Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connection Terminated by ESET regarding Win32/Filecoder.EA


  • This topic is locked This topic is locked
6 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 11 June 2016 - 11:33 AM

Hello BleepingComputer, as of this week, I've already made posts in the Are You Infected Forum, but was recommended to post here for a final checkup of sorts. Recently, my ESET installation reported a terminated connection to i.imgur.com, with an instance of Win32/FileCoder.EA being the root of the issue. Now, given that this means Cryptolocker or the like, I was a bit concerned. Other than the initial popup, though, nothing has been reported. The Are You Infected forums directed me to use AdWare Cleaner, CCCleaner, JRT, ESET, and MalwareBytes AntiMalware prior to posting here. Here are the logs from FRST:

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by Jered (administrator) on JERED-PC (11-06-2016 11:44:32)
Running from C:\Users\Jered\Downloads
Loaded Profiles: Jered (Available Profiles: Jered)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(NVIDIA Corporation) C:\Users\Jered\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-263208381-162224212-305584948-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-09] (Valve Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B375AB2-C291-488A-853E-2D3025B51399}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-263208381-162224212-305584948-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-30] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-05-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-30] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-12-29] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
CHR Extension: (Adblock Plus) - C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-09]
CHR Extension: (Google Search) - C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (Flashcontrol) - C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]
CHR Extension: (Gmail) - C:\Users\Jered\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-04-24] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-04-24] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-02] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe [394040 2014-07-16] (ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-04-24] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [24792 2014-06-13] (hxxp://www.asmedia.com.tw)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-01] (Broadcom Corporation.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-13] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-05-12] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-05-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-05-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-05-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-05-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-05-12] (ESET)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AiChargerPlus.sys 4BFB41025FA1C37205EDEEFDE36F7771
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 6474F8823C7188D2DA579F01FB6CED6B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\asmtufdriver.sys AEE6A1FE4B4A7BBBD2084AB2DA9079BF
C:\Windows\System32\DRIVERS\asmthub3.sys F1DF3F616FDEA58421248A69088FC426
C:\Windows\System32\DRIVERS\asmtxhci.sys C5DF54A0DF339BBA59A8FCAC67796DC9
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\SysWow64\drivers\ASUSFILTER.sys A5E4CDB420540095D1293C874B5F89AA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys 8F3AB137A758D19B7BF393EB36E0E55C
C:\Windows\System32\DRIVERS\bcmwl664.sys 592770FE3F625A4C66A1B3E3118E8434
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 3ACC37139CE0B2DA2053AF916DA67D22
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA3FB5A6B626D8A00A89E049CF95954E
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\System32\DRIVERS\e1d62x64.sys A16FD7174C8D5A4021F8C5ED45C4EC82
C:\Windows\System32\DRIVERS\eamonm.sys B4B52D2D4976FB06C53DCC6F476EAE2F
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 2072E5C612C0C178A1E725433EB4E7EB
C:\Windows\System32\DRIVERS\ekbdflt.sys 70350E9D75CE4479AA1A046887F11519
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys D0268AFCBE7E16A30D4C7A0D91526BD1
C:\Windows\System32\DRIVERS\EpfwLWF.sys 6B19C4B37E06E275D9AE54F06B1DEAAA
C:\Windows\System32\DRIVERS\epfwwfp.sys 75815E12D7B8209BD26E8DC4E6708A4F
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 530BEDE1E3699D5A1BC491AA2F5E5A20
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 033D1EA0A55D92B4C0F7EDB7DF8F0E5A
C:\Windows\System32\Drivers\ksecpkg.sys 1FA53C950F443B25A79C731EF8362E7D
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LHidFilt.Sys AFDFA4A6B0F7B15AA38E494FD4595741
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys C3E82B320F34C97F32B8026F4C249BEF
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 1BC9159CF58BABD89419072EA180A8F6
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys A3A4D13D413D4F39BE3AD4C59ECACDED
C:\Windows\System32\DRIVERS\mrxsmb10.sys 62C90A2C681A85B33E365D259B74EAC5
C:\Windows\System32\DRIVERS\mrxsmb20.sys 3751A25C842BDE4B7AF895F70A3EE3A2
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 1F99AD85DC4F9E322CDE2363378CD374
C:\Windows\System32\DRIVERS\nvlddmkm.sys B67A5ECFA7043F3CE21CBA39B2682976
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys DEF76B479C3525952D0BD71E881E07B0
C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VBoxDrv.sys 1AEF0B09CC241604ECFCCA037FC9B9A7
C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys F429FED78CC80F85BD55CDA8403FD681
C:\Windows\System32\DRIVERS\VBoxNetLwf.sys 37C2B3B717BB16C003074B17911682EE
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys D31F5F9B3D768C68DBB5BCE5855471D4
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 11:44 - 2016-06-11 11:44 - 00035210 _____ C:\Users\Jered\Downloads\FRST.txt
2016-06-11 11:43 - 2016-06-11 11:44 - 00000000 ____D C:\FRST
2016-06-11 11:39 - 2016-06-11 11:39 - 02385408 _____ (Farbar) C:\Users\Jered\Downloads\FRST64.exe
2016-06-10 21:14 - 2016-06-10 21:14 - 00000000 ____D C:\Windows\pss
2016-06-09 21:51 - 2016-06-09 21:52 - 06893008 _____ (Piriform Ltd) C:\Users\Jered\Downloads\ccsetup518.exe
2016-06-08 22:37 - 2016-06-08 22:37 - 03677248 _____ C:\Users\Jered\Downloads\AdwCleaner.exe
2016-06-08 22:37 - 2016-06-08 22:37 - 01610816 _____ (Malwarebytes) C:\Users\Jered\Downloads\JRT.exe
2016-06-08 20:31 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-08 20:31 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-08 20:31 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-08 20:31 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-08 20:31 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-08 20:31 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-08 20:31 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-08 20:31 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-06 17:50 - 2016-02-24 12:00 - 00000000 ____D C:\Users\Jered\Documents\google_cardboard_manufacturer_kit
2016-06-04 11:29 - 2016-06-06 22:13 - 00000000 ____D C:\Users\Jered\Documents\OneNote Notebooks
2016-06-04 11:27 - 2016-06-04 11:27 - 00002152 _____ C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-06-04 11:27 - 2016-06-04 11:27 - 00002096 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-06-04 11:27 - 2016-06-04 11:27 - 00002096 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-06-04 11:27 - 2016-06-04 11:27 - 00000000 ___RD C:\Users\Jered\OneDrive
2016-06-04 11:27 - 2016-06-04 11:27 - 00000000 ____D C:\Users\Jered\AppData\Local\Microsoft Help
2016-06-04 11:27 - 2016-06-04 11:27 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-06-04 11:27 - 2016-06-04 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-06-04 11:22 - 2016-06-04 11:22 - 00002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-04 11:22 - 2016-06-04 11:22 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-04 11:22 - 2016-06-04 11:22 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-04 11:22 - 2016-06-04 11:22 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-04 11:22 - 2016-06-04 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-06-04 11:20 - 2016-06-04 11:20 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-06-04 11:18 - 2016-06-09 22:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-04 11:18 - 2016-06-04 11:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-30 20:51 - 2016-05-30 20:56 - 00000000 ____D C:\MSYS2
2016-05-30 20:51 - 2016-05-30 20:51 - 00000000 ____D C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit
2016-05-30 20:37 - 2016-05-30 20:37 - 00000000 ____D C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2016-05-30 20:13 - 2016-05-30 20:14 - 00000000 ____D C:\Users\Jered\Documents\Visual Studio 2015
2016-05-30 20:08 - 2016-05-30 20:08 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-05-30 20:05 - 2016-05-30 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-05-30 19:59 - 2016-05-30 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-05-30 19:59 - 2016-05-30 19:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-05-30 19:58 - 2016-05-30 19:58 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-05-30 19:58 - 2016-05-30 19:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-05-30 19:57 - 2016-05-30 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-05-30 19:57 - 2016-05-30 19:57 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-05-30 19:57 - 2016-05-30 19:57 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-05-30 19:56 - 2016-05-30 19:56 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-05-30 19:56 - 2016-05-30 19:56 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-05-30 19:52 - 2016-05-30 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-05-30 19:52 - 2016-05-30 19:52 - 00000000 ____D C:\Program Files\IIS Express
2016-05-30 19:52 - 2016-05-30 19:52 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-05-30 19:51 - 2016-05-30 19:51 - 00000000 ____D C:\ProgramData\NuGet
2016-05-30 19:51 - 2016-05-30 19:51 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-05-30 19:51 - 2016-05-30 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-05-30 19:51 - 2016-05-30 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-05-30 19:50 - 2016-05-30 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-05-30 19:50 - 2016-05-30 19:50 - 00000000 ____D C:\Program Files\IIS
2016-05-30 19:50 - 2016-05-30 19:50 - 00000000 ____D C:\Program Files (x86)\IIS
2016-05-30 19:49 - 2016-05-30 19:49 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-05-30 19:49 - 2016-05-30 19:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-05-30 19:48 - 2016-05-30 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-05-30 19:47 - 2016-05-30 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-05-30 19:46 - 2016-05-30 19:46 - 00000000 ____D C:\Windows\symbols
2016-05-30 19:46 - 2016-05-30 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-05-30 19:45 - 2016-05-30 20:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-05-30 19:45 - 2016-05-30 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-05-30 19:45 - 2016-05-30 19:48 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-05-30 19:45 - 2016-05-30 19:45 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-05-30 19:42 - 2016-05-30 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-05-30 19:42 - 2016-05-30 19:58 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-05-30 19:42 - 2016-05-30 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-05-30 19:42 - 2016-05-30 19:45 - 00000000 ____D C:\Windows\system32\1033
2016-05-30 18:58 - 2016-06-09 22:10 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-30 18:31 - 2016-06-10 21:19 - 00003142 _____ C:\Windows\System32\Tasks\{7F9BFDD3-5451-416C-9213-964D2C434A83}
2016-05-30 17:56 - 2016-05-30 20:36 - 00000000 ____D C:\Users\Jered\eclipse
2016-05-30 17:45 - 2016-05-30 20:36 - 00000000 ____D C:\Users\Jered\.p2
2016-05-30 17:45 - 2016-05-30 17:56 - 00000000 ____D C:\Users\Jered\.eclipse
2016-05-30 17:44 - 2016-05-30 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2016-05-30 17:44 - 2016-05-30 17:44 - 00000000 ____D C:\ProgramData\Git
2016-05-30 17:44 - 2016-05-30 17:44 - 00000000 ____D C:\Program Files\Git
2016-05-30 17:41 - 2016-05-30 17:45 - 00000000 ____D C:\Users\Jered\.oracle_jre_usage
2016-05-30 17:41 - 2016-05-30 17:41 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-05-30 17:41 - 2016-05-30 17:41 - 00000000 ____D C:\Users\Jered\AppData\Roaming\Sun
2016-05-30 17:41 - 2016-05-30 17:41 - 00000000 ____D C:\Users\Jered\AppData\LocalLow\Sun
2016-05-30 17:41 - 2016-05-30 17:41 - 00000000 ____D C:\ProgramData\Oracle
2016-05-30 17:41 - 2016-05-30 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-30 17:40 - 2016-05-30 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-05-30 17:40 - 2016-05-30 17:41 - 00000000 ____D C:\Program Files\Java
2016-05-30 17:39 - 2016-05-30 17:39 - 00000000 ____D C:\Users\Jered\AppData\LocalLow\Oracle
2016-05-30 17:37 - 2016-05-30 17:38 - 00000000 ____D C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-05-30 17:37 - 2016-05-30 17:37 - 00000000 ____D C:\Users\Jered\AppData\Local\Package Cache
2016-05-30 17:35 - 2016-05-19 21:45 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-30 17:33 - 2016-05-21 17:10 - 01581624 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2016-05-30 17:33 - 2016-05-21 17:10 - 00141256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-30 17:33 - 2016-05-21 17:10 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 35117112 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 31600696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 25372096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 21794064 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 21336720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 18138232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 17732936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 16693208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 13412408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-30 17:33 - 2016-05-20 03:01 - 10642728 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 08733096 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 03447232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 03001792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00984512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00911416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00770496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00708032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00501384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00476848 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00153232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-30 17:33 - 2016-05-20 03:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-30 17:33 - 2016-05-20 03:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-30 16:51 - 2016-06-06 22:14 - 00000000 ____D C:\Users\Jered\VirtualBox VMs
2016-05-30 16:48 - 2016-06-06 22:58 - 00000000 ____D C:\Users\Jered\.VirtualBox
2016-05-30 16:47 - 2016-05-30 16:47 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-05-30 16:47 - 2016-05-30 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-05-30 16:47 - 2016-05-30 16:47 - 00000000 ____D C:\Program Files\Oracle
2016-05-30 16:47 - 2016-04-28 15:05 - 00916520 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-05-30 16:47 - 2016-04-28 15:05 - 00143568 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-05-30 16:20 - 2016-05-30 16:20 - 00000000 ____D C:\Users\Jered\AppData\Roaming\WinRAR
