Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Received an email from TWC: Botnet Activity Detected


  • This topic is locked This topic is locked
21 replies to this topic

#1 user001

user001

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 September 2016 - 10:47 PM

Hi everyone,

  Been lurking these forums awhile back and I usually resolve it by following other thread's solution except this current issue of mine. Earlier today I received from TWC about botnet activity. I am using Windows 8.1, Avira Anti-virus. The two browsers I mainly use, chrome and mozilla FF, doesn't redirect to any malware but I am treating the email i received from my isp very seriously.

  I ran MalwareByte's Anti-RootKit and it didn't found anything.(attached). I then ran tdsskiller.exe and it found 6(attaching log). I then uploaded each file it referenced in https://virusscan.jotti.org/ and 1 out of the 6 files, BTServer.exe, was flagged with  PUA.Win.Packer.SetupExeSection-1 by ClamAV. I then stopped as I haven't found anything online on how to get rid of this one. I also ran GMER and attaching the log.

  This is the first time I've received a botnet activity email from my ISP. Any help/assistance on this would be great!

 

Thank you very much.



BC AdBot (Login to Remove)

 


#2 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 17 September 2016 - 08:17 AM

I ran the Microsoft free antivirus tool full-scan over night and it didn't find anything. Haven't received any follow-up email from TWC(do they send it everytime aka real-time or is it a one-time thing or they have some kind of batch process?). As per stated, my computer seems to be running 'fine', browsers are ok. I've been in that road before where accounts get jacked etc so i want to make sure there is nothing in my system. 

 

Not sure if the logs i uploaded went thru so i'm posting the new FRST log result here:

=================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by user01 (administrator) on LABTOP01 (16-09-2016 23:08:03)
Running from C:\Program Files (x86)\br\tdsskiller
Loaded Profiles: user01 & user02 (Available Profiles: user01 & user02)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (All) =========================
 
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\taskhostex.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Windows\SoftwarePolicy\softwarepolicystart.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Program Files (x86)\br\tdsskiller\FRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (All) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-12] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4559944 2016-01-24] (UltimateOutsider)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2015-01-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-14] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: c:\windows\Tasks <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\Temp <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\System32\com\spool\drivers\color <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\debug\WIA <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\System32\Tasks <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\Tasks <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\SYSWOW64\com\dmp <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\System32\spool\PRINTERS <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\System32\spool\drivers\color <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\System32\com\spool\PRINTERS <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\SYSWOW64\com\Tasks <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\System32\com\FxsTmp <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\SYSWOW64\FxsTmp <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\Registration\CRMLog <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\tracing <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86) <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Battle.net <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64 <====== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows <====== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Blizzard Entertainment <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SoftwarePolicy\softwarepolicy.exe <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe, [26112 2014-10-28] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [22528 2014-10-28] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2501368 2015-01-27] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2207488 2015-01-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\...\MountPoints2: {61a7e53a-c24f-11e4-8257-806e6f6e6963} - "E:\Startup.exe" 
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\...\MountPoints2: {61a7e53a-c24f-11e4-8257-806e6f6e6963} - "E:\Startup.exe" 
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MLSoftwarePolicyTrayApplet.lnk [2015-11-29]
ShortcutTarget: MLSoftwarePolicyTrayApplet.lnk -> C:\Windows\SoftwarePolicy\softwarepolicystart.exe ()
BootExecute: autocheck autochk * 
AlternateShell: cmd.exe
 
==================== Internet (All) ===========================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [69120 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [88576 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [88576 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [86016 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [30720 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [63488 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [339456 2014-10-28] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{DF04DCAC-3397-4A87-B912-4E8C9C29B9A7}: [NameServer] 8.8.8.8,209.244.0.3
Tcpip\..\Interfaces\{DF04DCAC-3397-4A87-B912-4E8C9C29B9A7}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo.com/
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://duckduckgo.com/
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
URLSearchHook: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-3426533655-1647404870-3214638991-1002 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-3426533655-1647404870-3214638991-1002 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2014-10-28] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2014-10-28] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2014-10-28] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2014-10-28] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2016-04-22] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2016-04-22] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2014-10-28] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2014-10-28] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2014-10-28] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2014-10-28] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-04-22] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-22] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\user01\AppData\Roaming\Mozilla\Firefox\Profiles\y5o41sRu.default
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: (NoScript) - C:\Users\user01\AppData\Roaming\Mozilla\Firefox\Profiles\y5o41sRu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-05-24]
FF Extension: (WOT) - C:\Users\user01\AppData\Roaming\Mozilla\Firefox\Profiles\y5o41sRu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-24]
FF Extension: (Avira Browser Safety) - C:\Users\user01\AppData\Roaming\Mozilla\Firefox\Profiles\y5o41sRu.default\Extensions\abs@avira.com [2016-07-14]
FF Extension: (Adblock Plus) - C:\Users\user01\AppData\Roaming\Mozilla\Firefox\Profiles\y5o41sRu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-24]
FF Extension: (Default) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015-11-29] [not signed]
FF HKLM-x32\...\Mozilla Firefox 42.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKLM-x32\...\Mozilla Firefox 42.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => not found
StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js [2015-10-29]
 
Chrome: 
=======
CHR Profile: C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-16]
CHR Extension: (Google Docs) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-16]
CHR Extension: (Google Drive) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
CHR Extension: (YouTube) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-16]
CHR Extension: (Google Sheets) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-16]
CHR Extension: (Avira Browser Safety) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\user01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
 
