8128770 C:\Windows\SysWOW64\schannel.dll
MD5: ed839824e2d0cde4544276df61bb9868 C:\Windows\SysWOW64\sechost.dll
MD5: ace201d14a0f44f5634d178fd117d8cd C:\Windows\SysWOW64\secur32.dll
MD5: b4afcaa856c58fab35c6b6dcf802e420 C:\Windows\SysWOW64\setupapi.dll
MD5: 0f1e9d98cc524190e9b045908e6bc1f6 C:\Windows\SysWOW64\sfc.dll
MD5: 94c93f32b21eb2da6aff2c264b17e623 C:\Windows\SysWOW64\sfc_os.dll
MD5: ad950538c8e6ec4c423f260505d28275 C:\Windows\SysWOW64\SHCore.dll
MD5: def44b761300af3c2cf2955273325093 C:\Windows\SysWOW64\shell32.dll
MD5: 83d8a4e04f99c5fd749d34cc4b970a0e C:\Windows\SysWOW64\shfolder.dll
MD5: d9af3498fa5fe659c8f65408fdbf3990 C:\Windows\SysWOW64\shlwapi.dll
MD5: ddb56b83b18735f13fd1cbef877e9db0 C:\Windows\SysWOW64\srvcli.dll
MD5: 1a8e7650017f0bc9ad12a6861b5119ed C:\Windows\SysWOW64\sspicli.dll
MD5: b45f4a37ccb2eb5e33be5d019b630dfd C:\Windows\SysWOW64\sxs.dll
MD5: 046c293b4a3a2fc51cc7152495827f29 C:\Windows\SysWOW64\twinapi.appcore.dll
MD5: 804e7069b4c6c01b1f4b3a2d8618c77f C:\Windows\SysWOW64\twinapi.dll
MD5: 2e0694a49824cf82c1972020db227d8c C:\Windows\SysWOW64\ucrtbase.dll
MD5: 87be502e7b1d3705783c366ed0cba9f7 C:\Windows\SysWOW64\UIAutomationCore.dll
MD5: 771f172114e51fc2df5838476d97d90a C:\Windows\SysWOW64\urlmon.dll
MD5: 4bec594a3d4aeafac400d88f7e328c7b C:\Windows\SysWOW64\user32.dll
MD5: eb27fe8770bb56d2ba9c9c29f1ab07da C:\Windows\SysWOW64\userenv.dll
MD5: 22db034ad0d37d70be6e33c73a84671b C:\Windows\SysWOW64\usermgrcli.dll
MD5: 1f5d8a8444319a9e8a1b20dde8771b86 C:\Windows\SysWOW64\usp10.dll
MD5: 3b83c49b5a250a95183dcbbb384b45f4 C:\Windows\SysWOW64\uxtheme.dll
MD5: 181fe38c3fe164fbfc1a5a8399ccc2da C:\Windows\SysWOW64\version.dll
MD5: fba861ef9ae6f64ca375eea558d3149b C:\Windows\SysWOW64\wbem\fastprox.dll
MD5: 003274de008d272c16c80d726845c23c C:\Windows\SysWOW64\wbem\wbemprox.dll
MD5: 75b865ad79ecea39f566f4ee82b8ec07 C:\Windows\SysWOW64\wbem\wbemsvc.dll
MD5: 6ae34de520137f17f0474a7fe88e0f30 C:\Windows\SysWOW64\wbem\wmiutils.dll
MD5: f306c8d60c75d48bbe039ea69280bb6f C:\Windows\SysWOW64\wbemcomn.dll
MD5: befed197ae9153766f7304650368f3d8 C:\Windows\SysWOW64\webio.dll
MD5: 9d8f7bd41657b515dd46c7bf90a26cdb C:\Windows\SysWOW64\win32u.dll
MD5: 22096a33f31a39599af270ef6a55230d C:\Windows\SysWOW64\windows.storage.dll
MD5: b19a804bc41c276daf5753be541a97b4 C:\Windows\SysWOW64\WindowsCodecs.dll
MD5: df51c1442a3db8ade2b78dcdec2419fd C:\Windows\SysWOW64\winhttp.dll
MD5: 0d8ca86b639533ed0a7fe1792c5be600 C:\Windows\SysWOW64\wininet.dll
MD5: c3a4c6f5dfeae69ccf5fef9c7f561e72 C:\Windows\SysWOW64\WinMetadata\Windows.Foundation.winmd
MD5: e610da2aa509ea47d0d53d0c74dd7c77 C:\Windows\SysWOW64\WinMetadata\Windows.UI.winmd
MD5: 2cdb8e874f0950ea17a7135427b4f07d C:\Windows\SysWOW64\winmm.dll
MD5: dcdf6a9e619644e12c74457a8a3c1e1b C:\Windows\SysWOW64\winmmbase.dll
MD5: 53965fb6de57c0e2abae5f1870888d44 C:\Windows\SysWOW64\winnsi.dll
MD5: 6b408458867bf3b61f363c0eb423f87f C:\Windows\SysWOW64\winrnr.dll
MD5: c4465ac27b8d372574a2dccaa4e16bcf C:\Windows\SysWOW64\winspool.drv
MD5: 74261d485681a12aff1ad517fd0ef200 C:\Windows\SysWOW64\winsta.dll
MD5: e4bde75b8a2b008d2f6e3f080fdcf51b C:\Windows\SysWOW64\wintrust.dll
MD5: ebd4c2424dc0c023f82ac7f13970016d C:\Windows\SysWOW64\WinTypes.dll
MD5: 68e80b8d811c8967fb9a9a6cc263b77c C:\Windows\SysWOW64\Wldap32.dll
MD5: 96af2c9585ea7a84fd2326002f96d5ad C:\Windows\SysWOW64\wpnapps.dll
MD5: 7a262815259f912431813fef6c2f8e0b C:\Windows\SysWOW64\ws2_32.dll
MD5: 7bc233f49c60b2fc6869b05318c02d64 C:\Windows\SysWOW64\wsock32.dll
MD5: 55d5450c85c0a0de8f2a22f2c0c816ae C:\Windows\SysWOW64\wtsapi32.dll
MD5: 7d4814b02f8844302f29644a1b79765d C:\Windows\SysWOW64\xmllite.dll
MD5: 26a95438c2d0e0c41b73d19400f4c2db C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll
MD5: 0e86a451c2bf6dd8c550309845473f13 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll
MD5: 309f13d0ec95d87ff6c756c4358c93e2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll
MD5: b0da5babd745e9d07da0b36e46c6ca8f C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll

Upload started - 3 file(s)
Qt5Network.dll (669184)
qtquickcontrolsplugin.dll (697856)
qwindows.dll (966656)
Upload speed - 4 KB/s
Upload finished - 0 uploaded, 3 failed

The uploaded file(s) were found clean.

Scan finished - communication took 5 sec
Total traffic - 0.02 MB sent, 1.22 KB recvd
Scanned 464 files and modules - 26 seconds

==============================================================================

descriptionSolvedRe: Trojan.Multi.GenAutorunTask.a detected

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum