Inactive-A Slowly losing access to system admin privileges, maybe a rootkit, as it's rewritten my entire window

Status
Not open for further replies.
I also forgot to mention, earlier, it made me restart, before running MWB, which I thought was odd, but am thinking maybe that's why no findings. This was another report from that same program a week ago, or so, and it quarantined a few things

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/20/17
Scan Time: 9:01 AM
Log File: malware bytes quar.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2405
License: Trial

-System Information-
OS: Windows 10 (Build 15063.483)
CPU: x64
File System: NTFS
User: AIRWORX2-PC\AIRWORX 2

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1127516
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 13 hr, 25 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.MarketScore, HKU\S-1-5-21-2671885098-678752524-1400920573-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}, Quarantined, [10918], [165126],1.0.2405
PUP.Optional.ASK, HKU\S-1-5-21-2671885098-678752524-1400920573-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ask.com, Quarantined, [547], [391322],1.0.2405

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
Don't worry about MBAM misreading your Windows version.

I don't really see much there.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Good morning. I'm thinking we may have false negatives, lol. Only b/c maybe eset (my main virus protection) is quarantining the items. Even when Kasp or MWB were running actively, and located attacks, for some reason, Eset stepped in and removed them.

The requested scans are completed, and I'm going to post some from Eset, so you can see. SInce this whole thing began, a while ago, I've progressively lost access to regular files and folders on PC, Network is almost impossible to do anything with. I.e. I have a cloud drive, I can no longer access from any of the pc's on the network, also, my garage door opener has a app, and cannot open via that anymore either.

Majority of windows admin items, I.e. device mgr, add hardware, cmd prompt, etc... are either unavailable or I really have to jump through some hoops to even get them to open, and lately, the ones I can open, simply do nothing upon me requesting action of the program.

Keeping in mind, I have set up no partitions in hard drives, I should have C drive D drive, then a few external hard drives as backups. (Dock, or cable and one cloud I mentioned earlier)

My upgrade to Windows 10 was back in 2015, and viewing the system reports it seems as though I've done it recently.

I still have no access to the POS Software I use, it's a mySql database driven program, it will not connect anymore.

As far as users on the system, what ever this is creates new users, and credentials almost daily. I have AIRWORX 2 and AIRWORXAZ that's it, the others like user10, user9, etc.. weren't created by myself.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by AIRWORX 2 (administrator) on AIRWORX2-PC (23-08-2017 05:26:30)
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & airwo & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(DigiData Corp.) C:\Program Files (x86)\Cox\Drag and Drop Backup\vewatch.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM\...\Policies\Explorer: [0] 0
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\MountPoints2: {2d9e978b-43d2-11e6-bec8-78e3b588cafb} - "G:\VerizonSWUpgradeAssistantLauncher.exe"
Startup: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk [2017-08-18]
ShortcutTarget: Seagate Product Registration.lnk -> C:\Users\AIRWORX 2\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{d9ff143d-a6fe-4d5a-b3c0-c2abdb37d13c}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1499697116239
DPF: HKLM-x32 {D66F9BB1-7D8E-4A96-9166-20FCC91CBFE9} hxxp://99.7.214.118/FDSH_DVR.CAB
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3563

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-26] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 10
CHR StartupUrls: Profile 10 -> "hxxps://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/","hxxps://www.google.com/","hxxps://productforums.google.com/forum/#!topic/chrome/KobCsRA5DC4"
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-28]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10 [2017-08-23]
CHR Extension: (Google Slides) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28]
CHR Extension: (Google Docs) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Google Sheets) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-28]
 
==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AppHostSvc; C:\WINDOWS\system32\inetsrv\apphostsvc.dll [64512 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AppHostSvc; C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll [56832 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [120320 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [138752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [585216 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2804736 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [625152 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1357824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [111616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BFE; C:\WINDOWS\System32\bfe.dll [815616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\System32\qmgr.dll [1159680 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [847872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 Browser; C:\WINDOWS\System32\browser.dll [133120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [431616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\WINDOWS\system32\bthserv.dll [154112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [970240 2017-07-14] (Microsoft Corporation) [File not signed]
S2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [489984 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [455168 2017-03-18] (Microsoft Corporation) [File not signed]
R3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [304128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [86528 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [2516480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [536064 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [394240 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [55296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [282624 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1305088 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DPS; C:\WINDOWS\system32\dps.dll [168448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [233984 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [149504 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [108032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EFS; C:\WINDOWS\system32\efssvc.dll [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-08-09] (ESET)
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [149504 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33464 2016-11-08] (Microsoft Corporation)
S3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [301056 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1737216 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\system32\es.dll [452096 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [331776 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121856 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1888256 2017-07-14] (Microsoft Corporation) [File not signed]
S4 FrameServer; C:\WINDOWS\system32\FrameServer.dll [600064 2017-07-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1269248 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [34304 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [269312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [463360 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [396288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [210432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [934912 2017-03-18] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [996864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [93696 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [303616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [272384 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [43520 2017-03-18] (Microsoft Corporation) [File not signed]
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [268800 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LSM; C:\WINDOWS\System32\lsm.dll [706048 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MapsBroker; C:\WINDOWS\System32\moshost.dll [90624 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [51712 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [972288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [8933 2017-08-07] () [File not signed]
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [334848 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [777216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [665600 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [253440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [261632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [491520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [1046016 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [30720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [342528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
S4 p2psvc; C:\WINDOWS\system32\p2psvc.dll [421376 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [772096 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [182272 2017-03-18] (Microsoft Corporation) [File not signed]
R3 pla; C:\WINDOWS\system32\pla.dll [1462272 2017-03-18] (Microsoft Corporation) [File not signed]
R3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [458240 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Power; C:\WINDOWS\system32\umpo.dll [148480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [413696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [278016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [239104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [873472 2017-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [490496 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [406528 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [154624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [647168 2017-07-14] (Microsoft Corporation) [File not signed]
R3 RmSvc; C:\WINDOWS\System32\RMapi.dll [152576 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [77824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250368 2017-07-14] (Microsoft Corporation) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [200192 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [145920 2017-03-18] (Microsoft Corporation) [File not signed]
R3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorService; C:\WINDOWS\system32\SensorService.dll [548864 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [205824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [337408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [537600 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [612864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564224 2017-03-18] (Microsoft Corporation) [File not signed]
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [192512 2017-07-14] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2017-03-18] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [582656 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [208384 2017-03-18] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [634368 2017-03-18] (Microsoft Corporation) [File not signed]
R3 StorSvc; C:\WINDOWS\system32\storsvc.dll [750080 2017-07-14] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 swprv; C:\WINDOWS\System32\swprv.dll [460800 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [972800 2017-07-14] (Microsoft Corporation) [File not signed]
R2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [292352 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [147456 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [306688 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TermService; C:\WINDOWS\System32\termsrv.dll [992256 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [632832 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [165888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1054208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [799232 2017-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [121344 2017-03-18] (Microsoft Corporation) [File not signed]
S4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95744 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [274944 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1177600 2017-07-14] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [969728 2017-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [432128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [325120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1628672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UsoSvc; C:\WINDOWS\system32\usocore.dll [681984 2017-07-14] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [346624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [82432 2017-07-14] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [428032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\system32\inetsrv\iisw3adm.dll [559104 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [497664 2017-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1528832 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [942592 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [802816 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [463872 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [224256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [196608 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [202752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [176640 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [555008 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-14] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [221696 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2757120 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2354688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wisvc; C:\WINDOWS\system32\flightsettings.dll [699904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2425856 2017-03-18] (Microsoft Corporation) [File not signed]
R3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2155008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [199168 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1177088 2017-03-17] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [86016 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [276480 2017-03-18] (Microsoft Corporation) [File not signed]
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [72704 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [208896 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-07-14] (Microsoft Corporation) [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2444288 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1396224 2017-07-14] (Microsoft Corporation) [File not signed]
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1013248 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1135104 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008 2017-07-14] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [238080 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [20480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14848 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
R1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [176640 2017-03-18] (Microsoft Corporation) [File not signed]
R3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [172544 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-03-18] (Qualcomm Atheros Communications, Inc.) [File not signed]
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [35840 2017-07-14] (Microsoft Corporation) [File not signed]
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2017-03-18] (Windows (R) Win 7 DDK provider) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
R3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
S3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [32256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [122880 2017-03-18] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [93184 2017-03-18] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [160256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [49152 2017-03-18] (Microsoft Corporation) [File not signed]
S2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 clreg; C:\WINDOWS\System32\drivers\registry.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [30208 2017-03-18] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [150528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-08-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET)
S3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-08-14] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-03-09] (ESET)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2017-08-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [347136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32768 2017-03-18] (Microsoft Corporation) [File not signed]
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [54272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [21504 2017-03-18] (Microsoft Corporation) [File not signed]
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HdAudAddService; C:\WINDOWS\system32\DRIVERS\HdAudio.sys [416256 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [86528 2017-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [106496 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [52224 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [40960 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [115200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2017-03-18] (Intel(R) Corporation) [File not signed]
S3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2017-03-18] (Intel(R) Corporation) [File not signed]
S3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2017-03-18] (Intel Corporation) [File not signed]
S3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [193536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [87040 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [214528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19968 2017-03-18] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [23040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [27136 2017-07-14] (Microsoft Corporation) [File not signed]
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2017-03-18] (Qualcomm Atheros Co., Ltd.) [File not signed]
R2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
R2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [124928 2017-03-18] (Microsoft Corporation) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-22] (Malwarebytes)
R2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2017-03-18] (Microsoft Corporation) [File not signed]
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [33280 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [76800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [144384 2017-03-18] (Microsoft Corporation) [File not signed]
S4 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [285696 2017-07-14] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [115712 2017-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2017-03-18] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [32768 2017-07-14] (Microsoft Corporation) [File not signed]
R2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [83456 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [549888 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [128512 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [65536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [62464 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [127488 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2014-06-10] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [305152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [118784 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-01-08] (CACE Technologies, Inc.)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [69120 2017-03-18] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 nvdimmn; C:\WINDOWS\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [741376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [172032 2017-03-18] (Microsoft Corporation) [File not signed]
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [91976 2017-08-23] (Sysinternals - www.sysinternals.com)
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [49664 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [108544 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [107008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [183296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [82432 2017-03-18] (Microsoft Corporation) [File not signed]
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2016-10-27] (Realsil Semiconductor Corporation)
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [26112 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Serial; C:\WINDOWS\System32\drivers\serial.sys [84480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [414208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [722944 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [255488 2017-03-18] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (IDT, Inc.) [File not signed]
S3 StillCam; C:\WINDOWS\system32\DRIVERS\serscan.sys [13312 2017-03-18] (Microsoft Corporation) [File not signed]
R2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64512 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-17] ()
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [61440 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [162304 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [179200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2017-03-18] (Microsoft Corporation) [File not signed]
S4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [324096 2017-03-18] (Microsoft Corporation) [File not signed]
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [57856 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [103424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [71680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2016-03-03] (Acronis)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [77312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\WINDOWS\System32\drivers\vwifimp.sys [41472 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [72192 2017-03-18] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [757248 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [90112 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [23552 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [100864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [277504 2017-07-14] (Microsoft Corporation) [File not signed]
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]
 
========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys AAB860A5E606B9621E130D8C29D3F305
C:\WINDOWS\System32\drivers\3ware.sys 4140B14929C555E9513D59A2EEB5C471
C:\WINDOWS\System32\drivers\ACPI.sys D3DB4E3C096EFF74FB6E73E37CB66DD7
C:\WINDOWS\System32\drivers\AcpiDev.sys 3E5E5DAE5CAEC0209C93D3AD8128D8A0
C:\WINDOWS\System32\Drivers\acpiex.sys F72D7CC7E7A97A09757313F3B4C7E17A
C:\WINDOWS\System32\drivers\acpipagr.sys F04B6F53FBDB2B6B0451AE53DE19F0C9
C:\WINDOWS\System32\drivers\acpipmi.sys C347A6095F3BE417D24F1E1349F4AF0F
C:\WINDOWS\System32\drivers\acpitime.sys 686BFFC47454DD2F58795C2EE891CA9F
C:\WINDOWS\System32\drivers\ADP80XX.SYS FBDA59118E59B3722248C66BAD89CAA9
C:\WINDOWS\system32\drivers\afd.sys AC1928C2F7505BD556C552F153B062AB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 1D914C996F2C3134E2344BB74F79BCF6
C:\WINDOWS\System32\drivers\amdk8.sys 9C39FBA94FFEF04561D13ED0D1B50DD0
C:\WINDOWS\system32\DRIVERS\atikmdag.sys F992CE57F4D2A2F988135A1F87337EBC
C:\WINDOWS\system32\DRIVERS\atikmpag.sys 17BA5C907E14947574CBB788F4CEB85F
C:\WINDOWS\System32\drivers\amdppm.sys 395D56FA2E22A10AE4774440D086F559
C:\WINDOWS\System32\drivers\amdsata.sys EB729A9ADCB9F9C406B533F95E2F67D4
C:\WINDOWS\System32\drivers\amdsbs.sys 3B5C5C696F33FE61F1922533B03B9316
C:\WINDOWS\System32\drivers\amdxata.sys A7D45A303FF8A9493C96C4B804051E6E
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\WINDOWS\System32\drivers\appid.sys 5180537517C27375B1F2CB37ED599FAF
C:\WINDOWS\System32\drivers\applockerfltr.sys EAF36A714E16A69B8B4ED7591CBA77B6
C:\WINDOWS\System32\drivers\arcsas.sys 6E456A94B9BD7F6B4758729BCEDE40C3
C:\WINDOWS\System32\drivers\asyncmac.sys 766F3A7E42AFCF74265FAC78987D1665
C:\WINDOWS\System32\drivers\atapi.sys 01733BEEE02E51F712330D5909BD701C
C:\WINDOWS\System32\drivers\athw8x.sys 835E2C1A3D32492E2B90BD4FE5527CB6
C:\WINDOWS\System32\drivers\bxvbda.sys 0914A5E66C0775CE11960452A6434FEC
C:\WINDOWS\System32\drivers\BasicDisplay.sys F8129321B1874D4386F7FEB754BC3380
C:\WINDOWS\System32\drivers\BasicRender.sys E2BFD01BD0ECF2BDE9420022147952A4
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys ED03D2ACE378C9EB8BB957ABBD85B951
C:\WINDOWS\System32\DRIVERS\bowser.sys 2342B8619193B0D9FAC0D02C69DCE74A
C:\WINDOWS\system32\DRIVERS\BrSerIb.sys 63A00CDBEB300522C49EC7CA77324060
C:\WINDOWS\system32\DRIVERS\BrSerId.sys 4882F0042EE18681D26294535DE4E1BD
C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys ==> MD5 is legit
C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys BBCFD6C6EF66449F55AF1BFDB08C9B12
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys AF57F0B0E284BE06860A7B701341324D
C:\WINDOWS\System32\drivers\bthhfenum.sys 729CC10B1658178F0F009FE0E9159281
C:\WINDOWS\System32\drivers\BthHFHid.sys 336A9C0254A0178ED50281B6EDF5B836
C:\WINDOWS\System32\drivers\bthmodem.sys 5428242193611BF91DDBF4F58900A55A
C:\WINDOWS\System32\drivers\buttonconverter.sys 102CAA11BA89290D48FBFD2E04274BA0
C:\WINDOWS\System32\drivers\CAD.sys 029434AC0A3935F9125ABBD08BF7C30B
C:\WINDOWS\System32\drivers\capimg.sys 307AE8BC9B45772DA02FB952A1D86C35
C:\WINDOWS\System32\DRIVERS\cdfs.sys B6E5AD7C83A5254DEE9D86023C0E5A81
C:\WINDOWS\System32\drivers\cdrom.sys ABE77AD954BC3D72F559CF0C381E50BC
C:\WINDOWS\System32\drivers\cht4sx64.sys 05EA22CFC40EDE05BF6E3BC782E5204C
C:\WINDOWS\System32\drivers\cht4vx64.sys 863E1C9F6750446DFB9EDCAEC3531367
C:\WINDOWS\System32\drivers\circlass.sys 3E416539352B007AD0610BF34AC15D31
C:\WINDOWS\System32\drivers\cldflt.sys 616E1ED94FA7F96D429D985FDB203D2E
C:\WINDOWS\System32\drivers\CLFS.sys 1BF9D74451B8AF166105E28F1D7A5C27
C:\WINDOWS\System32\drivers\registry.sys 5118CFC33BBB51C7E3ED441B7085AD26
C:\WINDOWS\System32\drivers\CmBatt.sys 232F3A3AC3A2FB32C5C46503A6517073
C:\WINDOWS\System32\Drivers\cng.sys 3413CE81E02C091F33C4C3DD3071630F
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys E1BFF774FF67CA951A5DFF0E104FB132
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys DFDAEDB857BC18764F0D8ECDCC3C1499
C:\WINDOWS\System32\drivers\condrv.sys 04532711732BE9DBC364E88E4A9EC18A
C:\WINDOWS\System32\drivers\dam.sys F51953EC4B9AACD92A3B3CE66E05CEF4
C:\WINDOWS\System32\Drivers\dfsc.sys 185A4519B7764F4DEF714D890A7A9FD2
C:\WINDOWS\System32\drivers\disk.sys 1203EA16F36C5BEB2509FB7CC03DC178
C:\WINDOWS\System32\drivers\dmvsc.sys 038B8B76284BC291EC75B005BB3EB13F
C:\WINDOWS\system32\DRIVERS\drmkaud.sys 3D934A1C02EB6979CF45C70A71F580EC
C:\WINDOWS\System32\drivers\dxgkrnl.sys D2D4095909DD26445139EC9B7C86DA5D
C:\WINDOWS\System32\DRIVERS\eamonm.sys D0962F573C72FD59BB3FC6F2829AB65E
C:\WINDOWS\System32\drivers\evbda.sys D64CD3AE93125EDA383190C2AF607E70
C:\WINDOWS\System32\DRIVERS\edevmon.sys 72353F0A92CDA8451FFA0B05257D6A7A
C:\WINDOWS\System32\DRIVERS\eelam.sys ED9A634DBA39221A2D8D57BED5173E87
C:\WINDOWS\SysWOW64\drivers\efavdrv.sys 7D300A43A7BD8769E0F901BF9E1AE367
C:\WINDOWS\system32\DRIVERS\ehdrv.sys 44A43B00191FAE1AFC8C6589041ABF26
C:\WINDOWS\System32\drivers\EhStorClass.sys FFBB37982E6D24AEC7A2E5459098EAC9
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys ABF38D02E01D6ED87AE1DF65FC5DF62D
C:\WINDOWS\system32\DRIVERS\ekbdflt.sys A745F6769CDC98DF7E89B8FE8A6C1F86
C:\WINDOWS\system32\DRIVERS\epfw.sys 3D2CC73713E18E82B3B7BE3A64487BD2
C:\WINDOWS\system32\DRIVERS\epfwwfp.sys E896BFAEDA9AF51D9C9A310DBC673CC0
C:\WINDOWS\System32\drivers\errdev.sys B9A59B4AD516E38C39FA416398B96CCB
C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys 926B2B7400E15FFA9630170C1B26E1AC
C:\WINDOWS\system32\drivers\mbae64.sys 5C9CA030C451CB3553DB9094C68EE6E9
C:\Windows\System32\Drivers\exfat.sys 9C4D88E8614487AD85A6F18A71A7298F
C:\Windows\System32\Drivers\fastfat.sys C61014A176ECAAF97589E6FC979CE786
C:\WINDOWS\System32\drivers\fdc.sys 853081957BA148F38FD8DE4390CFCF4A
C:\WINDOWS\System32\drivers\filecrypt.sys 27E764D6460504B7271AFECE7A59FB76
C:\WINDOWS\System32\drivers\fileinfo.sys 3D6087F51110F3CC0DA89385354F8C5E
C:\WINDOWS\System32\drivers\filetrace.sys 057E95E53C38260C4EF49B3A077770CD
C:\WINDOWS\System32\drivers\flpydisk.sys 90B2983D8495C26345A1DC5F0C3BB07B
C:\WINDOWS\System32\drivers\fltmgr.sys A84261F75F490E45CFEDBA77EFE4F67E
C:\WINDOWS\System32\drivers\FsDepends.sys D2814848206DFC18EB8D3D069FAE703E
C:\Windows\System32\Drivers\Fs_Rec.sys AE7EDF845F41ACA3B74567C3CE20E987
C:\WINDOWS\System32\DRIVERS\fvevol.sys FF0699483185CE3B4E1144DF19AC5E97
C:\WINDOWS\System32\drivers\vmgencounter.sys 4616F61E24B3AEA6E0E4EA7D69531EF4
C:\WINDOWS\System32\drivers\genericusbfn.sys 23174BB6937459B924BB8EF667FB28EF
C:\WINDOWS\System32\Drivers\msgpioclx.sys 4B11CFBE1D9B73A9D865F6AB26F800BA
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 3FC3FCF557D0BE3D724EA10642E1F6FF
C:\WINDOWS\system32\DRIVERS\HdAudio.sys BF14976E8223D334B21792FB8B74D7FF
C:\WINDOWS\System32\drivers\HDAudBus.sys 02B9639D9997E95CDF2F4C4F3BDCC73D
C:\WINDOWS\System32\drivers\HidBatt.sys 9F90819E301C70A3A042FC05D3E41B5F
C:\WINDOWS\System32\drivers\hidbth.sys 3CA3244C45B25F3B3ED9445C195E40EB
C:\WINDOWS\System32\drivers\hidi2c.sys 55DAF856F9633DD2519BA4E942870F02
C:\WINDOWS\System32\drivers\hidinterrupt.sys E34216A190D9BF8EAA666F6903BCD0EF
C:\WINDOWS\System32\drivers\hidir.sys 852DBB5185996AD8C73872A43A453729
C:\WINDOWS\System32\drivers\hidusb.sys C1A608120DE0DF52E51B8BAF86AF19F9
C:\WINDOWS\System32\drivers\HpSAMD.sys 8ADD9CA3E0F18CEA11EA6FAED794A228
C:\WINDOWS\System32\drivers\HTTP.sys BB1AE72906564A6E81B79D73A05AE21F
C:\WINDOWS\System32\drivers\hvservice.sys F60F8390B635156593F7493AE898AFB0
C:\WINDOWS\System32\drivers\hwpolicy.sys 563F5FC3B46A70A91AB6C8822AC8BF25
C:\WINDOWS\System32\drivers\hyperkbd.sys C082249BC3E972C8A132D9EC6AD9EAD5
C:\WINDOWS\System32\drivers\i8042prt.sys C6C8315E3262FAE460529C6DA2951682
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 42962355A7911407026E920E7252E3E5
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys BD47B2FEABFA48C6224D43EE9EA9BC06
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 2184CB3A65888F446FCD6DBA9F073F4C
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 4126F8DA08CE7924A3AE6F7235F85D5F
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys D820075D3395BED28FC57AEF8FBA666F
C:\WINDOWS\System32\drivers\iaStorV.sys A243E0CE8644378C9A9D015ABC3EDA27
C:\WINDOWS\System32\drivers\ibbus.sys E16E4FC9F250E48CB2CAD93E59D010E2
C:\WINDOWS\System32\drivers\IndirectKmd.sys 0E33BC018502E7FDE77C343055D9C626
C:\WINDOWS\System32\drivers\intelide.sys 4B7F8A1AAC7172DB6918A0E10E1D78A3
C:\WINDOWS\System32\drivers\intelpep.sys 0A3DBE89C965FFB7C0D0E38834E77B90
C:\WINDOWS\System32\drivers\intelppm.sys 64EC687A811DC4F69DF3816F073352AA
C:\WINDOWS\System32\drivers\iorate.sys 549C278119FF539C3B219C55B98B0E87
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys A0F9F2E87F0C751FE164D90EB44A9B63
C:\WINDOWS\System32\drivers\IPMIDrv.sys 656DDB34996A96539BA6E2843B5F2A77
C:\WINDOWS\System32\drivers\ipnat.sys DCC05E5EAA580C97F13B434FAFACED85
C:\WINDOWS\system32\drivers\irda.sys 9035C10C7EB8CF7C87CEA82A62EBB43A
C:\WINDOWS\System32\drivers\irenum.sys E7FD479E3298F3C8852A0D2F092BDB35
C:\WINDOWS\System32\drivers\isapnp.sys 7FE3B3A30FA20F27AF7022A01C2266BA
C:\WINDOWS\System32\drivers\msiscsi.sys B6BA01EA6B2CCCB90A6FDCFF68F4A992
C:\WINDOWS\System32\drivers\kbdclass.sys D36B404BF979297C6572AEF98B2594F2
C:\WINDOWS\System32\drivers\kbdhid.sys 7E2036A846789D6D6A2EE21915017EE1
C:\WINDOWS\System32\drivers\kdnic.sys 4C054B8E901F41F5743DADE8A29FF256
C:\WINDOWS\System32\Drivers\ksecdd.sys BA7A5838866618A4E82FBC05B8923605
C:\WINDOWS\System32\Drivers\ksecpkg.sys 6629CAA1F157088B9EDD1EAD24C6D753
C:\WINDOWS\system32\drivers\ksthunk.sys 9778205F28DC4F2EFFCC146647FE5CF0
C:\WINDOWS\System32\drivers\L1C63x64.sys 4E444F41E69BBE2E0BAE34D5DFCB5732
C:\WINDOWS\System32\drivers\lltdio.sys FC37745959DFA4871759E4DCC836227A
C:\WINDOWS\system32\drivers\LMIRfsDriver.sys C57D3FAA50E6F395759FFB7C709BD944
C:\WINDOWS\System32\drivers\lsi_sas.sys 16C9D4D822CCA795A72DC88B25A577CC
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 920F0CFCED5F28A31B79F1C470649D11
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 0FE63316F1C70A0F759A449FAC64C24B
C:\WINDOWS\System32\drivers\lsi_sss.sys 80E82C46B27A923A3744531069B63857
C:\WINDOWS\system32\drivers\luafv.sys 88F5570C04766EE561FF129B2F93030C
C:\WINDOWS\System32\drivers\mausbhost.sys C3EED732789052C98A2613A7E1C37CDA
C:\WINDOWS\System32\drivers\mausbip.sys 4DCE65116A28488593FF5A6A18B03DB0
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys C3549BE8C1FE4ECBEE21DAD3378F6CD0
C:\WINDOWS\System32\drivers\megasas.sys 0609BF877A2F4DEECC62EEE220AB6242
C:\WINDOWS\System32\drivers\MegaSas2i.sys EEC64C8D498D121607C7615FDFBEE4D0
C:\WINDOWS\System32\drivers\megasr.sys 2B7D3B206833D769218A1F4BE2D73B97
C:\WINDOWS\System32\drivers\mlx4_bus.sys 89257B8D3826B5629CF7F73F97DA44F9
C:\WINDOWS\system32\drivers\mmcss.sys 9AE3C0CC0865B1618A3C97744A6A9E9B
C:\WINDOWS\System32\drivers\modem.sys 0CD29540C32C2E2E0E3D7E9832752AF3
C:\WINDOWS\System32\drivers\monitor.sys 534477FCAFDFCA6B841BFA06BD26BCC5
C:\WINDOWS\System32\drivers\mouclass.sys F5D4E18A70BA069D479154442CDEB60D
C:\WINDOWS\System32\drivers\mouhid.sys 5C09868963B0C076AC3BC7759A46B7B1
C:\WINDOWS\System32\drivers\mountmgr.sys 8BF7039787036529B98E50AE86A0E46B
C:\WINDOWS\System32\drivers\mpsdrv.sys AD118EC95E9EF4D5223D681D8F183567
C:\WINDOWS\system32\drivers\mrxdav.sys D14C297933C82B8CB0B5CBBA4DDC830B
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys F2AD1B72C5A6475FB5FF332E1980DF88
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 84700F40C0E41AEA91F8F3D6218A8A68
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys B855479BA6A74349CEF8061808C90201
C:\WINDOWS\System32\drivers\bridge.sys 670E6CFDA70C106342C0D63D014B6822
C:\Windows\System32\Drivers\Msfs.sys 92C00BD9616F353CA59A755C33269757
C:\WINDOWS\System32\drivers\msgpiowin32.sys F27EC8F7A0A779276E5DA2E70C2B01EE
C:\WINDOWS\System32\drivers\mshidkmdf.sys CBA955A54C9446CAAD28C76789D3B071
C:\WINDOWS\System32\drivers\mshidumdf.sys E8E568EF60677E4534F387C53EE1B35F
C:\WINDOWS\System32\drivers\msisadrv.sys 16376B7B0730C04DD1A2C0CC8E09E420
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys C2939119A17E52D74191EFC1E4CDEE09
C:\WINDOWS\System32\drivers\mslldp.sys E40B960078A15D4901265D32E071C42D
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys B4860AB91DC4E73936F0FF504D6B4B07
C:\WINDOWS\system32\DRIVERS\MSPQM.sys 8EDC45C3F7F64A51C98B59E24648F74B
C:\Windows\System32\Drivers\MsRPC.sys 7DA5FAC2A49D30CA5B7B96B8B26281AC
C:\WINDOWS\System32\drivers\mssmbios.sys 7E3365C8BC83DCE88D6226BB5C7170C4
C:\WINDOWS\system32\DRIVERS\MSTEE.sys 09D51564E49181E9928910D6B91C920E
C:\WINDOWS\System32\drivers\MTConfig.sys 793AE56A3946EAD5F906C28D294FEFE6
C:\WINDOWS\System32\Drivers\mup.sys E35F51C7474A26680627477462715206
C:\WINDOWS\System32\drivers\mvumis.sys 74BD1149BF50F1E24934042A3BD17C90
C:\WINDOWS\System32\DRIVERS\nwifi.sys 39C772E20B8C61858F969E4D60699D89
C:\WINDOWS\System32\drivers\ndfltr.sys 0FFE8AF1B94C5FD54E6ACC6DAE990D31
C:\WINDOWS\System32\drivers\ndis.sys 59F3D5FEF4A24871C07C279762DA8624
C:\WINDOWS\System32\drivers\ndiscap.sys 4EA73CFDEE4A628D387D95464A131F29
C:\WINDOWS\System32\drivers\NdisImPlatform.sys EB127689AF6F24091AB73538A556257F
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 73B4C72FB6170A08C64BDA92DE93ECF7
C:\WINDOWS\System32\drivers\ndisuio.sys 6704F27EB15A5B30AA7FA5A4F4D1FD47
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys FE87CCAA89433FC306A80F15E848F4B2
C:\WINDOWS\System32\drivers\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\NDProxy.sys AC6AC99075732F5C29DB0004DD5B1AC6
C:\WINDOWS\System32\drivers\Ndu.sys 9AC090451D92E6081EB89CDA83D74189
C:\WINDOWS\system32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A115DDB2C7805C41EEC9A5276FF5764E
C:\WINDOWS\System32\drivers\netbios.sys F420B6CAB5151A38E4DBBFFB500C11DA
C:\WINDOWS\System32\DRIVERS\netbt.sys 30C2F67EC84EB11B22011620107E0325
C:\WINDOWS\System32\drivers\netvsc.sys 8C03F2F5A9E93AEB08B3AEE51552394A
C:\WINDOWS\system32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys 6D8F6A9C53CFB0C49E8251A442B7283F
C:\WINDOWS\System32\drivers\npsvctrig.sys BABF7E1757D6908941C9F9CBD66A5EF0
C:\WINDOWS\System32\drivers\nsiproxy.sys 7A6BA778B48DF9FB7AC231D4FF6E3248
C:\Windows\System32\Drivers\NTFS.sys 8D72D5038C5F91AFEF1B160FE524C2D9
C:\Windows\System32\Drivers\Null.sys 4FFB2D5655D10700D5B8E205C4DB86BD
C:\WINDOWS\System32\drivers\nvdimmn.sys 99EB6376EC2C03CE5F668577651E3454
C:\WINDOWS\System32\drivers\nvraid.sys 3DB2E9E207358BFBD09B77B5119ECA5B
C:\WINDOWS\System32\drivers\nvstor.sys 4C04BFBD4DB2EECCC47F5FA39D65BB6E
C:\WINDOWS\System32\drivers\parport.sys 2CC6C325B271C7CA60F374F8F868CB45
C:\WINDOWS\System32\drivers\partmgr.sys 664B7DDEE982ADF5EAB480C75B9F6218
C:\WINDOWS\System32\drivers\pci.sys C5B74C6D87E77BC64DEBD1BF57DEB375
C:\WINDOWS\System32\drivers\pciide.sys CFB85CB7A6F6926EA0EB96EDFB3C8A91
C:\WINDOWS\System32\drivers\pcmcia.sys 13B7D84B397A90E82682C47A15C3A98D
C:\WINDOWS\System32\drivers\pcw.sys 76EA512FD9D4673CF7A57775EE8922E2
C:\WINDOWS\System32\drivers\pdc.sys 10E48E45A03A7F4C2B7C11738BE87816
C:\WINDOWS\System32\drivers\peauth.sys 4F190BA3C9BD2F0277BCBF480F396091
C:\WINDOWS\System32\drivers\percsas2i.sys FE52FF97A094609429FEF098EDC6FB08
C:\WINDOWS\System32\drivers\percsas3i.sys FCA143274792F12383C35902E801E83A
C:\WINDOWS\System32\drivers\pmem.sys 414CA4DCC31D795882B25ADC1DACE779
C:\WINDOWS\System32\drivers\raspptp.sys D292D7FADCEE481CC64A9DE8FE9C3347
C:\WINDOWS\System32\drivers\processr.sys D57CF871B3977731A91FE9611A54C7C1
C:\WINDOWS\System32\drivers\pacer.sys B60431D2A046AD97F8427F6E568370F5
C:\WINDOWS\system32\drivers\qwavedrv.sys A2B0F46FBA2521E7E732BDBDB1238515
C:\WINDOWS\System32\DRIVERS\rasacd.sys EA9EB06EFC325CD2ACF5DF2F26A4894E
C:\WINDOWS\System32\drivers\AgileVpn.sys 4E9379389D0A851DD19D130C8FAEFBD0
C:\WINDOWS\System32\drivers\rasl2tp.sys 5279EC98F6218D29EADDFECCC0D80E9A
C:\WINDOWS\System32\DRIVERS\raspppoe.sys D7FF75ED7A48FD60A573C9E959CF4DB5
C:\WINDOWS\System32\drivers\rassstp.sys 6A4E45A7F17FA0B4B1B48C550E311944
C:\WINDOWS\System32\DRIVERS\rdbss.sys F2C575A9657F7B2E027C6CE7BC8F1A2D
C:\WINDOWS\System32\drivers\rdpbus.sys 9414B22E093243636D362BF8C8C12A67
C:\WINDOWS\System32\drivers\rdpdr.sys 53A01D3FDB701AC5D9DDE4140227E3D9
C:\WINDOWS\System32\drivers\rdpvideominiport.sys DF32ED51DC0C3F6F3B1C4CEF71B8B426
C:\WINDOWS\System32\drivers\rdyboost.sys 2369A5B651308E0C3458143976E9B03B
C:\Windows\System32\Drivers\ReFS.sys 3581FB9529035F8EC6DB681664CA70B1
C:\Windows\System32\Drivers\ReFSv1.sys 79E1ADE19D8B7C56EF29D098EAF57AD0
C:\WINDOWS\System32\drivers\rspndr.sys E87EECED9287C275B6CF30EB598B1D77
C:\WINDOWS\system32\Drivers\RtsUer.sys AB959F26FBB851A9D31E2F229DB3FA1A
C:\WINDOWS\System32\drivers\vms3cap.sys 6308366D3CDEA5F427CFF4BCF0081B4E
C:\WINDOWS\System32\drivers\sbp2port.sys 33B2DC5C2F19DA89F862484E23D9833D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 5CFEEFCC6FAD1FD09ACCFBD652DDD85B