==================== Services (All) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [214528 2014-10-28] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [96768 2014-10-28] (Microsoft Corporation)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [257032 2015-09-02] (AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-14] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [39936 2015-08-01] (Microsoft Corporation)
R3 Appinfo; C:\Windows\System32\appinfo.dll [110080 2014-10-28] (Microsoft Corporation)
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [562688 2014-10-28] (Microsoft Corporation)
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1348096 2014-10-28] (Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [230400 2015-05-30] (Microsoft Corporation)
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [911360 2015-05-30] (Microsoft Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2014-10-28] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [348672 2015-09-24] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [845312 2015-08-10] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [933376 2014-10-28] (Microsoft Corporation)
R2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [270336 2014-10-28] (Microsoft Corporation)
S4 Browser; C:\Windows\System32\browser.dll [135168 2014-10-28] (Microsoft Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [94720 2014-10-28] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [156160 2014-10-28] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [131584 2014-10-28] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [817664 2014-10-28] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [524288 2014-10-28] (Microsoft Corporation)
R3 DeviceAssociationService; C:\Windows\system32\das.dll [407040 2014-10-28] (Microsoft Corporation)
S3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [116736 2014-10-28] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [365056 2014-10-28] (Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [292864 2014-10-28] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1633792 2015-07-22] (Microsoft Corporation)
S4 Dnscache; C:\Windows\System32\dnsrslvr.dll [252416 2014-11-04] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2014-10-28] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [174080 2014-10-28] (Microsoft Corporation)
R3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [206848 2014-10-28] (Microsoft Corporation)
S3 Eaphost; C:\Windows\System32\eapsvc.dll [110592 2014-10-28] (Microsoft Corporation)
S3 EFS; C:\Windows\system32\efssvc.dll [41472 2014-10-28] (Microsoft Corporation)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
R2 EventLog; C:\Windows\System32\wevtsvc.dll [1696256 2015-03-05] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [516608 2014-10-28] (Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [367616 2014-10-28] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-10-28] (Microsoft Corporation)
S4 fdPHost; C:\Windows\system32\fdPHost.dll [22016 2014-10-28] (Microsoft Corporation)
S4 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2014-10-28] (Microsoft Corporation)
S3 fhsvc; C:\Windows\system32\fhsvc.dll [121856 2014-10-28] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1383936 2015-11-08] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2014-03-18] (Microsoft Corporation)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1360896 2016-05-12] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-04-16] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-04-16] (Google Inc.)
S3 hidserv; C:\Windows\system32\hidserv.dll [33792 2014-10-28] (Microsoft Corporation)
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [30720 2014-10-28] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [101376 2014-10-28] (Microsoft Corporation)
S4 HomeGroupListener; C:\Windows\system32\ListSvc.dll [275968 2014-10-28] (Microsoft Corporation)
S4 HomeGroupProvider; C:\Windows\system32\provsvc.dll [445952 2014-10-28] (Microsoft Corporation)
S4 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [366080 2014-10-28] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-30] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [1083904 2015-10-08] (Microsoft Corporation)
S4 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [926208 2014-10-28] (Microsoft Corporation)
S3 KeyIso; C:\Windows\system32\keyiso.dll [62464 2014-10-28] (Microsoft Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [46592 2014-10-28] (Microsoft Corporation)
S4 KtmRm; C:\Windows\system32\msdtckrm.dll [373248 2014-10-28] (Microsoft Corporation)
S4 LanmanServer; C:\Windows\system32\srvsvc.dll [329216 2014-10-28] (Microsoft Corporation)
S4 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [289280 2014-10-28] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [522240 2015-05-07] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [367104 2015-05-07] (Microsoft Corporation)
S4 lltdsvc; C:\Windows\System32\lltdsvc.dll [279040 2014-10-28] (Microsoft Corporation)
S4 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2014-10-28] (Microsoft Corporation)
R2 LSM; C:\Windows\System32\lsm.dll [780800 2015-02-20] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [71168 2014-10-28] (Microsoft Corporation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [880640 2014-10-28] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-10-28] (Microsoft Corporation)
S4 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2014-10-28] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [65024 2015-06-15] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2015-06-15] (Microsoft Corporation)
S4 napagent; C:\Windows\system32\qagentRT.dll [446464 2014-10-28] (Microsoft Corporation)
S4 NcaSvc; C:\Windows\System32\ncasvc.dll [166400 2014-10-28] (Microsoft Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [154112 2014-10-28] (Microsoft Corporation)
S4 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [74752 2015-07-16] (Microsoft Corporation)
S4 Netlogon; C:\Windows\system32\netlogon.dll [840704 2016-07-08] (Microsoft Corporation)
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [696832 2016-07-08] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [266752 2014-10-28] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofmsvc.dll [550912 2014-10-28] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-08-09] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [391680 2014-12-05] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [28672 2014-10-28] (Microsoft Corporation)
S4 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-10-28] (Microsoft Corporation)
S4 p2psvc; C:\Windows\system32\p2psvc.dll [440832 2014-10-28] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [474112 2014-10-28] (Microsoft Corporation)
S4 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-21] (Microsoft Corporation)
S4 pla; C:\Windows\system32\pla.dll [1526784 2014-10-28] (Microsoft Corporation)
S4 pla; C:\Windows\SysWOW64\pla.dll [1534464 2014-10-28] (Microsoft Corporation)
R3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [116736 2014-10-28] (Microsoft Corporation)
S4 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2014-10-28] (Microsoft Corporation)
S4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-10-28] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [398848 2016-05-12] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [80384 2014-10-28] (Microsoft Corporation)
S4 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [2988544 2015-09-08] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [228864 2015-07-09] (Microsoft Corporation)
S4 QWAVE; C:\Windows\system32\qwave.dll [303104 2014-10-28] (Microsoft Corporation)
S4 QWAVE; C:\Windows\SysWOW64\qwave.dll [261632 2014-10-28] (Microsoft Corporation)
S4 RasAuto; C:\Windows\System32\rasauto.dll [102912 2014-10-28] (Microsoft Corporation)
S4 RasMan; C:\Windows\System32\rasmans.dll [542208 2014-10-28] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [226816 2014-10-28] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [183296 2014-10-28] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [166400 2014-10-28] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [80896 2014-10-28] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-10-28] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [817664 2014-10-28] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [47024 2014-10-28] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2014-10-28] (Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-10-28] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1265152 2015-07-31] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [156160 2014-10-28] (Microsoft Corporation)
R2 seclogon; C:\Windows\system32\seclogon.dll [31744 2016-02-06] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [73728 2014-10-28] (Microsoft Corporation)
S4 SensrSvc; C:\Windows\system32\sensrsvc.dll [243200 2014-10-28] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\system32\sessenv.dll [339968 2014-10-28] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [296448 2014-10-28] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [452608 2014-10-28] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [640000 2014-10-28] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [576512 2014-10-28] (Microsoft Corporation)
S3 smphost; C:\Windows\System32\smphost.dll [13312 2014-10-28] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2014-10-28] (Microsoft Corporation)
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-10-28] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-04] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [6521800 2015-04-30] (Microsoft Corporation)
S4 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [249344 2014-10-28] (Microsoft Corporation)
S4 SstpSvc; C:\Windows\system32\sstpsvc.dll [142848 2014-10-28] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1465120 2016-08-23] (Valve Corporation)
R2 stisvc; C:\Windows\System32\wiaservc.dll [670720 2014-10-28] (Microsoft Corporation)
S3 StorSvc; C:\Windows\system32\storsvc.dll [20480 2014-10-28] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [17920 2014-10-28] (Microsoft Corporation)
S3 svsvc; C:\Windows\system32\svsvc.dll [13312 2014-10-28] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [706048 2014-10-28] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1217024 2015-07-10] (Microsoft Corporation)
R2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [294912 2015-05-12] (Microsoft Corporation)
R2 TabletInputService; C:\Windows\System32\TabSvc.dll [154624 2014-10-28] (Microsoft Corporation)
S4 TapiSrv; C:\Windows\System32\tapisrv.dll [313344 2014-10-28] (Microsoft Corporation)
S4 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [254464 2014-10-28] (Microsoft Corporation)
S4 TermService; C:\Windows\System32\termsrv.dll [1114624 2014-10-28] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-10-28] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [71168 2014-10-28] (Microsoft Corporation)
R3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [262656 2014-10-28] (Microsoft Corporation)
S4 TrkWks; C:\Windows\System32\trkwks.dll [124416 2014-10-28] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [106496 2014-10-28] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-10-28] (Microsoft Corporation)
S4 UmRdpService; C:\Windows\System32\umrdp.dll [300032 2014-10-28] (Microsoft Corporation)
S4 upnphost; C:\Windows\System32\upnphost.dll [457728 2014-10-28] (Microsoft Corporation)
S4 upnphost; C:\Windows\SysWOW64\upnphost.dll [331776 2014-10-28] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\System32\vaultsvc.dll [260608 2014-10-28] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [1313792 2014-10-28] (Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmicshutdown; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmictimesync; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1454080 2014-10-20] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [411648 2014-10-28] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1571328 2014-10-28] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [465920 2014-10-28] (Microsoft Corporation)
R2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [374784 2014-10-28] (Microsoft Corporation)
S4 wcncsvc; C:\Windows\System32\wcncsvc.dll [465920 2014-10-28] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43520 2014-10-28] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [34304 2014-10-28] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [95744 2014-10-28] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-10-28] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [95744 2014-10-28] (Microsoft Corporation)
R3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S4 WebClient; C:\Windows\System32\webclnt.dll [228864 2015-07-01] (Microsoft Corporation)
S4 WebClient; C:\Windows\SysWOW64\webclnt.dll [198656 2015-07-01] (Microsoft Corporation)
S4 Wecsvc; C:\Windows\system32\wecsvc.dll [209408 2014-10-28] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2014-10-28] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2014-10-28] (Microsoft Corporation)
S4 WerSvc; C:\Windows\System32\WerSvc.dll [108544 2014-10-28] (Microsoft Corporation)
S3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [802816 2014-10-28] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [631808 2014-10-28] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [230400 2014-10-28] (Microsoft Corporation)
S4 WinRM; C:\Windows\system32\WsmSvc.dll [2608640 2014-10-28] (Microsoft Corporation)
S4 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2170368 2014-10-28] (Microsoft Corporation)
R2 WlanSvc; C:\Windows\System32\wlansvc.dll [1547264 2014-10-28] (Microsoft Corporation)
S3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1639424 2014-10-28] (Microsoft Corporation)
S4 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [201728 2014-10-28] (Microsoft Corporation)
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1478144 2014-10-28] (Microsoft Corporation)
S4 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1668096 2014-10-28] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2014-10-28] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10240 2014-10-28] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2014-10-28] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [146944 2014-10-28] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-03-31] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2015-03-31] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [3460472 2014-10-28] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.)
R3 wuauserv; C:\Windows\system32\wuaueng.dll [3708416 2016-02-12] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104960 2014-10-28] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [513536 2014-10-28] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (All) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [231424 2013-08-22] (Microsoft Corporation)
S0 3ware; C:\Windows\System32\drivers\3ware.sys [108896 2013-08-22] (LSI)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [533824 2014-10-07] (Microsoft Corporation)
R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [79712 2013-08-22] (Microsoft Corporation)
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2013-08-22] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation)
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R1 AFD; C:\Windows\system32\drivers\afd.sys [559616 2015-10-13] (Microsoft Corporation)
S0 agp440; C:\Windows\System32\drivers\agp440.sys [62304 2013-08-22] (Microsoft Corporation)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [80384 2015-03-19] (Microsoft Corporation)
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [21635072 2015-09-02] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [675336 2015-09-02] (Advanced Micro Devices, Inc.)
R3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation)
S0 amdsata; C:\Windows\System32\drivers\amdsata.sys [79200 2013-08-22] (Advanced Micro Devices)
S0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259424 2013-08-22] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [25952 2013-08-22] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2014-10-28] (Microsoft Corporation)
S0 arcsas; C:\Windows\System32\drivers\arcsas.sys [114016 2013-08-22] (PMC-Sierra, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S0 atapi; C:\Windows\System32\drivers\atapi.sys [26464 2013-08-22] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2013-08-22] (Broadcom Corporation)
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [50688 2013-08-22] (Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-03-18] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [35168 2013-08-22] (Microsoft Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2013-08-22] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation)
S3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation)
S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [53248 2015-06-09] (Microsoft Corporation)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-08] (Microsoft Corporation)
S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [64000 2014-09-06] (Microsoft Corporation)
S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [118272 2015-07-10] (Microsoft Corporation)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [1201664 2015-06-09] (Microsoft Corporation)
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [81920 2015-06-09] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2013-08-22] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation)
S3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [377152 2015-03-04] (Microsoft Corporation)
S3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25472 2013-08-22] (Microsoft Corporation)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [563024 2016-05-18] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation)
R3 condrv; C:\Windows\System32\drivers\condrv.sys [43008 2013-08-22] (Microsoft Corporation)
S1 dam; C:\Windows\System32\drivers\dam.sys [58176 2014-11-04] (Microsoft Corporation)
R1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [134144 2014-09-06] (Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 disk; C:\Windows\System32\drivers\disk.sys [100192 2013-08-22] (Microsoft Corporation)
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [14528 2014-10-28] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [1549144 2016-04-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [82784 2013-08-22] (Microsoft Corporation)
S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [114016 2013-08-22] (Microsoft Corporation)
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2013-08-22] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [217952 2013-08-22] (Microsoft Corporation)
S3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2013-08-22] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [79192 2014-03-18] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2013-08-22] (Microsoft Corporation)
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [25088 2013-08-22] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [354112 2014-08-25] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [61248 2014-10-15] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [30048 2013-08-22] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [589656 2014-09-06] (Microsoft Corporation)
S3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation)
S0 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [65888 2013-08-22] (Microsoft Corporation)
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation)
S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [146752 2014-09-06] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [395776 2013-08-22] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [76800 2014-09-06] (Microsoft Corporation)
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [26624 2013-08-22] (Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [97792 2015-01-29] (Microsoft Corporation)
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation)
R3 hidkmdf; C:\Windows\System32\drivers\hidkmdf.sys [13776 2016-03-02] (Windows ® Win 7 DDK provider)
R3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [33280 2014-09-06] (Microsoft Corporation)
S0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64352 2013-08-22] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [991552 2015-02-24] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [24416 2013-08-22] (Microsoft Corporation)
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation)
S3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [108544 2014-11-04] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
S0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412000 2013-08-22] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTKVHD64.sys [4001752 2014-06-17] (Realtek Semiconductor Corp.)
S0 intelide; C:\Windows\System32\drivers\intelide.sys [18272 2013-08-22] (Microsoft Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39744 2014-10-16] (Microsoft Corporation)
S3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [79872 2014-09-06] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [142848 2014-03-18] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] (Microsoft Corporation)
S0 isapnp; C:\Windows\System32\drivers\isapnp.sys [21856 2013-08-22] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [275800 2014-09-06] (Microsoft Corporation)
R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [59712 2014-11-04] (Microsoft Corporation)
R3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2014-11-04] (Microsoft Corporation)
S3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [19456 2013-08-22] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [100672 2014-10-28] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [178016 2016-05-18] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation)
R2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [109408 2013-08-22] (LSI Corporation)
S0 LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [93536 2013-08-22] (LSI Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82784 2013-08-22] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [124416 2014-03-18] (Microsoft Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [56672 2013-08-22] (LSI Corporation)
S0 megasr; C:\Windows\System32\drivers\megasr.sys [575840 2013-08-22] (LSI Corporation, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [51008 2014-11-04] (Microsoft Corporation)
R3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2014-11-04] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [101720 2015-07-15] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2014-10-28] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2016-01-06] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [401920 2016-04-06] (Microsoft Corporation)
R2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [284672 2016-04-06] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [201728 2016-07-07] (Microsoft Corporation)
S3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2014-10-28] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [30208 2013-08-22] (Microsoft Corporation)
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [41824 2013-08-22] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2013-08-22] (Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17248 2013-08-22] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [10624 2013-08-22] (Microsoft Corporation)
S3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2014-10-28] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7040 2013-08-22] (Microsoft Corporation)
S3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6784 2013-08-22] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366432 2013-08-22] (Microsoft Corporation)
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [37728 2013-08-22] (Microsoft Corporation)
S3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [7936 2013-08-22] (Microsoft Corporation)
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [78688 2013-08-22] (Microsoft Corporation)
S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [63840 2013-08-22] (Marvell Semiconductor, Inc.)
R3 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [445440 2014-10-28] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1113944 2015-07-14] (Microsoft Corporation)
S3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2014-10-28] (Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2014-11-07] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [60416 2013-08-22] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation)
S3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [72192 2015-01-05] (Microsoft Corporation)
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2014-10-28] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2014-10-28] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [282624 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2014-10-28] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [58880 2013-08-22] (Microsoft Corporation)
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [39424 2014-10-28] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [2025792 2014-10-15] (Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2013-08-22] (Microsoft Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2013-08-22] (NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [168288 2013-08-22] (NVIDIA Corporation)
S0 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [124768 2013-08-22] (Microsoft Corporation)
S3 Parport; C:\Windows\System32\drivers\parport.sys [94208 2013-08-22] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [88896 2014-10-15] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [280384 2014-09-06] (Microsoft Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [14688 2013-08-22] (Microsoft Corporation)
S0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [114528 2013-08-22] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50016 2013-08-22] (Microsoft Corporation)
R0 pdc; C:\Windows\System32\drivers\pdc.sys [86336 2014-10-16] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2014-03-18] (Microsoft Corporation)
S3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation)
R1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151040 2014-10-28] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2014-10-28] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2014-10-28] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-03-18] (Microsoft Corporation)
S3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2014-03-18] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [27456 2014-10-28] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [249688 2014-03-18] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [921920 2014-10-15] (Microsoft Corporation)
S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [167424 2015-01-29] (Microsoft Corporation)
R2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation)
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [272600 2014-06-24] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [843480 2014-03-17] (Realtek                                            )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation                           )
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [107872 2013-08-22] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2014-10-28] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\drivers\sdbus.sys [239424 2015-03-12] (Microsoft Corporation)
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [79192 2014-03-18] (Microsoft Corporation)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2013-08-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [69472 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation)
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2013-08-22] (Microsoft Corporation)
S3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2013-08-22] (Microsoft Corporation)
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-04] (Microsoft Corporation)
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [17408 2013-08-22] (Microsoft Corporation)
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2013-08-22] (Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2013-08-22] (Silicon Integrated Systems)
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [415040 2014-10-28] (Microsoft Corporation)
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [72032 2013-08-22] (Microsoft Corporation)
R2 srv; C:\Windows\System32\DRIVERS\srv.sys [416768 2016-08-04] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [675328 2016-08-03] (Microsoft Corporation)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [243712 2016-08-03] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [31072 2013-08-22] (Promise Technology, Inc.)
R0 storahci; C:\Windows\System32\drivers\storahci.sys [107872 2013-08-22] (Microsoft Corporation)
S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [49944 2014-10-28] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation)
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [45888 2013-08-22] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\drivers\swenum.sys [14144 2014-10-28] (Microsoft Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2476376 2015-06-11] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\system32\DRIVERS\tcpip.sys [2476376 2015-06-11] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [49152 2014-09-06] (Microsoft Corporation)
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [108032 2015-10-13] (Microsoft Corporation)
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [37216 2014-03-18] (Microsoft Corporation)
S3 TPM; C:\Windows\system32\drivers\tpm.sys [155480 2015-09-29] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2014-10-28] (Microsoft Corporation)
S3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2015-09-04] (Microsoft Corporation)
S0 uagp35; C:\Windows\System32\drivers\uagp35.sys [64864 2013-08-22] (Microsoft Corporation)
S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [74080 2013-08-22] (Microsoft Corporation)
R3 UCX01000; C:\Windows\System32\drivers\ucx01000.sys [189248 2014-10-07] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316416 2015-03-12] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S0 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [65888 2013-08-22] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation)
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [143680 2014-09-06] (Microsoft Corporation)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2014-10-28] (Microsoft Corporation)
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [92504 2015-10-11] (Microsoft Corporation)
R3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [60640 2014-02-16] (Advanced Micro Devices)
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [462168 2015-10-11] (Microsoft Corporation)
R3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [468824 2015-10-11] (Microsoft Corporation)
R3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2015-10-10] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [148832 2016-01-31] (Microsoft Corporation)
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [37376 2015-10-10] (Microsoft Corporation)
R3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [325464 2015-04-16] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [37728 2013-08-22] (Microsoft Corporation)
S3 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [175960 2014-03-18] (Microsoft Corporation)
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [551232 2014-10-28] (Microsoft Corporation)
S0 viaide; C:\Windows\System32\drivers\viaide.sys [19808 2013-08-22] (VIA Technologies, Inc.)
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [97048 2014-10-28] (Microsoft Corporation)
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [74584 2016-04-11] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [377696 2013-08-22] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [310080 2014-09-06] (Microsoft Corporation)
S3 vpci; C:\Windows\System32\drivers\vpci.sys [69952 2014-10-07] (Microsoft Corporation)
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [168800 2013-08-22] (VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305504 2013-08-22] (VIA Corporation)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2013-08-22] (Microsoft Corporation)
R1 vwififlt; C:\Windows\system32\DRIVERS\vwififlt.sys [71680 2014-09-06] (Microsoft Corporation)
S3 vwifimp; C:\Windows\system32\DRIVERS\vwifimp.sys [38912 2014-09-06] (Microsoft Corporation)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [102864 2016-03-02] (Wacom Technology)
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation)
R3 wacomrouterfilter; C:\Windows\System32\drivers\wacomrouterfilter.sys [14800 2016-03-02] (Wacom Technology)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [839488 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WFPLWFS; C:\Windows\System32\DRIVERS\wfplwfs.sys [136512 2014-11-10] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [33600 2014-10-28] (Microsoft Corporation)
S3 WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [78848 2015-10-10] (Microsoft Corporation)
R3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-09-06] (Microsoft Corporation)
S3 wpcfltr; C:\Windows\System32\DRIVERS\wpcfltr.sys [54784 2014-10-28] (Microsoft Corporation)
S3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [26976 2013-08-22] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2014-10-28] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-06] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\system32\DRIVERS\atikmdag.sys 9845C6408A1AC1C5D18CACA17C5CB3F8
C:\Windows\system32\DRIVERS\atikmpag.sys E59CA16EC504092D44E80EDB96B9E5D4
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\System32\Drivers\assdv2.sys BD9FC3FA74C8927262FDB8A286449732
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\drivers\AtihdWB6.sys 9ECB91E7B64FC6B41ABFDB73F7C7E662
C:\Windows\System32\DRIVERS\avgntflt.sys AA0F13E719C3C527287AD87E9205F4D9
C:\Windows\system32\DRIVERS\avipbb.sys 9039B209BA877AF088288DB83C18D3D8
C:\Windows\system32\DRIVERS\avkmgr.sys 79F7741A773FF194EEC64A8161AE26D5
C:\Windows\system32\DRIVERS\avnetflt.sys 899D89FDF015BBAF628076987D74C295
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\BthEnum.sys 12418846B057E4F92FC621F5C6CF737D
C:\Windows\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\system32\DRIVERS\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\Windows\System32\drivers\bthmodem.sys EF4B9E7C9AD88C00C18A12B0D22D1894
C:\Windows\System32\drivers\bthpan.sys FEA8FC81431AD93F44D5FBFBBF096AA7
C:\Windows\System32\Drivers\BTHport.sys B810B2B39CCA90DC6BF42AF1658AE0D1
C:\Windows\System32\Drivers\BTHUSB.sys 52A1B7ECAB4C9EF70FD41241691E09D3
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 8EB7E70C2D348FE2476A2E3F2D585E3D
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 5CBF8B3E27D824D2AA2A34AFB406F1D0
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\system32\DRIVERS\ssudbus.sys D722BC26F7431A4DA9A183E56CA9FEE3
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\Windows\System32\drivers\dxgkrnl.sys F74B839FA0F4E6060CA1DA6B8DA17941
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidkmdf.sys 436646F307122622978338DE503FCB13
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys E87A6D3B8FECD5B93BC0CFBB48C27970
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\system32\drivers\RTKVHD64.sys F121B8C45FE6550D9E2DBC40C0A2E408
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847
C:\Windows\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys 9A788037D768809DFD677F4BA08A224A
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys D2AC8F07995CE6CD18848C129435B481
C:\Windows\System32\DRIVERS\mrxsmb.sys 5DCD41F62F71519D2A46D41F60C69B0C
C:\Windows\System32\DRIVERS\mrxsmb10.sys D7C9BC4D37BF08C7DD436A0A5F321668
C:\Windows\System32\DRIVERS\mrxsmb20.sys 4065615E836BF8C61AF6278EB2A9D1D6
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\Windows\System32\drivers\ndis.sys 97DC5967F65503213FD1F1B3E4A6F983
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys B8F36CBC72FC5C8B8A30AD850165EA8E
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 7F68063A5A0461E02BC860CE0E6BFDDC
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8
C:\Windows\System32\drivers\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\Drivers\RtsUStor.sys E902D36DD94CB4A0568DF9C26D6E4D70
C:\Windows\system32\DRIVERS\RtkBtfilter.sys 078212D920664313F2224C4F1202FAAE
C:\Windows\system32\DRIVERS\Rt630x64.sys CE9B0D2B0790C23952A3554AD375699C
C:\Windows\system32\DRIVERS\rtwlane.sys D03EBA4C40978652295512F915948D84
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Program Files\Sandboxie\SbieDrv.sys D2FA15AED5CEB66259F24B656A76B663
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\Windows\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\spaceport.sys D24B1945ED1F9C96DA786DBBF1E983CE
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 36B082C7A764A34FB1DC72D975870B61
C:\Windows\System32\DRIVERS\srv2.sys F5849909D4B29B4E3D4445F943E5C7E3
C:\Windows\System32\DRIVERS\srvnet.sys FABC49666708EA562549E78E6FBF3191
C:\Windows\system32\DRIVERS\ssudmdm.sys 36C3697CA09B23C77BDF95A6B0B57310
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\System32\drivers\tcpip.sys 746DDF7D59AB8D721C88D48434597E8D
C:\Windows\system32\DRIVERS\tcpip.sys 746DDF7D59AB8D721C88D48434597E8D
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys BBFD17B6B954FC9FA02E62D604052069
C:\Windows\system32\DRIVERS\usbfilter.sys 5A4AC5D05A7C97C68596416C05D6F2B4
C:\Windows\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\Windows\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\Windows\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\Windows\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\Windows\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys F6ECFD6128A16A4851CFE98D4E01B011
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB
C:\Windows\System32\drivers\vpci.sys EF31713EE4C7CCFE4049F7E7F15645A2
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 35BF5C5F5E3C9902C98978C7640574DA
C:\Windows\system32\DRIVERS\vwifimp.sys 65ED7B9CFEA893DF7748D5FF692690DE
C:\Windows\System32\drivers\wachidrouter.sys 8192518C03634C5AE9ABF327CBE162C6
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\System32\drivers\wacomrouterfilter.sys 9964F4E598CC594A7397BEBDEDA2EAAD
C:\Windows\system32\drivers\WdBoot.sys 81285DDC994F03379DB46419300B2DCB
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys 26B8FED3F3B85F5F0C4BD03FD00B9941
C:\Windows\System32\Drivers\WdNisDrv.sys CE67080F00E0AF32755096CEA6430ABA
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\system32\DRIVERS\WinUsb.sys 3AF1FA17F1C4ACBDB660D8F98B1A9C13
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\xusb22.sys A0F661902AFCAAD77CC2ED3894927A10
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 23:00 - 2016-09-16 23:00 - 02399232 _____ (Farbar) C:\Users\user02\Downloads\FRST64 (1).exe
2016-09-16 18:12 - 2016-05-12 13:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-09-16 18:12 - 2016-05-12 12:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-09-16 18:12 - 2016-05-12 11:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-09-16 18:12 - 2016-05-12 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-09-16 18:12 - 2016-05-12 11:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-09-16 18:12 - 2016-05-12 10:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-09-16 18:12 - 2016-05-12 10:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-09-16 18:12 - 2016-05-12 10:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-09-16 18:11 - 2016-08-04 09:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-16 18:11 - 2016-08-03 13:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-16 18:11 - 2016-08-03 13:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-16 18:11 - 2016-07-08 19:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-16 18:11 - 2016-07-08 19:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-16 18:11 - 2016-07-08 09:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-09-16 18:11 - 2016-07-08 09:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-09-16 18:11 - 2016-07-08 09:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-16 18:11 - 2016-07-08 09:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-09-16 18:11 - 2016-07-08 09:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-09-16 18:11 - 2016-07-07 17:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-16 18:11 - 2016-07-07 16:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-16 18:11 - 2016-07-07 15:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-16 18:11 - 2016-06-25 13:13 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-16 18:11 - 2016-06-25 11:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-16 18:11 - 2016-06-25 11:15 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-16 18:11 - 2016-06-25 11:13 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-16 18:11 - 2016-06-25 11:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-09-16 18:11 - 2016-06-21 13:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-09-16 18:11 - 2016-06-21 09:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-09-16 18:11 - 2016-05-18 18:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-09-16 18:11 - 2016-05-18 18:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-09-16 18:11 - 2016-05-18 18:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-16 18:11 - 2016-05-18 17:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-09-16 18:11 - 2016-05-06 10:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-09-16 18:11 - 2016-05-06 10:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-09-16 18:11 - 2016-01-30 14:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-09-16 18:11 - 2016-01-30 14:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-09-16 18:11 - 2016-01-30 13:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-09-16 18:11 - 2016-01-30 13:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-09-16 18:11 - 2016-01-30 12:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-09-16 18:11 - 2016-01-30 12:41 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-09-15 06:44 - 2016-09-16 23:08 - 00000000 ____D C:\FRST
2016-09-14 23:07 - 2016-09-14 23:07 - 33565440 _____ (Adlice Software ) C:\Users\user02\Downloads\setup.exe
2016-09-14 22:57 - 2016-09-14 22:57 - 00000082 _____ C:\Users\user02\Documents\jotti.txt
2016-09-14 20:42 - 2016-09-14 20:42 - 00001157 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-14 20:42 - 2016-09-14 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-14 20:41 - 2016-09-14 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-14 20:41 - 2016-09-14 20:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-14 20:38 - 2016-09-14 20:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-21 19:49 - 2016-08-21 19:49 - 00000000 ____D C:\Users\user02\AppData\Local\KADOKAWA
2016-08-03 22:27 - 2016-08-03 22:27 - 00000222 _____ C:\Users\user02\Desktop\I am Setsuna.url
2016-07-31 09:59 - 2016-07-31 09:59 - 00000000 ____D C:\Users\user02\Documents\FXHOME
2016-07-31 09:59 - 2016-07-31 09:59 - 00000000 ____D C:\Users\user02\AppData\Local\HitFilm 4 Express Activation
2016-07-31 09:59 - 2016-07-31 09:59 - 00000000 ____D C:\Users\user02\AppData\Local\FXHOME Helper
2016-07-31 09:59 - 2016-07-31 09:59 - 00000000 ____D C:\Users\user02\AppData\Local\FXHOME
2016-07-31 09:59 - 2016-07-31 09:59 - 00000000 ____D C:\Users\user02\AppData\Local\Crashpad
2016-07-31 09:58 - 2016-09-16 09:04 - 00000000 ____D C:\Program Files\Boris FX, Inc
2016-07-31 09:58 - 2016-07-31 09:58 - 00000000 ____D C:\ProgramData\FXHOME
2016-07-31 09:44 - 2016-07-31 09:44 - 01474568 _____ C:\Users\user02\Downloads\hitfilm-4-express.exe
2016-07-31 09:40 - 2016-07-31 09:40 - 00000000 ____D C:\Users\user02\AppData\Roaming\Blender Foundation
2016-07-31 09:34 - 2016-07-31 09:34 - 01239536 _____ (Microsoft Corporation) C:\Users\user02\Downloads\wlsetup-web (2).exe
2016-07-31 09:33 - 2016-07-31 09:33 - 00000000 ____D C:\Users\user02\.thumbnails
2016-07-31 09:31 - 2016-07-31 09:31 - 83722580 _____ C:\Users\user02\Downloads\blender-2.77a-windows64.msi
2016-07-31 09:30 - 2016-07-31 09:30 - 01239536 _____ (Microsoft Corporation) C:\Users\user02\Downloads\wlsetup-web (1).exe
2016-07-31 09:28 - 2016-07-31 09:28 - 01239752 _____ (Microsoft Corporation) C:\Users\user02\Downloads\wlsetup-web.exe
2016-07-31 09:20 - 2016-07-31 09:20 - 00003584 _____ C:\Users\user02\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-25 19:35 - 2016-07-25 19:35 - 13701120 _____ C:\Users\user01\Desktop\lkjklkl.evtx
2016-07-25 19:35 - 2016-07-25 19:35 - 00000000 ____D C:\Users\user01\Desktop\LocaleMetaData
2016-07-23 09:41 - 2016-07-23 09:41 - 00000000 ____D C:\Users\user02\AppData\LocalLow\Blizzard Entertainment
2016-07-09 06:44 - 2016-07-09 06:44 - 00000000 ____D C:\Users\user02\AppData\Local\UnrealEngine
2016-07-09 06:44 - 2016-07-09 06:44 - 00000000 ____D C:\Users\user02\AppData\Local\RON
2016-07-08 00:24 - 2016-08-22 07:20 - 00000000 ____D C:\Users\user02\Desktop\otak
2016-07-03 14:33 - 2016-07-03 14:33 - 00000000 ____D C:\Users\user02\AppData\Local\Wacom
2016-07-03 14:33 - 2016-07-03 14:33 - 00000000 ____D C:\Users\user02\.android
2016-07-03 14:25 - 2016-07-03 14:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2016-07-03 14:25 - 2016-07-03 14:25 - 00000000 ____D C:\Users\user01\AppData\Local\Wacom
2016-07-03 14:25 - 2016-07-03 14:25 - 00000000 ____D C:\Users\user01\.android
2016-06-27 18:49 - 2016-06-27 18:49 - 00000222 _____ C:\Users\user02\Desktop\Bloodstained Ritual of the Night.url
2016-06-26 13:46 - 2016-06-26 13:46 - 00000000 ____D C:\Users\user02\Documents\Darkest
2016-06-26 09:44 - 2016-06-26 09:44 - 00000000 ____D C:\Users\user01\AppData\Roaming\Easeware
2016-06-26 09:40 - 2016-07-03 14:25 - 00000000 ____D C:\Users\user01\AppData\Roaming\WTablet
2016-06-25 21:40 - 2016-06-25 21:40 - 00000000 ____D C:\Users\user02\AppData\LocalLow\Obsidian Entertainment
2016-06-25 10:35 - 2016-06-25 10:35 - 00000000 ____D C:\Users\user02\Documents\Commandos - Behind Enemy Lines
2016-06-25 10:10 - 2016-06-25 10:10 - 00000000 ____D C:\Users\user02\AppData\Local\CAPCOM
2016-06-24 21:52 - 2016-06-25 10:51 - 00000000 ____D C:\Users\user02\Documents\Icewind Dale - Enhanced Edition
2016-06-24 21:48 - 2016-06-24 21:48 - 00000000 ____D C:\Users\user02\AppData\LocalLow\Phoenix Online Studios
2016-06-24 18:24 - 2016-06-24 18:24 - 00000222 _____ C:\Users\user02\Desktop\Torchlight II.url
2016-06-24 18:24 - 2016-06-24 18:24 - 00000222 _____ C:\Users\user02\Desktop\SOMA.url
2016-06-24 18:23 - 2016-06-24 18:23 - 00000222 _____ C:\Users\user02\Desktop\Resident Evil 0  biohazard 0 HD REMASTER.url
2016-06-24 18:23 - 2016-06-24 18:23 - 00000222 _____ C:\Users\user02\Desktop\Pillars of Eternity.url
2016-06-24 18:23 - 2016-06-24 18:23 - 00000222 _____ C:\Users\user02\Desktop\Learn Japanese To Survive - Hiragana Battle.url
2016-06-24 18:22 - 2016-06-24 18:22 - 00000222 _____ C:\Users\user02\Desktop\Icewind Dale Enhanced Edition.url
2016-06-24 18:22 - 2016-06-24 18:22 - 00000220 _____ C:\Users\user02\Desktop\Commandos Behind Enemy Lines.url
2016-06-23 19:57 - 2016-06-23 19:57 - 00000222 _____ C:\Users\user02\Desktop\Gabriel Knight - Sins of the Fathers.url
2016-06-23 18:51 - 2016-06-23 18:51 - 00000222 _____ C:\Users\user02\Desktop\Tales of Symphonia.url
2016-06-23 18:51 - 2016-06-23 18:51 - 00000222 _____ C:\Users\user02\Desktop\Darkest Dungeon.url
2016-06-23 18:50 - 2016-06-23 18:50 - 00000222 _____ C:\Users\user02\Desktop\Grandia II Anniversary Edition.url
2016-06-22 21:16 - 2016-07-31 09:24 - 00000000 ____D C:\Users\user02\Documents\Intelli-studio
2016-06-22 21:13 - 2016-07-31 09:24 - 00000000 ____D C:\Users\user02\AppData\Roaming\Intelli-studio
2016-06-22 20:35 - 2016-06-22 20:35 - 00000000 ____D C:\Users\user01\Documents\Intelli-studio
2016-06-22 20:34 - 2016-06-22 21:06 - 00000000 ____D C:\Users\user01\AppData\Roaming\Intelli-studio
2016-06-22 20:34 - 2016-06-22 20:34 - 00002003 _____ C:\Users\Public\Desktop\Intelli-studio.lnk
2016-06-22 20:34 - 2016-06-22 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2016-06-22 20:34 - 2016-06-22 20:34 - 00000000 ____D C:\Program Files (x86)\SAMSUNG
2016-06-22 20:32 - 2016-06-22 20:32 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-19 10:36 - 2016-07-03 14:33 - 00000000 ____D C:\Users\user02\AppData\Roaming\WTablet
2016-06-19 10:34 - 2016-07-03 14:22 - 00000000 ____D C:\Program Files\Tablet
2016-06-19 10:34 - 2016-06-19 10:34 - 00000000 ____D C:\Program Files\TabletPlugins
2016-06-19 10:34 - 2016-06-19 10:34 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2016-06-19 10:34 - 2016-03-21 15:28 - 02116560 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2016-06-19 10:34 - 2016-03-21 15:28 - 01979344 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2016-06-19 10:34 - 2016-03-21 15:28 - 01695696 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2016-06-19 10:34 - 2016-03-21 15:28 - 01583568 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2016-06-19 10:34 - 2016-03-02 18:05 - 00102864 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2016-06-19 10:34 - 2016-03-02 18:05 - 00014800 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2016-06-19 10:34 - 2016-03-02 18:05 - 00013776 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2016-06-19 10:34 - 2015-05-26 17:33 - 01959616 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2016-06-19 10:34 - 2015-05-26 17:33 - 01952448 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2016-06-19 10:34 - 2015-05-26 17:33 - 01590464 ____N (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2016-06-19 10:34 - 2015-05-26 17:33 - 01583296 ____N (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2016-06-19 10:34 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2016-06-19 10:34 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 22:59 - 2016-04-16 09:24 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 22:58 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-16 22:32 - 2016-04-16 09:24 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 22:24 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-09-16 18:14 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-09-16 18:13 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-16 10:51 - 2015-11-28 20:33 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3426533655-1647404870-3214638991-1002
2016-09-16 09:31 - 2016-04-16 09:24 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 09:31 - 2016-04-16 09:24 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-15 06:33 - 2015-11-29 16:02 - 00004042 _____ C:\Windows\Sandboxie.ini
2016-09-14 21:16 - 2015-12-13 09:56 - 00000000 ____D C:\Program Files (x86)\br
2016-09-14 20:42 - 2016-06-05 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-14 20:42 - 2015-01-15 04:03 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-14 20:38 - 2015-12-05 08:30 - 00000000 ____D C:\Users\user02\Documents\ss
2016-09-14 19:01 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-11 20:11 - 2015-11-29 14:29 - 00000000 ____D C:\Users\user02\AppData\Local\Battle.net
2016-09-11 20:10 - 2015-11-29 14:16 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-09-11 20:09 - 2015-11-29 14:12 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-31 21:28 - 2016-05-05 20:11 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-27 21:04 - 2015-12-05 11:27 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-08-26 23:46 - 2015-11-30 20:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-26 23:42 - 2016-02-07 09:24 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-08-21 06:05 - 2016-06-04 08:07 - 00000000 ____D C:\Users\user02\AppData\Roaming\vlc
 