2016-05-30 16:17 - 2016-06-06 17:50 - 00000000 ____D C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-30 16:17 - 2016-06-06 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-30 16:17 - 2016-05-30 16:17 - 00000000 ____D C:\Program Files\WinRAR
2016-05-30 16:11 - 2016-05-30 16:13 - 00000000 ____D C:\Windows\system32\appmgmt
2016-05-30 14:08 - 2016-05-30 14:08 - 00002005 _____ C:\Users\Jered\Desktop\ESET Smart Security.lnk
2016-05-30 14:04 - 2016-05-30 14:04 - 00000000 ____D C:\Users\Jered\AppData\Local\ESET
2016-05-30 14:03 - 2016-05-30 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-05-30 14:03 - 2016-05-30 14:03 - 00000000 ____D C:\ProgramData\ESET
2016-05-30 14:03 - 2016-05-30 14:03 - 00000000 ____D C:\Program Files\ESET
2016-05-24 22:27 - 2016-05-24 22:27 - 00000000 ____D C:\Users\Jered\Documents\Scholarship Documents
2016-05-22 19:25 - 2016-05-22 19:30 - 00000000 ____D C:\Users\Jered\Documents\Witcher 2
2016-05-22 19:25 - 2016-05-22 19:25 - 00000000 ____D C:\Users\Jered\AppData\Local\The Witcher 2
2016-05-22 19:11 - 2016-05-22 19:11 - 00000000 ____D C:\Users\Jered\AppData\Local\FalloutNV
2016-05-20 22:38 - 2016-05-20 22:38 - 00000000 ____D C:\Program Files\Rockstar Games
2016-05-20 22:38 - 2016-05-20 22:38 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-05-20 22:37 - 2016-05-20 22:38 - 00000000 ____D C:\Users\Jered\Documents\Rockstar Games
2016-05-20 22:37 - 2016-05-20 22:37 - 00000000 ____D C:\Users\Jered\AppData\Local\Rockstar Games
2016-05-19 04:43 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-19 04:43 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-19 04:43 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-19 04:43 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-19 04:43 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-19 04:43 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-19 04:43 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-19 04:43 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-19 04:43 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-19 04:43 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-19 04:43 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-19 04:43 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-19 04:43 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-19 04:43 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-19 04:43 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-19 04:43 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-19 04:43 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-19 04:43 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-19 04:43 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-19 04:43 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-19 04:43 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-19 04:43 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-19 04:43 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-19 04:43 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-19 04:43 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-19 04:43 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-19 04:43 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-19 04:43 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-19 04:43 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-19 04:43 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-19 04:43 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-19 04:43 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-19 04:43 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-19 04:43 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-19 04:43 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-19 04:43 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-19 04:43 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-19 04:43 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-19 04:43 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-19 04:43 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-19 04:43 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-19 04:43 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-19 04:43 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-19 04:43 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-19 04:43 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-19 04:43 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-19 04:43 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-19 04:43 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-19 04:43 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-19 04:43 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-19 04:43 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-19 04:43 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-19 04:43 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-19 04:43 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-19 04:43 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-19 04:43 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-19 04:43 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-19 04:43 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-19 04:43 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-19 04:43 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-19 04:43 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-19 04:43 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-19 04:43 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-19 04:43 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-19 04:43 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-19 04:43 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-19 04:43 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-19 04:43 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-19 04:43 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-19 04:43 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-19 04:43 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-19 04:43 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-19 04:43 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-19 04:43 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-19 04:43 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-19 04:43 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-19 04:43 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-19 04:43 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-19 04:43 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-19 04:43 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-19 04:43 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-19 04:43 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-19 04:43 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-19 04:43 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-19 04:43 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-19 04:43 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-19 04:43 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-19 04:43 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-19 04:42 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-05-19 04:42 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-05-19 04:42 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-19 04:42 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-05-19 04:42 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-05-19 04:42 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-05-19 04:42 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-05-19 04:42 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-05-19 04:42 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-05-19 04:42 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-05-19 04:42 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-05-19 04:42 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-05-19 04:42 - 2016-04-11 21:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-19 04:42 - 2016-04-11 21:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-19 04:42 - 2016-04-11 21:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-19 04:42 - 2016-04-11 21:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-19 04:42 - 2016-04-11 21:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-19 04:42 - 2016-04-11 21:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-19 04:42 - 2016-04-11 21:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-19 04:42 - 2016-04-11 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-19 04:42 - 2016-04-11 20:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-19 04:42 - 2016-04-11 20:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-19 04:42 - 2016-04-11 20:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-19 04:42 - 2016-04-11 20:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-19 04:42 - 2016-04-11 20:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-19 04:42 - 2016-04-11 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-19 04:42 - 2016-04-11 20:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-19 04:42 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-19 04:42 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-19 04:42 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-19 04:42 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-19 04:42 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-19 04:42 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-19 04:42 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-19 04:42 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-19 04:42 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-19 04:37 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-19 04:37 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-19 04:21 - 2016-05-03 22:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-19 04:21 - 2016-05-03 22:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-19 04:21 - 2016-05-03 22:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-19 04:21 - 2016-05-03 22:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-19 04:19 - 2016-05-10 00:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-19 04:19 - 2016-05-10 00:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-19 04:12 - 2016-06-08 22:41 - 00000000 ____D C:\Users\Jered\AppData\Local\CrashDumps
2016-05-12 10:48 - 2016-05-12 10:48 - 00264552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00198096 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00186784 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00084800 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 11:39 - 2015-12-28 16:56 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-06-11 11:39 - 2009-07-14 00:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-11 11:39 - 2009-07-14 00:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-11 11:33 - 2015-12-28 19:32 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-11 11:32 - 2015-12-28 18:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-11 11:32 - 2015-12-28 17:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 11:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-10 21:19 - 2015-12-28 17:01 - 00000000 _____ C:\Windows\Path.idx
2016-06-09 22:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-09 21:53 - 2015-12-28 19:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-08 22:55 - 2015-12-28 19:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-08 22:41 - 2015-12-29 08:18 - 00000000 ____D C:\Windows\Panther
2016-06-08 22:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-08 22:30 - 2015-12-28 17:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 22:20 - 2015-12-28 23:32 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-08 20:21 - 2015-12-28 17:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-06 17:39 - 2015-12-28 16:41 - 00070088 _____ C:\Users\Jered\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-05 17:40 - 2009-07-14 00:45 - 00319392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-04 11:27 - 2015-12-28 16:33 - 00000000 ____D C:\Users\Jered
2016-06-04 11:20 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-31 20:44 - 2015-12-28 19:08 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-31 20:44 - 2015-12-28 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-31 20:44 - 2015-12-28 19:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-30 21:13 - 2015-12-28 17:41 - 00000000 ____D C:\Users\Jered\AppData\Local\Google
2016-05-30 20:10 - 2015-12-28 17:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-30 19:46 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-05-30 19:40 - 2015-12-28 17:04 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-30 19:40 - 2009-07-14 01:13 - 00773912 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-30 18:50 - 2015-12-28 16:47 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2016-05-30 17:35 - 2015-12-28 17:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-30 17:35 - 2015-12-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-30 17:23 - 2015-12-28 17:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-05-30 14:15 - 2015-12-28 23:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-30 14:15 - 2015-12-28 23:32 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-20 17:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-20 03:01 - 2015-12-28 18:27 - 19110968 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-20 03:01 - 2015-12-28 18:27 - 17236560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-20 03:01 - 2015-12-28 18:27 - 14293592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-20 03:01 - 2015-12-28 18:27 - 03825384 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-20 03:01 - 2015-12-28 18:27 - 03383448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-20 03:01 - 2015-12-28 18:27 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-19 22:11 - 2015-12-28 18:28 - 06346688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-19 22:11 - 2015-12-28 18:28 - 02454976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-19 22:11 - 2015-12-28 18:28 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-19 22:11 - 2015-12-28 18:28 - 01352760 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-19 22:11 - 2015-12-28 18:28 - 00531904 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-19 22:11 - 2015-12-28 18:28 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-19 22:11 - 2015-12-28 18:28 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-19 22:11 - 2015-12-28 18:28 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-19 12:08 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-19 04:57 - 2015-12-28 20:36 - 00000000 ____D C:\Windows\system32\MRT
2016-05-19 04:46 - 2015-12-28 20:36 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-19 04:21 - 2016-03-22 12:29 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-18 19:25 - 2015-12-28 18:28 - 06448223 _____ C:\Windows\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2015-12-28 17:32 - 2015-12-28 17:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {4f45d41b-ae26-11e5-b594-8627cd947789}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {4f45d41d-ae26-11e5-b594-8627cd947789}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4f45d41b-ae26-11e5-b594-8627cd947789}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {4f45d41d-ae26-11e5-b594-8627cd947789}
device                  ramdisk=[C:]\Recovery\4f45d41d-ae26-11e5-b594-8627cd947789\Winre.wim,{4f45d41e-ae26-11e5-b594-8627cd947789}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\4f45d41d-ae26-11e5-b594-8627cd947789\Winre.wim,{4f45d41e-ae26-11e5-b594-8627cd947789}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {4f45d41b-ae26-11e5-b594-8627cd947789}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {4f45d41e-ae26-11e5-b594-8627cd947789}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\4f45d41d-ae26-11e5-b594-8627cd947789\boot.sdi
 
 
 
LastRegBack: 2016-05-28 19:07
 
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by Jered (2016-06-11 11:45:05)
Running from C:\Users\Jered\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-12-28 20:33:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-263208381-162224212-305584948-500 - Administrator - Disabled)
Guest (S-1-5-21-263208381-162224212-305584948-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-263208381-162224212-305584948-1002 - Limited - Enabled)
Jered (S-1-5-21-263208381-162224212-305584948-1000 - Administrator - Enabled) => C:\Users\Jered
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark Demo (HKLM-x32\...\Steam App 231350) (Version:  - Futuremark)
Active Directory Authentication Library for SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.83 - ASUSTeK Computer Inc.)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.34.223.5 - Broadcom Corporation)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Door Kickers (HKLM-x32\...\Steam App 248610) (Version:  - KillHouse Games)
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ESET Smart Security (HKLM\...\{BA1050B5-E274-4693-8A67-CAF5576A07F1}) (Version: 9.0.381.0 - ESET, spol. s r.o.)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{70690D9E-3D00-47D6-9CE9-BC3B6F900447}) (Version: 4.41.563.0 - Futuremark)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Git version 2.8.3 (HKLM\...\Git_is1) (Version: 2.8.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.15 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-263208381-162224212-305584948-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.18 - MSI)
MSYS2 64bit (HKU\S-1-5-21-263208381-162224212-305584948-1000\...\{9f770fba-e015-4f60-98c4-da5187620ebc}) (Version: 20160205 - The MSYS2 Developers)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-263208381-162224212-305584948-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7344 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25132 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version:  - Croteam)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.31.0 - Microsoft Corporation) Hidden
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_update2notification (x32 Version: 14.0.25132 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
WinRAR 5.40 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-263208381-162224212-305584948-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jered\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-263208381-162224212-305584948-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jered\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4195EA9A-C9BE-4728-8997-EA4F0CC975BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {48374610-63C3-4ECB-8336-2D8E27E38150} - System32\Tasks\{7F9BFDD3-5451-416C-9213-964D2C434A83} => pcalua.exe -a C:\Users\Jered\Downloads\vs_community_ENU.exe -d C:\Users\Jered\Downloads
Task: {5FAD7629-553D-4EEA-8863-84518C39E885} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {6EC2D004-9C0C-4D16-A3FB-D1DFD938ECF7} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-05-15] (Microsoft Corporation)
Task: {74BDC09F-1714-4C6A-87E0-0D99C5E2709D} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-10-09] ()
Task: {7CA5719E-596B-4960-93AF-9EBCC2C3EAA6} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-07-02] ()
Task: {8D9AF59E-B244-4BD0-AA72-50762DCBEC09} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {8E701C79-4B4F-4FDB-B198-95B0847A4BD8} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-06-25] (ASUSTeK Computer Inc.)
Task: {C697D000-01F2-40E6-AC75-EC43B9145782} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {CB3A9660-9E18-4BF9-99B7-7E6DE72AE73A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {D0D517E3-5AD4-4E86-95E3-062511C72891} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {F12C728A-6EFA-4887-AE92-60FD4CF90839} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-07-02] (TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit\MinGW-w64 Win32 Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /A /Q /K C:\MSYS2\mingw32_shell.bat
ShortcutWithArgument: C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit\MinGW-w64 Win64 Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /A /Q /K C:\MSYS2\mingw64_shell.bat
ShortcutWithArgument: C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit\MSYS2 Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /A /Q /K C:\MSYS2\msys2_shell.bat
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-24 18:03 - 2014-04-24 18:03 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-12-28 16:49 - 2014-07-02 05:41 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-12-28 16:50 - 2014-10-09 10:30 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2015-12-28 16:50 - 2014-07-02 18:41 - 01270584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-06-04 11:22 - 2016-05-26 05:13 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-28 16:51 - 2014-08-01 15:58 - 01065272 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2015-12-28 16:51 - 2014-07-25 17:32 - 00036152 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2015-12-28 16:47 - 2014-05-14 06:58 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2015-12-28 16:47 - 2016-06-11 11:32 - 00040592 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-28 16:47 - 2014-04-24 18:03 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-12-28 16:50 - 2014-10-09 10:31 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2015-12-28 16:50 - 2014-02-24 18:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2015-12-28 16:47 - 2014-04-25 07:03 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2015-12-28 16:47 - 2014-04-25 07:03 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2015-12-28 16:48 - 2014-07-02 13:10 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2015-12-28 16:49 - 2014-07-17 12:42 - 04095488 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2015-12-28 16:49 - 2014-07-02 18:41 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2015-12-28 16:50 - 2014-10-30 16:36 - 01139712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2015-12-28 16:47 - 2014-04-25 07:03 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-12-28 16:49 - 2014-07-02 05:41 - 00053248 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2015-12-28 16:49 - 2014-07-02 05:41 - 00278528 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2015-12-28 16:47 - 2014-04-24 18:03 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2015-12-28 16:49 - 2014-07-02 18:41 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2015-12-28 16:53 - 2012-01-19 10:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2015-12-28 16:47 - 2014-04-25 07:03 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2015-12-28 16:47 - 2014-04-25 07:03 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2015-12-28 16:53 - 2010-09-23 12:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2015-12-28 16:53 - 2010-02-25 15:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2015-12-28 16:50 - 2014-07-09 12:05 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2015-12-28 16:50 - 2014-07-02 18:41 - 00851456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2015-12-28 16:50 - 2014-07-02 18:41 - 00801792 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2015-12-28 16:50 - 2014-07-02 18:41 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2015-12-28 16:50 - 2014-07-02 18:41 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2015-12-28 16:51 - 2013-11-20 11:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2015-12-28 16:51 - 2013-07-02 11:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2015-12-28 18:30 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-28 19:34 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-12-28 19:34 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-12-28 19:34 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-12-28 19:34 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-12-28 19:34 - 2016-06-09 18:24 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-12-28 19:34 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-12-28 19:34 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-12-28 19:34 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-12-28 19:34 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-12-28 19:34 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-12-28 19:34 - 2016-06-09 18:24 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-22 12:12 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-12-28 19:34 - 2016-05-31 20:21 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-06-08 20:21 - 2016-06-03 21:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 20:21 - 2016-06-03 21:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-28 16:49 - 2014-07-02 18:41 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2015-12-28 16:49 - 2014-07-02 18:41 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2015-12-28 16:51 - 2014-04-10 16:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-263208381-162224212-305584948-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jered\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Jered^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B0FCB176-5FB9-4ADD-821A-639BE77CBEB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{62D133E9-B269-4516-8FF3-568DADF049F3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B2417848-DCB1-4459-BCAE-C69D355F6BDF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{93EB7E34-445D-4E2A-A49A-CA95E7491429}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BCAD5088-C115-4D5D-B933-96D1414EC07D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5C6B391F-A3EF-4EF6-86C6-50F3266E055D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6489E8E0-E3BD-40F1-B3B7-7FFEFE5174F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{852DA5B8-FEDE-4655-A7B7-5B71691FFAD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A60B0C3-3B54-4931-BF01-4BF636139D09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{983ADB92-8CBE-4634-B6F3-5100AA3F3828}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F11278C2-92BA-40FB-9365-027085F89B21}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C885948E-7B78-4CA6-9136-28337BA472E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{C523B770-4348-4091-AE38-A396DBB1EA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{21C58078-596B-466B-8B06-14F876C25B72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2D523E19-412A-4874-AD6F-9EBCFBA0C27E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2EA92BA5-DB3D-496C-AA98-A7085B4DDA25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9C60C280-567B-401C-9FAE-20A068D641BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AC0CC46B-8E42-47C4-8F91-BC28EA7E1126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{817C507F-FFC2-48CB-815E-89D79F0B6BD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{E6821FB6-3FF1-4FCE-9CDC-FA4A4136A919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{34A682C4-264F-4B9F-95A5-77D24DC4124D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{BAE66682-219D-494D-9043-D9130C2389CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{6AFE89C0-DB8F-452B-BF64-6CB54130BAF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{CEF23F21-C332-4DAB-BDB8-CF18F475CB5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{67BFA17F-2702-496E-9542-556FEE4AA4D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{89AE068C-5B2F-4530-ADBD-029DBB6C40F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{2A5FC5F4-E23E-464C-AFA6-7001C54C8FE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{D0FC5A9D-AC65-4569-908B-24AA82192D65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{1645A981-9A09-488A-8F4C-F9C3DF46155F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{54632228-CC29-484D-92E8-4F765B3FF3D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{6DB3959E-EDA4-46D7-A667-16C40231A57C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{0B073A0B-5530-4620-97F7-19629BBB6300}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{2D9F2673-2CD1-4FC9-B1C1-F09FEB9CAF67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{5810544B-0EA0-4D46-B38C-D8AEFF67521C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{32B77EEB-5C12-4446-B99E-A16AB4999E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{3856D29C-F0CF-4298-A663-E29939E69F88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{0B151A7D-A138-47EE-B34B-8090EA12E644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{ECBD078C-C3B9-4A78-832A-7691DA83C9AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7A6897A4-DABC-4248-9CB3-90566BB96F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E2A0D4E7-772A-4777-A100-2CB00DED2D97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe
FirewallRules: [{FAF16537-C993-4E12-AADF-35DA4020718A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Universe Sandbox\Universe Sandbox.exe