C:\WINDOWS\System32\drivers\scmbus.sys 5C8620FAC0E3C1658C8EF7AD7BB7EA5F
C:\WINDOWS\System32\drivers\sdbus.sys 71A494A502F24465317E88E80F6C0C2C
C:\WINDOWS\System32\drivers\SDFRd.sys 464B615872981015AC4FEEBDEA83A063
C:\WINDOWS\System32\drivers\sdstor.sys 6BC219F1D9CDE08CEB9084ADB41FBA01
C:\WINDOWS\System32\drivers\SerCx.sys 585329F62195A4B7AAD0A95F6EC89751
C:\WINDOWS\System32\drivers\SerCx2.sys C8F4FDA8B3D039D7947344614FF5BFB2
C:\WINDOWS\System32\drivers\serenum.sys E5B450E4E0DC1591254BF9CCF6C57B40
C:\WINDOWS\System32\drivers\serial.sys 628D8DD136F92316BFEB58FA005338B7
C:\WINDOWS\System32\drivers\sermouse.sys E5BA0B7353ADC5C95AB466D2E4DC89B1
C:\WINDOWS\System32\drivers\sfloppy.sys 15CFCC4692DA8887B977CE5FC5181084
C:\WINDOWS\System32\drivers\SiSRaid2.sys 2339F6B45E1D863B1D327F3AFD75A675
C:\WINDOWS\System32\drivers\sisraid4.sys F520D50AD7266ED31D25DF4C8EA6BC2D
C:\WINDOWS\System32\DRIVERS\snapman.sys 32CDE417100C530964E79C53B4E994CA
C:\WINDOWS\System32\drivers\spaceport.sys 2334ED0B61CAE7E7B1B454674206CDAC
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys F3F0B8CAC1F3E6C3382EAFCE762475AD
C:\WINDOWS\System32\drivers\SpbCx.sys 83E82B0E292DCDE4C75B9241BF0FB300
C:\WINDOWS\System32\DRIVERS\srv.sys 36EAC4FE629FC036632F13EC14788FD1
C:\WINDOWS\System32\DRIVERS\srv2.sys A84B05C7C2A233497BE1D518A662C326
C:\WINDOWS\System32\DRIVERS\srvnet.sys 0351B28EEDFBD6C8CC69A7224A098CFA
C:\WINDOWS\System32\drivers\stexstor.sys D40C589F80EB1C511263D0547C0259AE
C:\WINDOWS\system32\DRIVERS\stwrt64.sys 71CB3BB20F08BB724769DAAAFD5AB26E
C:\WINDOWS\system32\DRIVERS\serscan.sys 01726E4BD1D1A5AF1F23833C79528555
C:\WINDOWS\System32\drivers\storahci.sys 576A818562069B1E091CC719C143AED2
C:\WINDOWS\System32\drivers\vmstorfl.sys E5F703788DFA05411F1469E96838F438
C:\WINDOWS\System32\drivers\stornvme.sys 0D0128244FF55EAD3F878D3FE542DBA5
C:\WINDOWS\System32\drivers\storqosflt.sys 3A62FF78619258E6126C5C4B4CC82C8E
C:\WINDOWS\System32\drivers\storufs.sys C6097966F8EA3B288070CDF7C3C8C3E8
C:\WINDOWS\System32\drivers\storvsc.sys 3DC3B17E92DA02E36B4138733DF6C1AC
C:\WINDOWS\System32\drivers\swenum.sys 2BC4D0EBC2467FE90302AE0AFAF23768
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 572F81CF08972D53BAFFC2A110A2A586
C:\WINDOWS\System32\drivers\tcpip.sys DC0D1B5284152315F81894DAABBB2AF3
C:\WINDOWS\System32\drivers\tcpip.sys DC0D1B5284152315F81894DAABBB2AF3
C:\WINDOWS\System32\drivers\tcpipreg.sys 1C35A5C62D110346379C55E39A3D547C
C:\WINDOWS\system32\DRIVERS\tdx.sys 892AB2637603A5E9507C39E61101C3C3
C:\WINDOWS\System32\drivers\terminpt.sys 96A35CDBA661D41C5A3914257CA1D200
C:\WINDOWS\System32\drivers\timntr.sys 6ADC063FD51F03EF0CAB3E716A725BD2
C:\WINDOWS\System32\drivers\tpm.sys F76A92975340DAA99939DA297D677EA8
C:\Windows\System32\drivers\TrueSight.sys 0D5A09B08568760AE85A801FCBC0F83D
C:\WINDOWS\System32\drivers\tsusbflt.sys 9856BCCD1CD5DE4D17E8DBBA7CEFC688
C:\WINDOWS\System32\drivers\TsUsbGD.sys 837AD2B941E721BCCEB7EF137E2DEE18
C:\WINDOWS\System32\drivers\tunnel.sys B3142C6118703E98EB0510CF7B43D0F2
C:\WINDOWS\System32\drivers\uaspstor.sys B4C846ABD462558D45CA578C855759C3
C:\WINDOWS\System32\Drivers\UcmCx.sys 5C2C0296D9EE7DC92A3F14642FBE656D
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 8BB64E04CD97AD8C68543181D93E2AFC
C:\WINDOWS\System32\drivers\UcmUcsi.sys 5A7CE114C8DA9060F32633F81A5625E5
C:\WINDOWS\System32\drivers\ucx01000.sys 5D4EAF3D0911338CB8FDB088386D6DCA
C:\WINDOWS\System32\drivers\udecx.sys 384E1F0D84B465820416338E52FE7C2B
C:\WINDOWS\System32\DRIVERS\udfs.sys C82BE75239D412057C9E3DB1785680C6
C:\WINDOWS\System32\drivers\UEFI.sys CCDF6EFF952BF3BF34DC17600F479397
C:\WINDOWS\System32\drivers\ufx01000.sys 00BEF71C45FD6B06E7525E7B31EFA88C
C:\WINDOWS\System32\drivers\UfxChipidea.sys 9450AB15C30CF7D1F23C8A42E778C3A2
C:\WINDOWS\System32\drivers\ufxsynopsys.sys CEE12C7A689BDF448715024A7E0EB9C3
C:\WINDOWS\System32\drivers\umbus.sys F39ED750EDF5948FA8CD99D1F4EC9372
C:\WINDOWS\System32\drivers\umpass.sys 55984D4E64C2F8E4223542CBCC15EDEB
C:\WINDOWS\System32\drivers\urschipidea.sys 4D23214CB8B1C36B82061280EB8FDAB3
C:\WINDOWS\System32\drivers\urscx01000.sys 4329D880DB96B504F0DDC991A7374CCD
C:\WINDOWS\System32\drivers\urssynopsys.sys 93FAD0AC5879F274FA248A49E3F3EA33
C:\WINDOWS\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\WINDOWS\System32\drivers\usbccgp.sys 6B09AA6A04C8261E787B6523229E7159
C:\WINDOWS\System32\drivers\usbcir.sys ECE3AD18B4C22ED0C4AB1A2AD9AC32C8
C:\WINDOWS\System32\drivers\usbehci.sys F8BCB536866474C6D8008F4C69B778A1
C:\WINDOWS\System32\drivers\usbhub.sys 1F723DA014062DBF3288B408A7611845
C:\WINDOWS\System32\drivers\UsbHub3.sys B9651548CE196186A72CE8C6D0C094FC
C:\WINDOWS\System32\drivers\usbohci.sys BE6ED98FD0D3FE5FB11762AD7CCD6C96
C:\WINDOWS\System32\drivers\usbprint.sys CEE43CD5357DB8786CE6E2C430841AE4
C:\WINDOWS\system32\DRIVERS\usbscan.sys 96B48485A7CC2C0A63C196A16403C5F3
C:\WINDOWS\System32\drivers\usbser.sys 99F0738B320B7A8D11351A32F68AA5F1
C:\WINDOWS\System32\drivers\USBSTOR.SYS 67E26F56CF7EACCBD9C9F75343A3D7C2
C:\WINDOWS\System32\drivers\usbuhci.sys 7BA802C9F73A84B75BB22538ADA495BE
C:\WINDOWS\System32\drivers\USBXHCI.SYS 50E70B3A95138AA4A30B095270EE0DE6
C:\WINDOWS\System32\drivers\vdrvroot.sys C1EC9211C7759D2487FD30934AA3EE96
C:\WINDOWS\System32\drivers\VerifierExt.sys C83F3BC00651448DB127D497CF955089
C:\WINDOWS\System32\drivers\vhdmp.sys 0E12F5F6B1C813D17AFDA197C4394423
C:\WINDOWS\System32\drivers\vhf.sys 1AD096A5C00E522398D0092D875A8CB6
C:\WINDOWS\System32\drivers\vididr.sys 96A4F56CBBA3DCF5D90CDA1BC218D040
C:\WINDOWS\System32\DRIVERS\vsflt53.sys C69A784BEC737CD7460EBF3C3834D65E
C:\WINDOWS\System32\drivers\vmbus.sys EE9A22CFD9AEDD7B52F98B0272494609
C:\WINDOWS\System32\drivers\VMBusHID.sys BFBD0895926FD98A03AD6BB845B569B7
C:\WINDOWS\System32\drivers\vmgid.sys C123C97D351C56C75FE5335AB18255EE
C:\WINDOWS\System32\drivers\volmgr.sys 0AB9C264F13E2A070A8CF10EDD099ED2
C:\WINDOWS\System32\drivers\volmgrx.sys 6EE608257C1137A25B402EF8FC77E83A
C:\WINDOWS\System32\drivers\volsnap.sys E3429DBBEA3965BB96E24B16EF4A2551
C:\WINDOWS\System32\drivers\volume.sys 86E790B503C771E674C7DF8FFCBFEFDB
C:\WINDOWS\System32\drivers\vpci.sys B25589A0892E6DF8CC07E5CB48BFC954
C:\WINDOWS\System32\drivers\vsmraid.sys AA4466A47D2CA7ECE3DCF5256017DCC3
C:\WINDOWS\System32\drivers\vstxraid.sys 98BB6C9AD39D8F2E883093F28282FAEC
C:\WINDOWS\System32\drivers\vwifibus.sys B47026E109828102266CBE2F5F9AD113
C:\WINDOWS\System32\drivers\vwififlt.sys 799ECD541A9B2764B36A22A095885365
C:\WINDOWS\System32\drivers\vwifimp.sys 82CA088A33517D1C8571D6850CC13D7E
C:\WINDOWS\System32\drivers\wacompen.sys F0F477541F7AF67CC05DA1CF4921A500
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\system32\drivers\wcifs.sys 923200B78F5284D674A3712204D0FEFA
C:\WINDOWS\system32\drivers\wcnfs.sys 1737BEF60CA384423CE4B32AF1C2BFFC
C:\WINDOWS\System32\drivers\WdBoot.sys 38130C1C5FE0E08820EE57E1B087B659
C:\WINDOWS\System32\drivers\Wdf01000.sys 0C6CBF3490EE5F0D62B5820568CA30B8
C:\WINDOWS\System32\drivers\WdFilter.sys F7B6CB0F9ECD28848E2BDACEAB0D9204
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys BF45B43BA47D0FA769CE5AFBF7104F01
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 82A4F22C884B4BAE8B531640859F9871
C:\WINDOWS\System32\drivers\wfplwfs.sys 3C8F0ABD00E197101DCF43FEF8FB0D76
C:\WINDOWS\System32\drivers\wimmount.sys 75014BF6510D4C6C69EEE5B7743A52AF
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys C8EBCFED8FD2CDF725E44AF93016621E
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys D318557F9D7CA3836104F0B8ECB1F32E
C:\WINDOWS\System32\drivers\winmad.sys 31DDF1D001336B2DCE7DF24E99EF1D04
C:\WINDOWS\System32\drivers\winnat.sys 2E1A614EFB0523E20860AE7978DDA0A4
C:\WINDOWS\System32\drivers\WinUSB.SYS 03858B18BB6DF6A400D9FC5153FD28A8
C:\WINDOWS\System32\drivers\winverbs.sys 0BF4A43CF1F3A4D50AFA4561C3B4628D
C:\WINDOWS\System32\drivers\wmiacpi.sys 0D6E1347A891607759340B1E55BA2A77
C:\Windows\System32\Drivers\Wof.sys 1AE1076034392218EE89D2744EC2A071
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 1FD80CBB192A20375F3664639DEB57B5
C:\WINDOWS\system32\drivers\ws2ifsl.sys DAF4451760B46CB383D287C4FAFFE97D
C:\WINDOWS\System32\drivers\WudfPf.sys 455609BF60DA3B57EEAB863DEFCCF14D
C:\WINDOWS\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\System32\drivers\xboxgip.sys B10655A4C2EFDC25483D670EF52A4854
C:\WINDOWS\System32\drivers\xinputhid.sys 2E50A379A8E4F6C5D85E87C26C08D329

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 05:22 - 2017-08-23 05:22 - 000017880 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer reports.txt
2017-08-23 04:31 - 2017-08-23 04:31 - 000345927 _____ C:\Users\AIRWORX 2\Desktop\eset 12 found 11 corrected.txt
2017-08-23 04:30 - 2017-08-23 04:30 - 000203442 _____ C:\Users\AIRWORX 2\Desktop\6-28-17 eset all.txt
2017-08-23 04:28 - 2017-08-23 04:28 - 000511683 _____ C:\Users\AIRWORX 2\Desktop\eset 42 found.txt
2017-08-23 04:22 - 2017-08-23 04:22 - 000486514 _____ C:\Users\AIRWORX 2\Desktop\1 found eset.txt
2017-08-23 04:20 - 2017-08-23 04:20 - 000012117 _____ C:\Users\AIRWORX 2\Desktop\eset detected threats.txt
2017-08-23 04:17 - 2017-08-23 04:17 - 000000099 _____ C:\Users\AIRWORX 2\Desktop\eset last complete scan.txt
2017-08-23 04:13 - 2017-08-23 04:13 - 000000152 _____ C:\Users\AIRWORX 2\Desktop\6-28-17 eset.txt
2017-08-23 04:11 - 2017-08-23 04:11 - 000000128 _____ C:\Users\AIRWORX 2\Desktop\eset 1.txt
2017-08-23 04:08 - 2017-08-23 04:08 - 000012117 _____ C:\Users\AIRWORX 2\Desktop\eset threats.txt
2017-08-22 20:17 - 2017-08-22 20:17 - 000072689 _____ C:\Users\AIRWORX 2\Downloads\02234217-WebDetail.pdf
2017-08-22 19:57 - 2017-08-22 19:57 - 000010810 _____ C:\Users\AIRWORX 2\Desktop\Brandi-Copas.pdfresume.pdf
2017-08-22 19:35 - 2017-08-22 19:36 - 297077664 _____ C:\Users\AIRWORX 2\Documents\regedits.REG
2017-08-21 15:38 - 2017-08-21 15:38 - 000092808 _____ C:\Users\AIRWORX 2\Downloads\Instructions-for-Completing-an-Affidavit-of-Affixture.pdf
2017-08-21 15:38 - 2017-08-21 15:38 - 000092808 _____ C:\Users\AIRWORX 2\Downloads\Instructions-for-Completing-an-Affidavit-of-Affixture (2).pdf
2017-08-21 15:38 - 2017-08-21 15:38 - 000092808 _____ C:\Users\AIRWORX 2\Downloads\Instructions-for-Completing-an-Affidavit-of-Affixture (1).pdf
2017-08-21 13:48 - 2017-08-21 13:53 - 000002324 _____ C:\Users\AIRWORX 2\Desktop\page 2.html
2017-08-21 13:35 - 2017-08-21 13:39 - 000098816 _____ C:\Users\AIRWORX 2\Documents\Publication1.pub
2017-08-21 12:59 - 2017-08-21 13:40 - 000024476 _____ C:\Users\AIRWORX 2\Documents\Publication1.htm
2017-08-21 12:59 - 2017-08-21 13:40 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Publication1_files
2017-08-21 12:37 - 2017-08-21 12:37 - 000028342 _____ C:\Users\AIRWORX 2\Documents\h3 class.htm
2017-08-21 12:37 - 2017-08-21 12:37 - 000000000 ____D C:\Users\AIRWORX 2\Documents\h3 class_files
2017-08-21 08:15 - 2017-08-21 08:15 - 000010221 _____ C:\Users\AIRWORX 2\Documents\booking list allen.xlsx
2017-08-21 07:27 - 2017-08-21 07:27 - 000006863 _____ C:\Users\AIRWORX 2\Desktop\sam's invoice 8-18-2017.pdf
2017-08-19 13:30 - 2017-08-19 13:33 - 000155362 _____ C:\Users\AIRWORX 2\Documents\Nick LIVING WILL.pdf
2017-08-19 13:29 - 2017-08-19 13:29 - 000159096 _____ C:\Users\AIRWORX 2\Documents\Nick LAST WILL AND TESTAMENT.pdf
2017-08-18 11:30 - 2017-08-18 11:30 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\IsolatedStorage
2017-08-18 11:20 - 2016-04-23 14:16 - 000000000 ____D C:\Users\AIRWORX 2\.oracle_jre_usage
2017-08-18 10:37 - 2017-08-18 11:13 - 000002951 _____ C:\Users\AIRWORX 2\Desktop\SeaTools for Windows.lnk
2017-08-18 10:37 - 2017-08-18 10:37 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate
2017-08-18 10:31 - 2017-08-18 10:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2017-08-18 10:30 - 2017-08-18 10:30 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\SeagateMenu
2017-08-18 10:16 - 2017-08-21 08:15 - 000024746 _____ C:\Users\AIRWORX 2\Documents\allen new.xlsx
2017-08-18 07:56 - 2017-08-18 07:57 - 000000000 ____D C:\Users\airwo\AppData\Local\Dropbox
2017-08-18 07:50 - 2017-08-18 07:50 - 000000000 ____D C:\Users\airwo\AppData\Roaming\Zeon
2017-08-18 07:40 - 2017-08-18 08:14 - 000000000 ____D C:\Users\airwo
2017-08-18 07:40 - 2017-08-18 07:40 - 000000020 ___SH C:\Users\airwo\ntuser.ini
2017-08-18 07:40 - 2017-08-18 07:40 - 000000000 ____D C:\Users\airwo\AppData\Local\TileDataLayer
2017-08-18 07:40 - 2017-08-18 07:40 - 000000000 ____D C:\Users\airwo\AppData\Local\ESET
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\Documents\hp.system.package.metadata
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\Documents\hp.applications.package.appdata
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\AppData\Local\Microsoft Help
2017-08-18 07:40 - 2016-09-30 14:21 - 000000000 ____D C:\Users\airwo\AppData\Local\Google
2017-08-18 07:31 - 2017-08-18 07:31 - 000087960 _____ C:\Users\AIRWORX 2\Documents\wmi reports.txt
2017-08-18 06:46 - 2017-08-18 06:46 - 000001352 _____ C:\Users\AIRWORX 2\Desktop\hdwwiz.exe - Shortcut.lnk
2017-08-18 06:45 - 2017-08-18 06:45 - 000000981 _____ C:\Users\AIRWORX 2\Desktop\hdwwiz.cpl - Shortcut.lnk
2017-08-18 04:14 - 2017-08-18 04:14 - 000012508 _____ C:\Users\AIRWORX 2\Desktop\1F_REVGenEdChkFYComp_0.pdf
2017-08-18 04:03 - 2017-08-18 04:03 - 000114643 _____ C:\Users\AIRWORX 2\Desktop\MCCCD Program Description.pdf
2017-08-17 21:19 - 2017-08-17 21:20 - 000000823 _____ C:\Users\AIRWORX 2\Desktop\JRT.txt
2017-08-17 21:14 - 2017-08-17 21:14 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\JRT.exe
2017-08-17 21:07 - 2017-08-17 21:07 - 008185288 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\AdwCleaner.exe
2017-08-17 13:39 - 2017-08-17 13:39 - 000001955 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-17 13:39 - 2017-08-17 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-17 13:39 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-17 12:39 - 2017-08-17 12:39 - 000069632 _____ C:\WINDOWS\calc diag.evtx
2017-08-17 12:38 - 2017-08-17 12:39 - 000000000 ____D C:\WINDOWS\LocaleMetaData
2017-08-17 12:38 - 2017-08-17 12:38 - 000069632 _____ C:\WINDOWS\calc debug.evtx
2017-08-17 11:22 - 2017-08-23 02:05 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-17 11:22 - 2017-08-22 13:32 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-17 09:21 - 2017-08-17 09:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-17 09:20 - 2017-08-17 09:20 - 065033984 _____ (Malwarebytes ) C:\Users\AIRWORX 2\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-08-17 05:52 - 2017-08-17 05:52 - 035688304 _____ (Adlice Software ) C:\Users\AIRWORX 2\Desktop\RogueKiller_setup.exe
2017-08-17 05:50 - 2017-08-17 05:50 - 000003429 _____ C:\Users\AIRWORX 2\Documents\to do techspot.txt
2017-08-17 03:42 - 2017-08-17 03:42 - 000069632 _____ C:\Users\AIRWORX 2\Documents\antimalware.evtx
2017-08-15 13:35 - 2017-08-15 13:35 - 000714224 _____ C:\Users\AIRWORX 2\Desktop\Windows10andWindowsServer2016PolicySettings (1).xlsx
2017-08-15 13:33 - 2017-08-15 13:33 - 000714224 _____ C:\Users\AIRWORX 2\Desktop\Windows10andWindowsServer2016PolicySettings.xlsx
2017-08-15 13:12 - 2017-08-15 13:12 - 000248729 _____ C:\Users\AIRWORX 2\Downloads\pop-securing-lateral-account-movement.pdf
2017-08-15 11:38 - 2017-08-15 11:38 - 000767631 _____ C:\Users\AIRWORX 2\Desktop\F4183E84-3D51-4F88-8145-9312C2D88DC6.pdf
2017-08-15 08:02 - 2017-01-02 13:47 - 000068873 _____ C:\Users\AIRWORX 2\Downloads\Inv_3303_from_3_ATOMS_LLC_3656 - Copy.pdf
2017-08-15 04:58 - 2017-08-22 10:05 - 002395648 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\FRST64.exe
2017-08-15 02:24 - 2017-08-15 02:24 - 021715575 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034662-x64_f2380ab75c39045ffdde4fa875029e1b70bb5aec.msu
2017-08-14 14:40 - 2017-08-14 14:43 - 904101495 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034674-x64_cae3409b2e93b492093c43a18aa81f66cc70cdad.msu
2017-08-14 14:40 - 2017-08-14 14:42 - 564953013 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034674-x64_delta_891202a55f2b6051b8a03b309ea9922ba19e1cf6.msu
2017-08-14 12:03 - 2017-08-14 12:03 - 000583304 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\ESETHfsReader (1).exe
2017-08-14 11:59 - 2017-08-14 11:59 - 002273880 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x86.exe
2017-08-14 11:59 - 2017-08-14 11:59 - 000115008 _____ (ESET) C:\WINDOWS\SysWOW64\Drivers\efavdrv.sys
2017-08-14 11:57 - 2017-08-14 11:57 - 002991832 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x64 (1).exe
2017-08-14 09:04 - 2017-08-14 09:04 - 000001860 _____ C:\Users\AIRWORX 2\Desktop\sc-cleaner1.txt
2017-08-11 12:22 - 2017-08-23 03:36 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\mbar
2017-08-11 12:22 - 2017-08-11 12:22 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001 (1).exe
2017-08-11 10:22 - 2017-08-17 21:11 - 000000000 ____D C:\AdwCleaner
2017-08-11 10:18 - 2017-08-11 10:18 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\esetonlinescanner_enu.exe
2017-08-11 09:51 - 2017-08-11 09:51 - 000001613 _____ C:\Users\AIRWORX 2\Desktop\ProcmonConfiguration.pmc
2017-08-11 09:47 - 2017-08-11 09:47 - 000001737 _____ C:\Users\AIRWORX 2\Desktop\cross reference processes.CSV
2017-08-11 09:46 - 2017-08-11 09:46 - 000001188 _____ C:\Users\AIRWORX 2\Desktop\network events.CSV
2017-08-11 09:43 - 2017-08-14 09:03 - 000001860 _____ C:\Users\AIRWORX 2\Desktop\sc-cleaner.txt
2017-08-11 09:42 - 2017-08-11 09:42 - 000059971 _____ C:\Users\AIRWORX 2\Desktop\MTB1.txt
2017-08-11 09:41 - 2017-08-11 09:41 - 000059971 _____ C:\Users\AIRWORX 2\Desktop\MTB.txt
2017-08-11 08:04 - 2017-08-11 08:04 - 000892416 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\MiniToolBox.exe
2017-08-11 08:03 - 2017-08-11 08:03 - 000467072 _____ (Bleeping Computer, LLC) C:\Users\AIRWORX 2\Desktop\sc-cleaner.exe
2017-08-11 04:17 - 2017-08-11 04:17 - 000488556 _____ C:\Users\AIRWORX 2\Desktop\5-15-17 eset.xml
2017-08-11 04:16 - 2017-08-11 04:16 - 000211414 _____ C:\Users\AIRWORX 2\Desktop\6-27-17 eset findings.xml
2017-08-11 02:29 - 2017-08-11 02:29 - 000148871 _____ C:\Users\AIRWORX 2\Desktop\ssasbug.android findings eset.txt
2017-08-11 02:27 - 2017-08-11 02:27 - 000203442 _____ C:\Users\AIRWORX 2\Desktop\tv lite.jsn findings eset.txt
2017-08-11 02:26 - 2017-08-11 02:26 - 002683721 _____ C:\Users\AIRWORX 2\Desktop\Ink cant open .txt
2017-08-11 02:25 - 2017-08-11 02:25 - 000000201 _____ C:\Users\AIRWORX 2\Desktop\safe os mount eset.txt
2017-08-11 02:22 - 2017-08-11 02:22 - 000109866 _____ C:\Users\AIRWORX 2\Desktop\eset history and NT Auth updates too.txt
2017-08-10 20:28 - 2017-08-10 20:28 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ESET Rootkit Detector.app
2017-08-10 20:22 - 2017-08-10 20:22 - 002991832 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x64.exe
2017-08-10 20:21 - 2017-08-14 12:03 - 000001244 _____ C:\Users\AIRWORX 2\Desktop\HfsReader_Log.txt
2017-08-10 20:15 - 2017-08-10 20:15 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ESET_Rootkit_Detector
2017-08-10 20:10 - 2017-08-10 20:10 - 000260296 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ESETNecursCleaner.exe
2017-08-10 20:09 - 2017-08-10 20:09 - 009757824 _____ (ESET) C:\Users\AIRWORX 2\Desktop\avremover_nt64_enu.exe
2017-08-10 20:09 - 2017-08-10 20:09 - 000616883 _____ C:\Users\AIRWORX 2\Desktop\ESET_Rootkit_Detector.zip
2017-08-10 20:09 - 2017-08-10 20:09 - 000583304 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\ESETHfsReader.exe
2017-08-10 12:19 - 2017-08-11 09:22 - 000100017 _____ C:\Users\AIRWORX 2\Desktop\DigiData.Vault.Adapter.log.1.txt
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\search UI.evtx
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\oneCore online setup.evtx
2017-08-10 11:43 - 2017-08-10 11:43 - 000069632 _____ C:\Users\AIRWORX 2\Documents\defender.evtx
2017-08-10 11:35 - 2017-08-10 11:35 - 000069632 _____ C:\Users\AIRWORX 2\Documents\Analytic.evtx
2017-08-10 07:54 - 2017-08-23 05:14 - 000091976 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-08-10 07:54 - 2017-08-18 08:33 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ProcessMonitor
2017-08-10 07:53 - 2017-08-10 07:53 - 001005016 _____ C:\Users\AIRWORX 2\Desktop\ProcessMonitor.zip
2017-08-10 07:30 - 2017-08-10 07:30 - 000022715 _____ C:\Users\AIRWORX 2\Desktop\Employee-Referral-Form.pdf
2017-08-09 11:55 - 2017-08-18 10:23 - 000206120 ____N C:\WINDOWS\Minidump\081817-24515-01.dmp
2017-08-09 10:44 - 2017-08-09 10:44 - 000000646 _____ C:\windows reg did not find any errors.txt
2017-08-09 10:23 - 2017-08-09 10:23 - 000009985 _____ C:\Users\AIRWORX 2\Desktop\cmd we ran 8-9-17.txt
2017-08-09 09:20 - 2017-08-09 09:20 - 000000347 _____ C:\Users\AIRWORX 2\Desktop\junk text commandtxt.txt
2017-08-09 09:10 - 2017-08-09 09:10 - 000035172 _____ C:\Users\AIRWORX 2\Desktop\services.xlsx
2017-08-09 08:52 - 2017-08-09 08:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001.exe
2017-08-09 05:56 - 2017-08-09 05:56 - 002396604 _____ C:\Users\AIRWORX 2\Desktop\WVCheck.exe
2017-08-09 05:53 - 2017-08-09 05:53 - 000380928 _____ C:\Users\AIRWORX 2\Desktop\n0i6wip8.exe
2017-08-09 02:29 - 2017-08-09 02:29 - 065033984 _____ (Malwarebytes ) C:\Users\AIRWORX 2\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-08 21:28 - 2017-08-08 21:28 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Publishers
2017-08-08 14:49 - 2017-08-08 14:50 - 021567079 _____ C:\Users\AIRWORX 2\Desktop\eset ignore known.xml
2017-08-08 11:20 - 2017-08-08 11:40 - 000007704 _____ C:\Users\AIRWORX 2\Desktop\SystemLook.txt
2017-08-08 11:18 - 2017-08-08 11:18 - 000165376 _____ C:\Users\AIRWORX 2\Desktop\SystemLook_x64.exe
2017-08-08 09:39 - 2017-08-08 09:39 - 000000000 ___RD C:\Users\AIRWORX 2\Downloads\Cosmic Jump AIRWORX Team Folder
2017-08-08 06:43 - 2017-08-08 06:43 - 000224885 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form -signed.pdf
2017-08-08 06:41 - 2017-08-08 06:41 - 000079927 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form .pdf
2017-08-08 06:37 - 2017-08-08 06:37 - 000130011 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgBX20iFWV0zlOfIcnVvXuWFsRsWFHxh-F_BkAp8bDwqqj0Yv8DmcWC9UunIF7Yc3GQ_FPzGqJGE3Udx6ZkfZbWjV2IWVIT2uMiJq5IMsfJkGNwBJkC4onio8yk=.pdf
2017-08-08 06:15 - 2017-08-09 09:10 - 000065097 _____ C:\Users\AIRWORX 2\Desktop\services.csv
2017-08-08 05:16 - 2017-08-08 05:16 - 000081951 _____ C:\Users\AIRWORX 2\Desktop\myeventviewer-x64.zip
2017-08-08 05:07 - 2017-08-08 05:07 - 000061440 _____ ( ) C:\Users\AIRWORX 2\Desktop\VEW.exe
2017-08-08 04:21 - 2017-08-08 04:21 - 001770460 _____ C:\Users\AIRWORX 2\Downloads\Windows Defender ATP - Ransomware response playbook.pdf
2017-08-08 04:20 - 2017-08-22 13:24 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\CrashDumps
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\Program Files (x86)\EMET 5.5
2017-08-08 04:13 - 2017-08-08 04:13 - 026812416 _____ C:\Users\AIRWORX 2\Downloads\EMET Setup.msi
2017-08-08 04:10 - 2017-08-08 04:39 - 000768464 _____ C:\Users\AIRWORX 2\Downloads\Windows10andWindowsServer2016PolicySettings.xlsx
2017-08-08 02:55 - 2017-08-08 02:55 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\JetBrains
2017-08-08 02:49 - 2017-08-21 13:01 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Microsoft Help
2017-08-08 02:43 - 2017-08-09 11:24 - 000000000 ____D C:\Android
2017-08-08 02:42 - 2017-08-09 11:20 - 000000000 ____D C:\Program Files\Android
2017-08-07 13:01 - 2017-08-07 13:04 - 000790638 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_13.01.55_log.txt
2017-08-07 12:43 - 2017-08-07 12:44 - 000008106 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_12.43.03_log.txt
2017-08-07 12:41 - 2017-08-07 12:41 - 004922400 _____ (AO Kaspersky Lab) C:\Users\AIRWORX 2\Desktop\tdsskiller.exe
2017-08-07 12:25 - 2017-08-07 12:25 - 000000155 _____ C:\WINDOWS\system32\all.txt
2017-08-07 10:00 - 2017-08-07 10:00 - 000879551 _____ C:\Users\AIRWORX 2\Desktop\CryptoSearch.zip
2017-08-04 11:10 - 2017-08-04 14:39 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\AP
2017-08-04 10:48 - 2017-08-17 05:54 - 000000942 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-04 10:37 - 2017-08-04 10:37 - 000000546 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.zip
2017-08-04 10:01 - 2017-08-04 10:02 - 000047265 _____ C:\Users\AIRWORX 2\Desktop\appcrashview (1).zip
2017-08-04 05:40 - 2017-08-04 09:24 - 000004816 _____ C:\Users\AIRWORX 2\Desktop\links to findings.txt
2017-08-03 20:55 - 2017-08-03 20:55 - 000055111 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgAjZaC8g0bE5UVjMkDU-EGyfCbydESYIcl5Ek-Jk2dgOtZdX5ShW7Uo0TTTXhI7ZV4o60JCCrjfMp-q84aBwoJKcJbRGbK_B2rm9Yaii0wppseh1AkAy87pTKo=.pdf
2017-08-03 12:55 - 2017-08-03 12:55 - 000019119 _____ C:\Users\AIRWORX 2\Desktop\es.dat
2017-08-03 12:52 - 2017-08-03 12:52 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset scans.txt
2017-08-03 07:53 - 2017-08-03 07:53 - 000333952 _____ (ESET) C:\Users\AIRWORX 2\Downloads\ESETEternalBlueChecker.exe
2017-08-03 07:38 - 2017-08-03 07:38 - 004836307 _____ C:\Users\AIRWORX 2\Downloads\eset_sysrescue_userguide_enu.pdf
2017-08-03 04:01 - 2017-08-22 13:32 - 100139008 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-03 03:58 - 2017-08-03 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-02 15:53 - 2017-08-02 15:53 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50 (1).exe
2017-08-02 10:02 - 2017-08-02 10:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\LogMeIn
2017-08-02 07:44 - 2017-08-02 07:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Security
2017-08-02 07:20 - 2017-08-17 03:42 - 000000000 ____D C:\Users\AIRWORX 2\Documents\LocaleMetaData
2017-08-02 07:19 - 2017-08-02 07:20 - 000069632 _____ C:\Users\AIRWORX 2\Documents\events.evtx
2017-08-02 03:08 - 2017-08-02 03:08 - 145707800 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\msert.exe
2017-08-02 03:05 - 2017-08-02 03:05 - 000001174 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer.txt
2017-08-02 03:03 - 2017-08-23 05:22 - 000000469 _____ C:\Users\AIRWORX 2\Desktop\AppCrashView.cfg
2017-08-01 08:19 - 2017-08-01 08:19 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset yesterday.txt
2017-08-01 06:18 - 2017-08-22 10:05 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\FRST-OlderVersion
2017-08-01 05:58 - 2017-08-01 05:58 - 000000000 ____D C:\WINDOWS\Panther
2017-07-31 15:33 - 2017-07-31 15:33 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\NetworkTiles
2017-07-31 15:25 - 2017-07-31 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\MicrosoftEdge
2017-07-31 13:36 - 2017-07-31 13:36 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu (1).exe
2017-07-28 08:44 - 2017-07-28 08:44 - 000000000 _____ C:\WINDOWS\system32\set
2017-07-28 06:15 - 2017-07-28 06:15 - 000576231 _____ C:\Users\AIRWORX 2\Downloads\DTec13656.pdf
2017-07-28 06:06 - 2017-07-28 06:06 - 000075669 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP (4).pdf
2017-07-28 06:01 - 2017-07-28 06:01 - 000053739 _____ C:\Users\AIRWORX 2\Downloads\HS-2.8.17 #2888 CJump KCity Jan Inv&Rep SH (1).pdf
2017-07-28 05:54 - 2017-07-28 05:54 - 000151083 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP - Inv.pdf
2017-07-28 05:39 - 2017-07-28 06:17 - 000002182 _____ C:\Users\AIRWORX 2\Downloads\data (35).csv
2017-07-28 05:17 - 2017-07-28 05:17 - 000002299 _____ C:\Users\AIRWORX 2\Desktop\Google Chrome.lnk
2017-07-28 03:35 - 2017-07-28 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 07:33 - 2017-07-27 07:33 - 008162248 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\AdwCleaner.exe
2017-07-27 07:33 - 2017-07-27 07:33 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\JRT.exe
2017-07-27 06:25 - 2017-07-27 06:25 - 000995572 _____ C:\Users\AIRWORX 2\Desktop\rel.XML
2017-07-27 06:02 - 2017-07-27 06:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\.IdentityService
2017-07-27 04:08 - 2017-07-27 04:08 - 000183220 _____ C:\Users\AIRWORX 2\Downloads\Appsdiagnostic10.diagcab
2017-07-26 11:56 - 2017-07-26 11:56 - 140634896 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (4).exe
2017-07-26 10:47 - 2017-08-07 14:34 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (3).exe
2017-07-26 10:45 - 2017-07-26 10:46 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (2).exe
2017-07-26 10:45 - 2017-07-26 10:45 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (1).exe
2017-07-26 10:38 - 2017-07-26 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-07-26 10:25 - 2017-07-28 02:15 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Visual Studio Setup
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\vstelemetry
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ServiceHub
2017-07-26 10:24 - 2017-07-28 02:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-26 09:01 - 2017-07-26 09:01 - 000000000 ____D C:\DGLogs
2017-07-26 09:00 - 2017-07-26 09:00 - 000000000 ____D C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2
2017-07-26 08:59 - 2017-05-04 12:11 - 000075680 _____ C:\Users\AIRWORX 2\Downloads\DG_Readiness_Tool_v3.2.ps1
2017-07-26 08:58 - 2017-07-26 08:58 - 000031743 _____ C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2.zip
2017-07-26 07:41 - 2017-07-26 07:42 - 000901670 _____ C:\Users\AIRWORX 2\Desktop\reliability history 7-26-2017.XML
2017-07-26 07:34 - 2017-07-26 07:34 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-26 07:16 - 2017-07-26 07:17 - 001771288 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\nis_full.exe
2017-07-26 07:12 - 2017-07-26 07:12 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-07-26 07:11 - 2017-07-26 07:17 - 129705744 _____ (Microsoft Corporation) C:\Users\AIRWORX
 
==================== Files in the root of some directories =======

2015-04-01 09:26 - 2005-12-08 19:51 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2017-04-14 06:58 - 2017-04-14 06:58 - 000000000 _____ () C:\Users\AIRWORX 2\AppData\Roaming\IVOPEN.$$$
2014-12-17 10:09 - 2014-12-17 10:10 - 000012962 _____ () C:\Users\AIRWORX 2\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-03-26 13:47 - 2017-07-28 12:54 - 000007609 _____ () C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2015-12-09 12:34 - 2015-12-09 12:34 - 000000145 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-03-24 15:02 - 2014-10-23 13:06 - 000000226 _____ () C:\ProgramData\RSUserCfg.ini

Files to move or delete:
====================
C:\Users\AIRWORX 2\ASAP_Utilities_5-2-1_HS_Setup.exe
C:\Users\AIRWORX 2\WDMyCloud_win.exe


Some files in TEMP:
====================
2017-08-01 04:48 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\dllnt_dump.dll
2017-08-07 13:39 - 2017-08-07 13:49 - 001503232 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\libmysqlinstanceconf.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000455328 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcp120.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000970912 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcr120.dll
2016-07-30 17:08 - 2016-07-30 17:08 - 003112960 _____ (Jason York) C:\Users\AIRWORX 2\AppData\Local\Temp\pc-decrapifier.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000510752 _____ (Acronis) C:\Users\AIRWORX 2\AppData\Local\Temp\setupapp_amd64.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000540432 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\setupnt64.dll
2017-07-26 04:50 - 2006-05-24 10:10 - 000455600 _____ (Macrovision Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\_isC014.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2017-07-14 06:30] - [2017-07-14 06:30] - 000706560 _____ (Microsoft Corporation) 31E3287EF6D97C5864A301CEA75BBBA1

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2017-07-14 06:22] - [2017-07-14 06:22] - 001085440 _____ (Microsoft Corporation) 0E79A4C76CAAA0CFE9CA42C13E5AA086

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4b7a2ef2-3541-11e3-b150-8a50d101b6a2}
{4b7a2ef3-3541-11e3-b150-8a50d101b6a2}
{9a6e2421-7ab0-11e3-be6f-806e6f6e6963}
{06729fc1-3539-11e3-be6c-806e6f6e6963}
{4b7a2ef7-3541-11e3-b150-8a50d101b6a2}
{4b7a2ef8-3541-11e3-b150-8a50d101b6a2}
timeout 2

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {b9cacd23-7ab0-11e3-be6f-a4db308c6ca7}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {06729fc1-3539-11e3-be6c-806e6f6e6963}
description UEFI: Ipv6 Network Card

Firmware Application (101fffff)
-------------------------------
identifier {4b7a2ef2-3541-11e3-b150-8a50d101b6a2}
description USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier {4b7a2ef3-3541-11e3-b150-8a50d101b6a2}
description USB Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier {4b7a2ef7-3541-11e3-b150-8a50d101b6a2}
description USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier {4b7a2ef8-3541-11e3-b150-8a50d101b6a2}
description Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier {9a6e2421-7ab0-11e3-be6f-806e6f6e6963}
description UEFI: Ipv4 Network Card

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {b9cacd25-7ab0-11e3-be6f-a4db308c6ca7}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {b9cacd23-7ab0-11e3-be6f-a4db308c6ca7}
nx AlwaysOn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {b9cacd25-7ab0-11e3-be6f-a4db308c6ca7}
device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{b9cacd26-7ab0-11e3-be6f-a4db308c6ca7}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{b9cacd26-7ab0-11e3-be6f-a4db308c6ca7}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {b9cacd23-7ab0-11e3-be6f-a4db308c6ca7}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {b9cacd25-7ab0-11e3-be6f-a4db308c6ca7}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {b9cacd26-7ab0-11e3-be6f-a4db308c6ca7}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume5
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2017-08-17 02:28

==================== End of FRST.txt ============================
 
For some reason, it wouldn't allow me to post the balance of the 90 day created files, but here they are.
 

Attachments

  • balance of 90 day created files.txt
    105.9 KB · Views: 0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by AIRWORX 2 (23-08-2017 05:28:27)
Running from C:\Users\AIRWORX 2\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 13:25:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2671885098-678752524-1400920573-500 - Administrator - Disabled) => C:\Users\Administrator
airwo (S-1-5-21-2671885098-678752524-1400920573-1008 - Administrator - Enabled) => C:\Users\airwo
AIRWORX 2 (S-1-5-21-2671885098-678752524-1400920573-1001 - Administrator - Enabled) => C:\Users\AIRWORX 2
DefaultAccount (S-1-5-21-2671885098-678752524-1400920573-503 - Limited - Disabled)
Guest (S-1-5-21-2671885098-678752524-1400920573-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{05E5AD66-7CD0-4719-A229-0D3A7A5240D2}) (Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.1 - Bastien Mensink - A Must in Every Office BV)
Broderbund Family Lawyer (HKLM-x32\...\{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase) Hidden
Broderbund Family Lawyer (HKLM-x32\...\InstallShield_{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase)
Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EMET 5.52 (HKLM-x32\...\{BC26560D-1FC4-4DD5-8756-7E0606A79AE3}) (Version: 5.52 - Microsoft Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Escaperoom Software (HKLM-x32\...\{7BAA7E0D-9B92-4FE7-AEC8-F11EAE801922}) (Version: 3.1.0.0 - Escaperoom Software)
ESET Smart Security (HKLM\...\{2B587448-4CE3-4196-A237-A425E557F052}) (Version: 10.1.204.0 - ESET, spol. s r.o.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LG Mobile Drivers (HKLM-x32\...\{D8D0327A-72B4-4C79-9883-1B6B6C20ED2B}) (Version: 4.0.3 - LG Electronics)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}) (Version: 5.1.12 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{97EFE060-CE35-4709-9B3A-5D3C8F686FED}) (Version: 5.0.90 - MySQL AB)
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rock Gym Pro (HKLM-x32\...\{827570FB-0E88-444C-ADBC-9E799571E292}) (Version: 1.1.21247 - RGP Development LLC)
RogueKiller version 12.11.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.10.0 - Adlice Software)
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shutterfly Uploader (HKLM-x32\...\{CD928A00-1C70-4353-B9B9-7BC8600F3E43}) (Version: 2.9.0.737 - Shutterfly, Inc.)
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.03 - TaxAct, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WorkForce GT-1500 Scanner Driver Update (HKLM-x32\...\{37D0F29D-AB95-4598-ACF0-D3CC38C161D9}) (Version: - )
 
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [Zeon.MFCDirectShellExt] -> {353C642C-F13D-4699-9FF2-EFAF490B6C69} => C:\Program Files (x86)\Nuance\PDFCreate\bin\DirectShellExt.dll [2010-07-16] (Zeon International Investment Corp. )
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005B78DE-9ECF-4C1D-85D3-6330FE864BA6} - System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {073958F3-8E5F-4CF7-8625-ABD15377481E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {264F49CB-3415-488D-B8DA-9F6F8BE48331} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {2EE58945-C40B-43A8-A167-173E412D9D98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37C32B19-9630-4A28-9E5A-8EA8CD06CFA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {3BBEDA70-02DB-4E54-B6A5-E773003872B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {46064571-564C-4D46-9842-A167DDF1D942} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4FD0925E-6E79-4BC0-A382-3D5CCA5C36B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {5DB34D0B-4B82-47F6-B06D-2D195446A83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7A8C073B-9921-4385-A061-FF8B5410A453} - System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\SAAZOD\Uninstall\uninstall.exe -c "/U:C:\PROGRA~2\SAAZOD\Uninstall\uninstall.xml"
Task: {8258540A-E194-4B1C-A446-B100E53A7B7B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {8A6CE6D2-BAFF-47BD-B636-5632FA76D78E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8EE60D19-E484-4EC5-87B6-BEB1AE19CF50} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8F630B83-069D-434E-B4C4-59AD3C10A507} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-airworx@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {916845C6-0741-433C-AC62-C4B3A5F302DB} - System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {ACE8B2E6-FDA5-4314-A2D5-4B96CC439AEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B0F52980-9E9F-4BE0-971E-08686D2B7726} - System32\Tasks\HPCeeScheduleForAIRWORX 2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B9FA1D84-F00D-445B-8400-F7C7E90DD53E} - System32\Tasks\RGP Backup => C:\Program Files (x86)\Rock Gym Pro\Backup.exe [2017-06-04] ()
Task: {D6E1C5EC-1C4B-41AA-B7D9-9C4E99834A9A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E622463C-A190-4A30-A528-A6EF1AACE5FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {E6505B7C-6B08-451F-A300-AF1087B421C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FD8EB85B-000D-4D3B-861F-700C79FA8A4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\600fb694c0849943\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 9"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Brandi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
 