==================== Files in the root of some directories =======
 
2015-12-30 21:44 - 2015-12-30 21:44 - 0927824 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2015-11-28 19:23 - 2016-07-25 20:18 - 0037177 _____ () C:\Users\user01\AppData\Local\BTServer.log
2016-02-19 23:09 - 2016-02-19 23:09 - 0000017 _____ () C:\Users\user01\AppData\Local\resmon.resmoncfg
2015-01-15 03:37 - 2015-01-15 03:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\user01\AppData\Local\Temp\avgnt.exe
C:\Users\user01\AppData\Local\Temp\procexp64.exe
C:\Users\user02\AppData\Local\Temp\avgnt.exe
C:\Users\user02\AppData\Local\Temp\FoxitUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
timeout                 2
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {54bf810e-c24f-11e4-844b-f28369aae93e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {d5bf2952-c253-11e4-897d-a255d06a66cd}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {54bf810e-c24f-11e4-844b-f28369aae93e}
nx                      AlwaysOn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {d5bf2952-c253-11e4-897d-a255d06a66cd}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{d5bf2953-c253-11e4-897d-a255d06a66cd}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{d5bf2953-c253-11e4-897d-a255d06a66cd}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {54bf810e-c24f-11e4-844b-f28369aae93e}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {d5bf2952-c253-11e4-897d-a255d06a66cd}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {d5bf2953-c253-11e4-897d-a255d06a66cd}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2016-09-16 10:51
 
==================== End of FRST.txt ============================
 
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by user01 (16-09-2016 23:08:29)
Running from C:\Program Files (x86)\br\tdsskiller
Windows 8.1 (Update) (X64) (2015-11-29 00:23:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3426533655-1647404870-3214638991-500 - Administrator - Disabled)
Guest (S-1-5-21-3426533655-1647404870-3214638991-501 - Limited - Disabled)
user01 (S-1-5-21-3426533655-1647404870-3214638991-1001 - Administrator - Enabled) => C:\Users\user01
user02 (S-1-5-21-3426533655-1647404870-3214638991-1002 - Limited - Enabled) => C:\Users\user02
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{B5550B26-CD14-054D-FF0A-83405AE096B9}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.00.04 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.06 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.05 - ASUSTeK Computer Inc.)
ASUS Manager - SyncUp (HKLM-x32\...\{C2294792-457D-4DF7-9486-B630754C73D0}) (Version: 2.00.07 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.08 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.09.05 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden
Bastion (HKLM\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bloodstained: Ritual of the Night (HKLM\...\Steam App 477970) (Version:  - )
Broken Sword 1 - Shadow of the Templars: Director's Cut (HKLM-x32\...\Steam App 57640) (Version:  - Revolution Software Ltd)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clockwork Empires (HKLM-x32\...\Steam App 224740) (Version:  - Gaslamp Games, Inc.)
Commandos: Behind Enemy Lines (HKLM\...\Steam App 6800) (Version:  - Pyro Studios)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic Entertainment)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity: Original Sin Enhanced Edition (HKLM-x32\...\Steam App 373420) (Version:  - Larian Studios)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
Gabriel Knight - Sins of the Fathers (HKLM\...\Steam App 262000) (Version:  - Phoenix Online Studios)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grandia II Anniversary Edition (HKLM\...\Steam App 330390) (Version:  - GAME ARTS Co., Ltd.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I am Setsuna (HKLM\...\Steam App 441830) (Version:  - Tokyo RPG Factory)
Icewind Dale: Enhanced Edition (HKLM\...\Steam App 321800) (Version:  - Beamdog)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\...\Juniper_Setup_Client) (Version: 7.4.13.48589 - Juniper Networks, Inc.)
King's Bounty: Crossworlds (HKLM\...\Steam App 63910) (Version:  - Katauri Interactive)
Learn Japanese To Survive - Hiragana Battle (HKLM\...\Steam App 438270) (Version:  - Sleepy Duck Educational Games)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pillars of Eternity (HKLM\...\Steam App 291650) (Version:  - Obsidian Entertainment)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30179 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
Resident Evil 0 / biohazard 0 HD REMASTER (HKLM\...\Steam App 339340) (Version:  - CAPCOM Co., Ltd.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SOMA (HKLM\...\Steam App 282140) (Version:  - Frictional Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Symphonia (HKLM\...\Steam App 372360) (Version:  - BANDAI NAMCO Entertainment Inc.)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version:  - Tango Gameworks)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Transistor (HKLM\...\Steam App 237930) (Version:  - Supergiant Games)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.12-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1EABA053-4156-4ED8-947A-094D1C94FA44} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2014-03-20] ()
Task: {23BE600B-E173-4942-A8F6-BD65F2E4458D} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-06-03] ()
Task: {7CC5EAE2-0135-434D-B19B-70638B59D569} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-09-12] (ASUSTeK)
Task: {8A6F8D6A-A0D9-4E3D-9C69-F60DB7F1556B} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2014-03-18] ()
Task: {9CE1FF4E-2E20-462F-ADE2-F10F953CE3C5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-06-05] (Microsoft Corporation)
Task: {A71A619C-0F91-4F6C-95C6-7883240CB840} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)
Task: {B9C561F6-B618-4295-A135-04BFB759641B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)
Task: {D69D3BEA-0508-490B-B175-28FF696212FA} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {DF43A3EB-B801-4CD4-AB46-8419D0BAF5BB} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {ECAECB59-8445-480D-AC9C-D156824A3F97} - System32\Tasks\ASUS\SyncUp => C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe [2014-11-03] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-04 04:27 - 2013-09-26 13:15 - 00059392 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-03-11 16:43 - 2015-03-11 16:43 - 00157344 _____ () C:\Program Files (x86)\EMET 5.2\HelperLib.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00018584 _____ () C:\Program Files (x86)\EMET 5.2\ReportingSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00052384 _____ () C:\Program Files (x86)\EMET 5.2\PKIPinningSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00035992 _____ () C:\Program Files (x86)\EMET 5.2\TrayIconSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00036504 _____ () C:\Program Files (x86)\EMET 5.2\TelemetrySubsystem.dll
2014-03-19 13:31 - 2014-03-19 13:31 - 00348160 _____ () C:\Program Files (x86)\EMET 5.2\DevExpress.UserSkins.HighContrast.dll
2015-03-04 04:31 - 2014-03-12 17:51 - 00907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2016-06-19 10:34 - 2015-05-26 17:33 - 01347264 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-11-29 09:30 - 2015-11-18 02:03 - 00666083 _____ () C:\Windows\SoftwarePolicy\softwarepolicystart.exe
2013-06-05 18:51 - 2013-06-05 18:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 18:51 - 2013-06-05 18:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-03-04 04:30 - 2013-11-06 05:58 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-03-04 04:31 - 2014-01-22 13:36 - 00753664 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\WiMoveHelp.dll
2015-03-04 04:31 - 2014-01-22 13:35 - 00684032 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\PhoneCtrlAPI.dll
2015-03-04 04:30 - 2016-09-16 23:00 - 00036352 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-03-04 04:30 - 2010-06-28 21:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.png
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.png
DNS Servers: 8.8.8.8 - 209.244.0.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WMPNSS-Out-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-UPnP-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{FBF475E7-8A92-48B9-AA74-E5CD9E056CF5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{688DFF26-41A7-4733-B814-169CCD30825F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC2890FE-3C16-4485-9BF2-E380273A6AE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C3FD3384-3663-4BC7-89F3-E67D3F65231C}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0666DE20-4E49-4F11-B4D9-A8A98F7DDBD0}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [{F338F3DA-BEAC-4B1C-8629-AB9741425C23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2D924D0A-2C14-4FDF-83FE-6A9B13FEDCFF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58560AD0-DC78-42C6-A35E-38A454316CCC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AC47EC09-543C-42A1-B629-D5BB51415803}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{987C0A21-838B-4321-9B7C-2C9C9172B5B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword Shadow of the Templars\bs1dc.exe
FirewallRules: [{03676ED0-9657-4FB3-B365-4A5D86DD4506}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword Shadow of the Templars\bs1dc.exe
FirewallRules: [{FABF295C-E2E2-4191-B80F-F9D4CF2FEEA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{9D19E6E5-8650-4240-9B01-37E8F99F58E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{BF512CA6-A136-4DFE-B806-47C65CE7CDCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{0AF741F7-6528-4CEA-B129-E14DD1A984D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{88440F3E-2533-4A94-9A25-B8F90EA09479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clockwork Empires\Clockwork Empires.exe
FirewallRules: [{17C8FB55-D3B3-4863-8863-DDE83E69CE51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clockwork Empires\Clockwork Empires.exe
FirewallRules: [{953273DB-2576-4F02-89CE-1CD31C19AD21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{C8DF3D89-FD18-4E21-870B-10D1FE6FF9BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [TCP Query User{FDB77321-7CBC-42FA-878A-B65681340205}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{B4965B3E-BF07-4F99-8DBC-3F2B59A437E0}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{FC158D80-6177-48DB-91DD-6F647FFFA6FE}] => (Allow) %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB78989F-ADCC-4F98-A7BF-0FE0C96D199E}] => (Allow) %ProgramFiles% (x86)\Steam\Steam.exe
FirewallRules: [{21327A16-905D-4588-945B-4F95658D3B22}] => (Allow) %ProgramFiles% (x86)\Steam\Steam.exe
FirewallRules: [{3C5DE34A-DD0E-462E-A02B-19B414DC9395}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net.6382\Battle.net.exe
FirewallRules: [{8E6D3BF6-C048-42D6-88C9-274691DD3533}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net.6382\Battle.net.exe
FirewallRules: [{96746A8C-4AF7-4A24-98BA-05FDE44A46D3}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net Launcher.exe
FirewallRules: [{84268244-CA84-4D62-B5B6-D09D15EF9F60}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net Launcher.exe
FirewallRules: [{9772B089-6DD1-4598-91FE-800B736FABBC}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net.6526\Battle.net.exe
FirewallRules: [{AF12C844-5F61-46C8-A877-97F7609DAA34}] => (Allow) %ProgramFiles% (x86)\Steam\Steam.exe
FirewallRules: [{E6804265-1FD1-48BC-8A10-C789371BF640}] => (Allow) %ProgramFiles% (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{4881F8CC-89E8-411B-A6AB-0DBEE152C88B}] => (Allow) %ProgramFiles% (x86)\Avira\Antivirus\update.exe
FirewallRules: [{F513399A-F8A4-43BA-9B38-6ACE2B704CA2}] => (Allow) %ProgramFiles% (x86)\Avira\Antivirus\avgnt.exe
FirewallRules: [{990FE437-91C2-438C-9540-C42D381E3B85}] => (Allow) %ProgramFiles% (x86)\Avira\Antivirus\avadmin.exe
FirewallRules: [TCP Query User{5A330D22-418E-4A42-9B35-CAEA8CB56C36}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm.exe
FirewallRules: [UDP Query User{7ABFF56A-90B3-48C2-9445-811325B0C17C}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm.exe
FirewallRules: [{A14E614F-5424-4841-9BDC-8C35FC525E5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{7810A338-8269-498A-8D6C-2676AA57E269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{D8BEAAD7-119E-4483-B564-12A0CCDE5EED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{E1B8C4C9-76F8-47E1-A60A-08E3E88B4E6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{86192BDF-0AD4-4169-AE9D-403572CD5B1A}] => (Allow) %ALLUSERSPROFILE%\Battle.net\Agent\Agent.4584\Agent.exe
FirewallRules: [TCP Query User{DA3AE5C8-B639-4A32-832A-9578DB643D6D}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{82D8FA16-AC51-4A38-95AF-617D13B4C11F}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [{6F9F92AA-F177-42D1-9729-1630C7829E80}] => (Allow) %ProgramFiles% (x86)\StarCraft II\Versions\Base42932\SC2_x64.exe
FirewallRules: [TCP Query User{29A1519A-5427-421D-97EE-DFE0BBF73E09}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{D7D61AA0-DC8F-4D83-8AC9-307A79DFD204}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{E9FEF360-3918-4A44-8BFD-F202C6261FC0}] => (Allow) %ProgramFiles% (x86)\Steam\GameOverlayUI.exe
FirewallRules: [TCP Query User{08E1B947-9AC7-46D0-ABC7-C419DBA7DAD9}C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4C41D00A-9555-42F7-9D97-D64973174DF6}C:\program files (x86)\heroes of the storm\versions\base39445\heroesofthestorm_x64.exe] => (Allow) %ProgramFiles% (x86)\Heroes of the Storm\Versions\Base39709\HeroesOfTheStorm_x64.exe
FirewallRules: [{2D595A8C-FB23-4EE2-BC31-EF66003636F3}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net.exe
FirewallRules: [{39A8993D-2777-427B-BA96-0D80E19B96C5}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net Launcher.exe
FirewallRules: [{7FAC5E0D-DA81-42CB-B9B6-F1B1165C8A30}] => (Allow) %ALLUSERSPROFILE%\Battle.net\Agent\Agent.5136\Agent.exe
FirewallRules: [{2D04A0FC-2F7E-4D84-BAD2-10E2885A608F}] => (Allow) %ALLUSERSPROFILE%\Battle.net\Agent\Agent.exe
FirewallRules: [TCP Query User{BE149E46-CB03-42FF-8D8A-A09ACFA5C369}C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm.exe
FirewallRules: [UDP Query User{BE90B984-60D2-49B1-AF13-6EA05DB1A756}C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm.exe
FirewallRules: [{7783B61B-56F0-4A48-BF07-9119E914ED09}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net.7939\Battle.net.exe
FirewallRules: [TCP Query User{D4ED2C73-4564-405C-9737-1F82100DE781}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2D5A9D24-57FE-470B-94CE-B67552256D8A}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{9510214C-DDFB-4663-8FA0-1D5064A04501}] => (Allow) %ProgramFiles% (x86)\NCWest\NCLauncher\NCLauncher.exe
FirewallRules: [{BDFED72F-ACFA-43F2-96D1-581068C04FBD}] => (Allow) %ProgramFiles% (x86)\NCWest\NCLauncher\NCLauncherR.exe
FirewallRules: [{0EB50F1B-B721-4C97-9064-0F1AA708351B}] => (Allow) %ProgramFiles% (x86)\Steam\Steam.exe
FirewallRules: [{68604D77-7D20-4C78-A2F8-6AF7F2A05ABD}] => (Allow) %ALLUSERSPROFILE%\Battle.net\Agent\Agent.4869\Agent.exe
FirewallRules: [{3C48A965-4199-4F16-905C-DC5519426A10}] => (Allow) %ProgramFiles% (x86)\Battle.net\Battle.net.7113\Battle.net.exe
FirewallRules: [{0E66E573-0BB5-45D3-A8D2-6B115878542B}] => (Allow) %ProgramFiles% (x86)\Heroes of the Storm\Versions\Base45228\HeroesOfTheStorm_x64.exe
FirewallRules: [{125FC625-C058-4CD3-B985-48470970F823}] => (Allow) %ProgramFiles% (x86)\Heroes of the Storm\Heroes of the Storm.exe
FirewallRules: [{79CA7AE4-0096-4899-BDEA-E5247FBF2DC9}] => (Allow) %ProgramFiles% (x86)\Diablo III\Diablo III Launcher.exe
FirewallRules: [{0B21259F-FFDB-4245-9208-3030D45AC334}] => (Allow) %ProgramFiles% (x86)\Diablo III\Diablo III.exe
FirewallRules: [{F7C46A7A-A150-4AFE-852E-6E9541FE1C3A}] => (Allow) %ProgramFiles% (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E4C03678-46B3-4889-8758-F0EB442EF687}] => (Allow) %ProgramFiles% (x86)\Diablo III\Diablo III Launcher.exe
FirewallRules: [TCP Query User{D28149B4-CF14-4267-A848-E7774F0F0FB9}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7973730E-F179-4AC4-99F5-15019988F2D8}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [{1EC13BEC-9647-4767-86D9-EDACE6FDF45C}] => (Allow) %ProgramFiles%\ChromeSetup.exe
FirewallRules: [{FDE48127-61A6-484A-BBFF-2F7076CBE090}] => (Allow) %ProgramFiles%\ChromeSetup.exe
FirewallRules: [{71DB01C4-BE21-4A8E-9003-253A02AF0485}] => (Allow) %ProgramFiles% (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{181C2C53-8D52-4E16-A574-4F4CDF91515D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{A6089555-E44C-4458-82C7-A4025C29F61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{C674E48E-8FCA-43F0-9C42-84FE33C0305C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{1FFDD37A-6043-4B95-A765-D9D839BF7038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{F10C1B81-5991-4FEC-8E44-4CA99EB069EC}] => (Allow) %ProgramFiles% (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{47D3206A-85DE-4E80-AA5F-B5048DC46844}] => (Allow) %ProgramFiles% (x86)\Hearthstone\Hearthstone Beta Launcher.exe
FirewallRules: [{A63E6811-A4AC-4DCA-8FC9-506DAE9762D8}] => (Allow) %ProgramFiles% (x86)\Overwatch\Overwatch Launcher.exe
FirewallRules: [{5AA3C754-FED2-4F4A-8E92-50AF2EA87797}] => (Allow) %ProgramFiles% (x86)\Overwatch\Overwatch.exe
FirewallRules: [TCP Query User{2045A458-5CFC-4824-86D7-5D9FA093B942}C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3BEC3C7E-66E7-40F5-AB51-F33D79ED7906}C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3F69AA9D-605B-4BEC-8C3A-83F559D36035}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{60A48894-DAE8-46BA-B57D-7CC9D29850A4}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [{99C9ADFF-1E3D-4A7F-B88D-ABBBA929D930}] => (Allow) %ProgramFiles% (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [{41C13CB6-A253-4412-B23C-B045A762B8F8}] => (Allow) %ProgramFiles% (x86)\VideoLAN\VLC\vlc.exe
FirewallRules: [{F3BD4D08-2DA9-436B-9803-DD0EB3C7FFED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{ACCD71A8-CBCB-416F-A7AA-5DF9080EFE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kings Bounty Crossworlds\KB.exe
FirewallRules: [{D902407A-E601-4BD9-9F56-5E521D8371A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{19E720AD-BE57-4D36-BB66-AA32BD19C6AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{C60EDCB3-4D70-4DF7-974F-18306FE85840}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{586E7F5F-EC8F-423B-9F18-C3B98B82405A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{C0808572-2D4F-4F57-9A6E-1CC33B5DC082}] => (Allow) %ProgramFiles% (x86)\Steam\bin\steamservice.exe
FirewallRules: [{FF001C70-3443-4B57-8608-B07C3156EBD3}] => (Allow) %ProgramFiles% (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{07C0E701-7909-491B-B4C8-13F041E03C23}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{169D2A35-07EB-4873-AB08-5546C016A6BB}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [{061E6AC8-0223-4424-914C-4D668ED8FCC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grandia II Anniversary Edition\grandia2.exe
FirewallRules: [{9398F696-4C86-4E86-9662-83ADA72C5C1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grandia II Anniversary Edition\grandia2.exe
FirewallRules: [{70EEE323-84B8-402F-B525-AC483D082ADE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grandia II Anniversary Edition\Grandia2Launcher.exe
FirewallRules: [{EBDB5684-C3DF-4DFA-8C18-EFAA53D40D7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grandia II Anniversary Edition\Grandia2Launcher.exe
FirewallRules: [{A440C9D0-F197-4BE2-B506-068C3C8CD0BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{658CB9F1-1178-4126-9608-F2FCE9211E75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
FirewallRules: [{D1907C44-52BD-4F38-964A-44CB3F60AC21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gabriel Knight 1\GK1.exe
FirewallRules: [{39D0144B-465A-456F-AC80-4270615CBC27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gabriel Knight 1\GK1.exe
FirewallRules: [{119A835F-0922-400D-8EBB-B2FE0819F4FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commandos Behind Enemy Lines\Comandos.exe
FirewallRules: [{B839B09E-7E2E-4C4E-8FAF-C22B0D0B88DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commandos Behind Enemy Lines\Comandos.exe
FirewallRules: [{9E06572A-9640-42EB-9B74-CF7B961E40E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe
FirewallRules: [{6EE11DAD-0B5A-496C-889C-30D1C870BE30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Commandos Behind Enemy Lines\Legacy\Comandos.exe
FirewallRules: [{857F853F-327F-4A84-97DD-59D37C248AF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe
FirewallRules: [{2010D8CC-2DF9-474F-9333-5A39BD69BE24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe
FirewallRules: [{A1437B7D-8C4B-4DA9-A194-95F80C69ACF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{6C498CC5-18B7-4564-93E6-7AA09A2DF597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HiraganaBattle\Learn Japanese To Survive - Hiragana Battle.exe
FirewallRules: [{2B4406E6-C83B-425C-80A3-11397307EAE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{051FA201-C118-4FF5-82D8-2658EE4A6C23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{444B0226-65C6-4A4E-936E-F858626ED747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 0\re0hd.exe
FirewallRules: [{370AE6C7-34BD-4941-B1B9-80E6A7AC5A22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 0\re0hd.exe
FirewallRules: [{9FF6C8E4-A1E2-4B93-AC20-698626E5718C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SOMA\Soma.exe
FirewallRules: [{8166E6C7-E885-453C-81DB-597F32353AF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SOMA\Soma.exe
FirewallRules: [{83DE3AFE-FCF7-46D6-8814-0A7D32196CF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{D3267C6C-B5DB-4D06-B0BA-5E361741A315}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{3CBC607F-4431-4EF8-BF1B-8B2355519FC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{D4718BAC-4E74-4519-BD1F-AF3FD8DFE513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{3A9CAB77-CF94-4D43-AEE5-70C12D725F6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloodstained Ritual of the Night\Bloodstained.exe
FirewallRules: [{401A82CE-85FE-4E50-BEC6-D54ED3CF665D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloodstained Ritual of the Night\Bloodstained.exe
FirewallRules: [TCP Query User{98155DC4-A89E-4FF0-9577-7672ACFCE035}C:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\ron\binaries\win64\ron-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\ron\binaries\win64\ron-win64-shipping.exe
FirewallRules: [UDP Query User{6A3C989A-9037-4568-841C-948BDC6DC13A}C:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\ron\binaries\win64\ron-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\ron\binaries\win64\ron-win64-shipping.exe
FirewallRules: [{018D0E4B-8A0B-41DE-82D3-08244A040FD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{72AFEEE3-EDAC-4F5D-8418-2C17892E4683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{961F6263-D3D5-40EF-B634-E4EEF5047443}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
FirewallRules: [{5243B9AE-39DD-4500-B497-E9A8FC646561}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
FirewallRules: [{E607AFCA-2E86-4350-A973-EFDB11A6BE16}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe
FirewallRules: [{AF4D44EE-5494-4C80-96CB-446A5222D87A}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe
FirewallRules: [{3CB2F4D0-0A92-4B23-8FE2-FC5CF8C5FC8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SETSUNA\SETSUNA.exe
FirewallRules: [{F1746641-71C3-4C88-8149-D3801AC91934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SETSUNA\SETSUNA.exe
FirewallRules: [TCP Query User{567B0B35-E4CE-47D1-9525-EE573E8B9F3D}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{7F1D315B-7AE0-42E5-8A20-AECB28C16234}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{CC100441-672A-4CB4-AD9D-165756D1F33A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{482477EA-70F9-4988-AE85-5613D920A191}] => (Allow) %ProgramFiles% (x86)\br\tdsskiller\FRST64.exe
 
==================== Restore Points =========================
 
25-08-2016 21:23:39 Scheduled Checkpoint
02-09-2016 23:15:30 Scheduled Checkpoint
09-09-2016 23:31:29 Scheduled Checkpoint
16-09-2016 09:01:39 Removed Blender
16-09-2016 09:02:48 Removed HitFilm 4 Express
16-09-2016 09:04:31 Removed Blender
 
==================== Faulty Device Manager Devices =============
 
Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
Description: Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek Bluetooth 4.0 + High Speed Chip
Description: Realtek Bluetooth 4.0 + High Speed Chip
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2016 10:48:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\RltkAPO64.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Audio Device Graph Isolation because of this error.
 
Program: Windows Audio Device Graph Isolation
File: C:\Windows\System32\RltkAPO64.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000428
Disk type: 3
 
Error: (09/14/2016 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8
Faulting module name: RltkAPO64.dll, version: 11.0.6000.380, time stamp: 0x539ab2a5
Exception code: 0xc0000006
Fault offset: 0x0000000000157697
Faulting process id: 0x13a4
Faulting application start time: 0x01d20f0403f45f2b
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\system32\RltkAPO64.dll
Report Id: 41acd721-7af7-11e6-832a-54a05088bfcd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2016 10:48:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\RltkAPO64.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Audio Device Graph Isolation because of this error.
 
Program: Windows Audio Device Graph Isolation
File: C:\Windows\System32\RltkAPO64.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000428
Disk type: 3
 
Error: (09/14/2016 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8
Faulting module name: RltkAPO64.dll, version: 11.0.6000.380, time stamp: 0x539ab2a5
Exception code: 0xc0000006
Fault offset: 0x0000000000157697
Faulting process id: 0x1698
Faulting application start time: 0x01d20f0403e6115d
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\system32\RltkAPO64.dll
Report Id: 419e88ab-7af7-11e6-832a-54a05088bfcd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2016 10:48:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\RltkAPO64.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Audio Device Graph Isolation because of this error.
 
Program: Windows Audio Device Graph Isolation
File: C:\Windows\System32\RltkAPO64.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000428
Disk type: 3
 
Error: (09/14/2016 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8
Faulting module name: RltkAPO64.dll, version: 11.0.6000.380, time stamp: 0x539ab2a5
Exception code: 0xc0000006
Fault offset: 0x0000000000157697
Faulting process id: 0x1710
Faulting application start time: 0x01d20f0403d560a9
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\system32\RltkAPO64.dll
Report Id: 418dd839-7af7-11e6-832a-54a05088bfcd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2016 10:48:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\RltkAPO64.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Audio Device Graph Isolation because of this error.
 