FirewallRules: [{DF1FAF49-9633-473A-BBA8-BADAEA440E8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{7FB8C382-FA8C-4DAE-AA25-46E87A729C96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{B13FA4EB-9BBE-4E8C-947D-E906034A4372}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{B714A97B-BB21-4414-88B5-3EB24AC2969F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{3B982248-E176-4514-B274-0A42956E5DB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{C394BC90-BB92-4012-8C7E-709F2E725F7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{972059A2-E444-4F64-B273-3349F3C02F12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{7CF10FD1-E7B2-4AFD-9215-78CDE850B5D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4E9C2EC9-0FF8-4399-9EB0-5900D9F16D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B9C1092D-BEF9-4BBD-8201-6D6E93F6EEE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{0431DA98-045D-4370-BB04-0B2A7B794D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{E2A5117E-C603-4E3D-9006-187C4B229710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0FC8309A-1665-4F26-9266-EAB92251D4FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{0594BA32-0602-4F98-A365-61B5907B2F01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{176796F8-F3C4-4CB6-A5F2-68704001AD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{8BAF0AA1-B028-4415-9A2C-D00EB182DDD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{B3AD8B4F-2AE9-4172-8717-CB459064C23B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{8945B9A2-5DC7-4D70-9C4A-F3420A7C4BAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{5B796892-C73A-4028-AD7D-1A58F9FA074D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{EAFA0AE1-6732-4381-A867-F16B125F92B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{5FF0CADC-776D-41E9-8008-3C948BE7058D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{6C368A34-4E39-4742-A5DE-C39F0177CEB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{FF349F0D-3623-4968-ACF3-00C457BB5234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{8C07D4A2-E0C4-4FE5-8D13-7B28D1BB164A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{5398ED94-B40A-4929-A6CB-A963C8C6B1CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{79EC6037-8597-4700-B65A-88B2AEE5F7BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{7BA5AA39-83E4-410C-9C22-BC849B3E8977}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{8165AA1D-9C09-415C-AF75-4732B93ECDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{089335F5-B983-452F-AAA8-805A6FE1A8A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4E8AEF3A-B9D4-4317-A2B3-EFE4C9A1FAFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{EF805F86-DC3A-429F-A174-9A5FCBB5BB21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{35EBC3A0-5EDE-4EF3-911F-12255F83E6D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{6BEFEAF4-A629-4341-B6DC-5E7269786A0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\aamfp.exe
FirewallRules: [{41924DFC-DD11-4F33-81AE-05EA8934BDF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\aamfp.exe
FirewallRules: [{A01BEFAA-38BB-464F-84ED-F0ED315DDA62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\Launcher.exe
FirewallRules: [{1FD89A22-DD66-4AB7-832F-F1A691D3A52C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\Launcher.exe
FirewallRules: [{ECD37017-D901-4322-BED3-5CE1ED2AE4FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{E995085D-41B0-4F2A-B8AF-FB5053DDE903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3A1F536C-220E-41B9-B2DE-27AE6B17523D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{C499A44E-57ED-4003-8620-0B2E420CA4B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{B1C4CDE7-B6B8-482D-AEE7-FDF381FD90CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{5727C1AF-5816-4497-AF29-185550545A97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{E8DEBBFC-9BF2-4409-B33F-3DE7DB5491C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{FDFB8195-613F-40D1-98AE-3C6878B1344A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [TCP Query User{F19FB658-6611-4FE8-969C-01C9FF0AAB55}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{3B4E7411-2078-4583-BC6B-E391C146B05B}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{382374A6-314A-421C-8E43-FA40F890E673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DE4539AB-6A33-4D30-A46E-338E310825DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9929A61A-97DF-4EEE-B5CA-BB38F3454A03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{0CAA6A23-3A3D-44FA-B958-D0D0D3029FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{556201BB-0B28-4389-B186-773E396EA073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{F0D535F3-E282-4F86-B365-EC99FAE7F93D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{6FCCD6EC-4ABA-482E-9755-643A32C99B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FCAC0A32-C920-4B23-8220-EAFD4F16FA02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{5C977FF8-6A68-4CDB-9D71-0E815553842D}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{322A45CB-8B37-452B-9A5A-F7722B8C3B6A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{4D245B91-F41C-42C9-9BAE-9334094777AB}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{4784A0E4-7180-4220-9EDE-FB14AEB92C10}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{EEF85471-835F-4100-B5AE-E0CCCC7786FB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{61F097E2-C236-4162-A91D-DE8043EF1010}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2F14D41E-08CE-4188-A39E-2716E6C6DAD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8C89A055-01D7-4CDC-B5EF-E8AB0505D462}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E1F75D45-8252-48B2-8BFA-B566E65E9FF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{32814BF3-57F2-43A5-9138-E1BA8EB4AF36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{33528B7C-3EEE-4997-ADDD-D53B973F13E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{967EF0B3-018D-431E-98F7-A9B276D4C048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D42E9F25-CE04-450B-B834-95842FD6EE74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{8C6288C8-938B-4775-91A9-1F20572BBC3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{B1AAFF3B-D24F-42AE-8601-278517778F25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{65AEDA63-353A-49D4-B029-8E169DACA391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{902D04C3-7286-4645-8AC6-16E7B1EAB0D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{A6BE6DC7-EC11-4D90-95DD-F1F1F37C1A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9F7F898A-8C34-4730-8A1F-22DA196BDA89}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{068A7DB8-FD91-42B8-AC08-4FD4E2068EEF}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
 
==================== Restore Points =========================
 
30-05-2016 20:09:09 Update for Microsoft Visual Studio 2015 (KB3151378)
08-06-2016 20:32:01 Windows Update
08-06-2016 22:51:04 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2016 11:34:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/10/2016 09:10:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2016 10:10:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/09/2016 09:44:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/08/2016 10:20:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/08/2016 08:11:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2016 10:02:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2016 05:32:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2016 05:41:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2016 09:11:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GTA5.exe version 1.0.678.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1910
 
Start Time: 01d1be761e78e8e7
 
Termination Time: 3205
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe
 
Report Id:
 
 
System errors:
=============
Error: (06/11/2016 11:33:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp
 
Error: (06/11/2016 11:33:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect.
 
Error: (06/11/2016 11:32:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/11/2016 11:32:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/11/2016 11:32:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/11/2016 11:32:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/10/2016 09:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (06/10/2016 09:11:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/10/2016 09:08:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp
 
Error: (06/10/2016 09:08:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
CodeIntegrity:
===================================
  Date: 2016-06-11 11:43:27.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-11 11:36:29.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-10 21:26:29.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-10 21:12:48.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-09 22:19:01.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-09 22:06:35.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-09 21:52:47.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-09 21:47:38.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 23:15:01.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 23:07:11.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 34%
Total physical RAM: 8132.24 MB
Available physical RAM: 5332.8 MB
Total Virtual: 16262.66 MB
Available Virtual: 12935.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1525.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 658C7363)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 14 June 2016 - 09:05 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not seeing any malware but I would like to follow up on a couple of files. Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
sxs.dll;IOMap64.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 14 June 2016 - 06:27 PM

Hello Gary. Thanks for helping. As you requested, here is the result of the scan. Also, what's your opinion on using a VM instead of doing all my work on the actual instance of Windows?

 

Farbar Recovery Scan Tool (x64) Version:13-06-2016
Ran by Jered (2016-06-14 19:23:04)
Running from C:\Users\Jered\Downloads
Boot Mode: Normal
 
================== Search Files: "sxs.dll;IOMap64.sys" =============
 
C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_b0540607b5e5d445\sxs.dll
[2010-11-20 23:24][2010-11-20 23:24] 0380416 ____A (Microsoft Corporation) 919001D2BB17DF06CA3F8AC16AD039F6 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_0c72a18b6e43457b\sxs.dll
[2010-11-20 23:24][2010-11-20 23:24] 0582656 ____A (Microsoft Corporation) 9CEAD32E79A62150FE9F8557E58E008B [File is digitally signed]
 
C:\Windows\SysWOW64\sxs.dll
[2010-11-20 23:24][2010-11-20 23:24] 0380416 ____A (Microsoft Corporation) 919001D2BB17DF06CA3F8AC16AD039F6 [File is digitally signed]
 
C:\Windows\System32\sxs.dll
[2010-11-20 23:24][2010-11-20 23:24] 0582656 ____A (Microsoft Corporation) 9CEAD32E79A62150FE9F8557E58E008B [File is digitally signed]
 
C:\ProgramData\ASUS\AI Suite III\DIP5\AppSetup\VGAService\IOMap64.sys
[2015-12-28 16:54][2014-07-02 05:41] 0024824 ____A (ASUSTeK Computer Inc.) EBBB161339CC7D5FFC0749EB6BE8A126 [File is digitally signed]
 
C:\Program Files (x86)\ASUS\VGA COM\1.00.20\IOMap64.sys
[2015-12-28 16:49][2014-07-02 05:41] 0024824 ___RA (ASUSTeK Computer Inc.) EBBB161339CC7D5FFC0749EB6BE8A126 [File is digitally signed]
 
====== End of Search ======


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 14 June 2016 - 07:35 PM

Greetings,

Those files are legitimate.

Although I use Virtual Machines routinely for testing purposes I have never considered the benefits vs. drawbacks in using one or the other. What I would say is there would probably be some level of performance degradation on a VM but on the other hand the Snapshot capabilities can come in handy. I see a splattering of VM questions throughout the BC Forums but I don't see any one particular Forum that specializes in VM questions.

Sorry I can't help you much on the subject. Your computer looks pretty good. Are there any other issues you are concerned about?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 14 June 2016 - 08:04 PM

Thanks. I've been looking into VMs recently for programming purposes, but maybe I'll consider using one for my browsing in the future. Would help to avoid viruses and the like, if my current setup isn't enough. Other than that, my computer has been fine. Just hate the feeling of not knowing for sure if anything is wrong, but if you think its good, I'm fine. Thanks Gary.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 14 June 2016 - 08:58 PM

My pleasure. Here is some general information to consider as I close the Topic.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif

Edited by Oh My!, 14 June 2016 - 09:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 15 June 2016 - 09:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users