Program: Windows Audio Device Graph Isolation
File: C:\Windows\System32\RltkAPO64.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000428
Disk type: 3
 
Error: (09/14/2016 10:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8
Faulting module name: RltkAPO64.dll, version: 11.0.6000.380, time stamp: 0x539ab2a5
Exception code: 0xc0000006
Fault offset: 0x0000000000157697
Faulting process id: 0x1528
Faulting application start time: 0x01d20f03fed9d652
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\system32\RltkAPO64.dll
Report Id: 3c8feb7b-7af7-11e6-832a-54a05088bfcd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/14/2016 10:48:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\RltkAPO64.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Audio Device Graph Isolation because of this error.
 
Program: Windows Audio Device Graph Isolation
File: C:\Windows\System32\RltkAPO64.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000428
Disk type: 3
 
Error: (09/14/2016 10:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8
Faulting module name: RltkAPO64.dll, version: 11.0.6000.380, time stamp: 0x539ab2a5
Exception code: 0xc0000006
Fault offset: 0x0000000000157697
Faulting process id: 0xd88
Faulting application start time: 0x01d20f03fecb8865
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\system32\RltkAPO64.dll
Report Id: 3c83ffd2-7af7-11e6-832a-54a05088bfcd
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/16/2016 10:56:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sandboxie Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/16/2016 10:52:15 PM) (Source: DCOM) (EventID: 10010) (User: labtop01)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (09/16/2016 06:45:42 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/16/2016 06:14:17 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (09/16/2016 10:58:05 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/15/2016 07:00:12 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/14/2016 11:53:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/14/2016 11:53:50 PM) (Source: DCOM) (EventID: 10010) (User: labtop01)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (09/13/2016 12:45:46 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (09/11/2016 10:13:41 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8310 Eight-Core Processor 
Percentage of memory in use: 19%
Total physical RAM: 8107.42 MB
Available physical RAM: 6561.33 MB
Total Virtual: 8939.42 MB
Available Virtual: 6926.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1847.81 GB) (Free:1527.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 9B7CD077)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 I'll be out of town starting this Sunday and be back Thursday night so I won't be able to run anything when this thread gets picked up but please do not close this thread. Again, I appreciate any assistance on this.
 
Thank you
 
 


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 17 September 2016 - 09:33 AM

Greetings user001 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

Can you tell me if you set these types of Software policies?

HKLM Group Policy restriction on software: c:\windows\Tasks <====== ATTENTION

Edited by Oh My!, 17 September 2016 - 09:41 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 17 September 2016 - 05:59 PM

Hi and thank you for picking up my issue! To answer your question, yes that was setup as part of the Windows 8.1 hardening i did earlier last year. All the lower-case entries matched the entries.

  Not sure if this would help but I figured i'd put it here: I was reviewing the firewall logs around the time I received the email since the current log didn't have it. I then went to the C:\Windows\System32\LogFiles\Firewall and looked at the old one. at first I wasn't able to access it(i log-in with limited access and needs to UAT for any admin-related access) and noticed there is a user with full control with '?' right next to it to both the current firewall log and the old one. User id is S-1-5-32-556. 

 Quick google search says this should be harmless. 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 17 September 2016 - 06:15 PM

Greetings and thank you for letting me know of the delay. Not a problem at all.

Regarding BTServer.exe, the file is clean. I don't consider ClamAV to be a reliable source.

When you are able, please do this.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\SoftwarePolicy\softwarepolicystart.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\...\MountPoints2: {61a7e53a-c24f-11e4-8257-806e6f6e6963} - "E:\Startup.exe" 
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\...\MountPoints2: {61a7e53a-c24f-11e4-8257-806e6f6e6963} - "E:\Startup.exe" 
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKLM-x32\...\Mozilla Firefox 42.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKLM-x32\...\Mozilla Firefox 42.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => not found
Folder: C:\Users\user02\AppData\Local\KADOKAWA
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 17 September 2016 - 07:08 PM

As per requested

 

VirusTotal link:  https://www.virustotal.com/en/file/58ee558f564fd17d1701c34403e0469a7c38cbc7b6315fd524ca76750b5ecdc5/analysis/1474156400/

 

 

FRST Result:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by user01 (17-09-2016 19:57:01) Run:1
Running from C:\Users\user02\Documents\frst
Loaded Profiles: user01 & user02 (Available Profiles: user01 & user02)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\...\MountPoints2: {61a7e53a-c24f-11e4-8257-806e6f6e6963} - "E:\Startup.exe" 
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\...\MountPoints2: {61a7e53a-c24f-11e4-8257-806e6f6e6963} - "E:\Startup.exe" 
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3426533655-1647404870-3214638991-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKLM-x32\...\Mozilla Firefox 42.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKLM-x32\...\Mozilla Firefox 42.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => not found
Folder: C:\Users\user02\AppData\Local\KADOKAWA
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61a7e53a-c24f-11e4-8257-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{61a7e53a-c24f-11e4-8257-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61a7e53a-c24f-11e4-8257-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{61a7e53a-c24f-11e4-8257-806e6f6e6963} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck => value removed successfully
HKLM\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3426533655-1647404870-3214638991-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3426533655-1647404870-3214638991-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Mozilla Firefox 42.0\Extensions\\Components => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Mozilla Firefox 42.0\Extensions\\Plugins => value removed successfully
 
========================= Folder: C:\Users\user02\AppData\Local\KADOKAWA ========================
 
2016-08-21 19:49 - 2016-08-21 20:22 - 0000000 ____D () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV
2016-08-21 19:49 - 2016-08-21 19:49 - 0040960 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\Web Data
2016-08-21 19:49 - 2016-08-21 19:49 - 0000512 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\Web Data-journal
2016-08-21 19:49 - 2016-08-21 19:49 - 0000000 ____D () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache
2016-08-21 19:49 - 2016-08-21 20:22 - 0045056 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_0
2016-08-21 19:49 - 2016-08-21 20:22 - 0270336 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_1
2016-08-21 19:49 - 2016-08-21 19:49 - 0008192 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_2
2016-08-21 19:49 - 2016-08-21 20:22 - 4202496 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_3
2016-08-21 19:49 - 2016-08-21 19:49 - 0262512 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\index
 
====== End of Folder: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 19:57:36 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 17 September 2016 - 08:01 PM

Thank you.

Do you use SoftwarePolicy?

-----

Do these entries look familiar to you?
 

2016-08-21 19:49 - 2016-08-21 20:22 - 0000000 ____D () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV
2016-08-21 19:49 - 2016-08-21 19:49 - 0040960 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\Web Data
2016-08-21 19:49 - 2016-08-21 19:49 - 0000512 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\Web Data-journal
2016-08-21 19:49 - 2016-08-21 19:49 - 0000000 ____D () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache
2016-08-21 19:49 - 2016-08-21 20:22 - 0045056 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_0
2016-08-21 19:49 - 2016-08-21 20:22 - 0270336 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_1
2016-08-21 19:49 - 2016-08-21 19:49 - 0008192 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_2
2016-08-21 19:49 - 2016-08-21 20:22 - 4202496 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\data_3
2016-08-21 19:49 - 2016-08-21 19:49 - 0262512 _____ () C:\Users\user02\AppData\Local\KADOKAWA\RPGMV\GPUCache\index


-----

Did TWC provide any specific information in their Botnet notification? Any recent warnings from TWC?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 18 September 2016 - 06:55 AM

yes; i use that softwarepolicy.

 

Those entries do not look familiar to me. I don't remember ever buying RPG Maker from Steam. 

 

TWC didn't provide any specific information; it just stated twc detected signs of botnet traffic being transmitted from a device connected to the cable modem. It just came in my inbox 12:08PM 4 days ago. I haven't received any TWC warnings recently. I have the ps4 and the tv also connected to the modem so i've been disconnecting all-except-one every night to see if i would get the twc email again but I haven't.


Edited by user001, 18 September 2016 - 08:40 AM.


#9 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 18 September 2016 - 09:04 AM

Update:

  I've checked my event viewer log around both time frame: the day I received the email from my isp and the time that KADOKAWA directory was created and nothing out of the ordinary in the log. Windows firewall log unfortunately overwrites entry so I can't see anything on both dates. I've checked each of those files in virustotal.com and it didn't report anything.

  After the scan, i opened that 'Web data' file via Notepad and found 2 entries at the end of the file. I'll pm u the entry.

 

This is going to be my last post until i get back Thursday.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 18 September 2016 - 01:34 PM

Thank you for the information. Upon your return please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\Users\user02\AppData\Local\KADOKAWA
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 22 September 2016 - 09:01 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 22 September 2016 - 12:46 PM

I'll do those steps and post logs when I'm back in the states. Please hold.
Thx

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 22 September 2016 - 02:41 PM

OK thanks for the update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 user001

user001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 23 September 2016 - 01:27 AM

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by user01 (22-09-2016 21:48:51) Run:2
Running from C:\Users\user02\Documents\frst
Loaded Profiles: user01 & user02 (Available Profiles: user01 & user02)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\user02\AppData\Local\KADOKAWA
emptytemp:
*****************
 
C:\Users\user02\AppData\Local\KADOKAWA => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19151675 B
Java, Flash, Steam htmlcache => 27342574 B
Windows/system/drivers => 21487285 B
Edge => 0 B
Chrome => 9537031 B
Firefox => 29329207 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 12806860 B
NetworkService => 33122 B
user01 => 288154009 B
user02 => 205839209 B
 
RecycleBin => 144632 B
EmptyTemp: => 593.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:49:06 ====
 
ESET log:

C:\Program Files (x86)\br\windows-movie-maker.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting
C:\Users\user02\Downloads\hitfilm-4-express.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting
 
Security Check Log:

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Firefox (42.0) 
 Google Chrome (51.0.2704.103) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
  I uninstalled that hitman-4-express program last week. 
I've also contacted my isp to get more info and all they could tell me was their tool detected it on 09/11/16 10:57 GMT. I have searched all the files under c:\ with a 09/11 Date Modified and it found 184 entries. It was mostly battlenet logs/chrome logs; nothing unusual. I can list those if you want.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:52 AM

Posted 23 September 2016 - 08:30 AM

Thank you for the reply and information.

No need to see that additional information. Have you had any recent notifications? Your computer is clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users