==================== Loaded Modules (Whitelisted) ==============

2005-09-09 03:24 - 2005-09-09 03:24 - 000102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-03 22:39 - 2017-08-03 22:39 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 02:07 - 2017-06-08 02:07 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-14 12:21 - 2017-06-14 12:22 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-07-22 02:52 - 2017-07-22 02:52 - 004323328 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-07-14 04:41 - 2017-07-14 04:47 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-08 02:07 - 2017-06-08 02:07 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 02:11 - 2017-07-25 02:11 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 02:11 - 2017-07-25 02:11 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 12:53 - 2017-07-12 13:01 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-24 11:41 - 2017-07-12 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 15:18 - 2017-07-12 13:01 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-25 12:07 - 2017-07-12 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-28 16:09 - 2017-07-12 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 11:59 - 2017-07-12 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
 
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Control Panel\Desktop\\Wallpaper -> c:\users\airworx 2\appdata\local\microsoft\windows\themes\transcodedwallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: CDPUserSvc_492c3 => 2
MSCONFIG\Services: CDPUserSvc_5d4d8 => 2
MSCONFIG\Services: MessagingService_492c3 => 3
MSCONFIG\Services: MessagingService_5d4d8 => 3
MSCONFIG\Services: OneSyncSvc_492c3 => 2
MSCONFIG\Services: OneSyncSvc_5d4d8 => 2
HKLM\...\StartupApproved\StartupFolder: => "BackupRemind.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Lathem.USBTM.UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE1C0E05-3334-4A29-BA76-AC00A18D6890}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-08-2017 05:21:51 Windows Update
17-08-2017 21:16:48 JRT Pre-Junkware Removal
18-08-2017 11:35:41 Windows Backup
21-08-2017 12:18:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: Acronis Backup Archive Explorer
Description: Acronis Backup Archive Explorer
Class Guid: {1860459d-4692-4825-b761-44a725991050}
Manufacturer: Acronis, Inc.
Service: timounter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2017 03:10:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (08/22/2017 07:49:12 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET version 5.52.6156.38092
EMET detected that the SSL certificate for "connect.facebook.net" is not trusted by the rule "FacebookCA" associated with the domain "www.facebook.com".

Certificate Trust check failed:
Application : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
User Name : AIRWORX2-PC\AIRWORX 2
Session ID : 1
PID : 0xC0 (192)
TID : 0x1EA0 (7840)

Certificate details:

[SSL CERTIFICATE]
Subject Name : CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, S=California, C=US
Issuer CA : C=SK, O="ESET, spol. s r. o.", CN=ESET SSL Filter CA
Serial Number : 7D2E58E6F81FFA538E9B3060F47B374C
Thumbprint : E07D10B21B24390F20FDF14F961BFEBB8194939D
Signature Alg : sha256RSA
Not Before : 12/8/2016 5:00:00 PM
Not After : 1/25/2018 5:00:00 AM
Public Key : 04D5BCAAAA9A71EA18E1626369897A18AB72D9A08D5D251431C31730690871AEF6129115159BFC8066CA02CD5267D7C8E1C89CFBE7370DF2BA126164122B6ADFB4

[ROOTCA CERTIFICATE]
Subject Name : C=SK, O="ESET, spol. s r. o.", CN=ESET SSL Filter CA
Issuer CA : C=SK, O="ESET, spol. s r. o.", CN=ESET SSL Filter CA
Serial Number : 4CD078DFFFDF1DB946A277DF1E00C61E
Thumbprint : 91261AF888A4C3296A7144F710958292EE98E91E
Signature Alg : sha256RSA
Not Before : 7/14/2017 6:01:55 AM
Not After : 7/12/2027 6:01:55 AM
Public Key : 3082010A0282010100A618E397660A441EB49B2EB81B0F05AE657A53A503520AB9469C17C3EB3BE9C1862BA019CF1D0F20915854A258F2F2D8D24B5B4FDF9D9181414E61C0CA1F7B1EF11DF841C4F0F7F151FC11AB99DC6E4C67DD7DAEF8CC0A70A14F17A80261F9F4B2E16566BFFA96690D0B12BB5F7C54AE6484CFE1B1265C86717ADBF3664CE45C408B6C1BB863A907C41F3B1847F36BD88142B75E764DEA37B5DEAE16A138E4B6BE88F4638E132C8CA04D13844B629795FE050614BF47CAE2DD7A7081C9D3C78EA66A5515B86F8992B7F237C3277E84437D96B88C897B60D65FB9FF9868F85A62DDC89740EB6AC6FB6B402E0140DC9B4EADFA0B4F99D501632A1F459C2E60D4AD0203010001

Error: (08/22/2017 07:41:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/22/2017 07:41:26 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (08/22/2017 07:41:26 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (08/22/2017 07:41:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/22/2017 07:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.15063.0, time stamp: 0x521b5eb7
Faulting module name: pla.dll, version: 10.0.15063.0, time stamp: 0xe5ffecf2
Exception code: 0xc0000005
Fault offset: 0x00000000000f70c5
Faulting process id: 0x4c4
Faulting application start time: 0x01d31bb8c1f88f58
Faulting application path: c:\windows\system32\taskhostw.exe
Faulting module path: C:\WINDOWS\system32\pla.dll
Report Id: e154d4da-8a5d-4b09-9922-06b4816cccfc
Faulting package full name:
Faulting package-relative application ID:

Error: (08/22/2017 07:35:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/22/2017 07:35:20 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (08/22/2017 01:33:50 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at http://www.mysql.com.
 
System errors:
=============
Error: (08/22/2017 07:44:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:44:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:44:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:44:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:44:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:44:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:43:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:43:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:43:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/22/2017 07:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-08-23 02:36:58.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:57.237
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:56.202
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:55.119
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:54.048
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:53.024
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:51.364
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:50.256
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:49.217
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-23 02:36:48.081
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A8-6500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 7365.48 MB
Available physical RAM: 4618.45 MB
Total Virtual: 7765.48 MB
Available Virtual: 4568.95 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1842.47 GB) (Free:1725.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume E) (Fixed) (Total:1863.01 GB) (Free:1862.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8834CD72)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FA690411)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
The following are various logs, that I'm hoping maybe you can find something that looks familiar as an issue, or maybe even what this is, and how we tackle it. (She says with fingers crossed)
 

Attachments

  • eset 12 found 11 corrected.txt
    337.8 KB · Views: 1
  • eset 42 found.txt
    499.7 KB · Views: 0
  • 1 found eset.txt
    475.1 KB · Views: 0
  • 6-28-17 eset all.txt
    198.7 KB · Views: 0
  • eset threats.txt
    11.8 KB · Views: 0
  • malware bytes quar.txt
    1.5 KB · Views: 0
  • full scan kas.txt
    12.4 KB · Views: 0
  • Kas findings some not addressed.txt
    5.9 KB · Views: 0
Just a few more, hopefully that upload method is ok, ?


This is one day, from my windows update log (Tried to update whole thing, and it's to large, but it's only 5 days worth?
 

Attachments

  • WidnowsUpdateLog 8-15-17.txt
    183.3 KB · Views: 0
  • DigiData.Vault.Adapter.log.1.txt
    97.7 KB · Views: 0
  • setupact1.txt
    35.4 KB · Views: 0
  • ssasbug.android findings eset.txt
    145.4 KB · Views: 0
Last one, couldn't upload before but can now.
=== Verbose logging started: 8/7/2017 8:42:23 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (24:68) [08:42:23:663]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (24:68) [08:42:23:663]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (24:38) [08:42:23:678]: Resetting cached policy values
MSI (c) (24:38) [08:42:23:678]: Machine policy value 'Debug' is 0
MSI (c) (24:38) [08:42:23:678]: ******* RunEngine:
******* Product: {2B587448-4CE3-4196-A237-A425E557F052}
******* Action:
******* CommandLine: **********
MSI (c) (24:38) [08:42:23:678]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (24:38) [08:42:23:694]: Cloaking enabled.
MSI (c) (24:38) [08:42:23:694]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (24:38) [08:42:23:694]: End dialog not enabled
MSI (c) (24:38) [08:42:23:694]: Original package ==> C:\WINDOWS\Installer\23f010.msi
MSI (c) (24:38) [08:42:23:694]: Package we're running from ==> C:\WINDOWS\Installer\23f010.msi
MSI (c) (24:38) [08:42:23:694]: APPCOMPAT: Uninstall Flags override found.
MSI (c) (24:38) [08:42:23:694]: APPCOMPAT: Uninstall VersionNT override found.
MSI (c) (24:38) [08:42:23:694]: APPCOMPAT: Uninstall ServicePackLevel override found.
MSI (c) (24:38) [08:42:23:709]: APPCOMPAT: looking for appcompat database entry with ProductCode '{2B587448-4CE3-4196-A237-A425E557F052}'.
MSI (c) (24:38) [08:42:23:709]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (24:38) [08:42:23:725]: MSCOREE not loaded loading copy from system32
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'DisablePatch' is 0
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'AllowLockdownPatch' is 0
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'DisableMsi' is 0
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (24:38) [08:42:23:741]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (24:38) [08:42:23:741]: Product {2B587448-4CE3-4196-A237-A425E557F052} is admin assigned: LocalSystem owns the publish key.
MSI (c) (24:38) [08:42:23:741]: Product {2B587448-4CE3-4196-A237-A425E557F052} is managed.
MSI (c) (24:38) [08:42:23:741]: Running product '{2B587448-4CE3-4196-A237-A425E557F052}' with elevated privileges: Product is assigned.
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'DisableLUAPatching' is 0
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (c) (24:38) [08:42:23:741]: APPCOMPAT: looking for appcompat database entry with ProductCode '{2B587448-4CE3-4196-A237-A425E557F052}'.
MSI (c) (24:38) [08:42:23:741]: APPCOMPAT: no matching ProductCode found in database.
MSI (c) (24:38) [08:42:23:741]: Transforms are not secure.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\AIRWOR~2\AppData\Local\Temp\MSI6857e.LOG'.
MSI (c) (24:38) [08:42:23:741]: Command Line: CURRENTDIRECTORY=C:\Windows\ImmersiveControlPanel CLIENTUILEVEL=0 CLIENTPROCESSID=10020
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{FF9CE2A0-D4CC-41D0-835E-4A385ADC1AD6}'.
MSI (c) (24:38) [08:42:23:741]: Product Code passed to Engine.Initialize: '{2B587448-4CE3-4196-A237-A425E557F052}'
MSI (c) (24:38) [08:42:23:741]: Product Code from property table before transforms: '{2B587448-4CE3-4196-A237-A425E557F052}'
MSI (c) (24:38) [08:42:23:741]: Product Code from property table after transforms: '{2B587448-4CE3-4196-A237-A425E557F052}'
MSI (c) (24:38) [08:42:23:741]: Product registered: entering maintenance mode
MSI (c) (24:38) [08:42:23:741]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (c) (24:38) [08:42:23:741]: Package name retrieved from configuration data: 'ess_nt64_ENU.msi'
MSI (c) (24:38) [08:42:23:741]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (c) (24:38) [08:42:23:741]: User policy value 'AlwaysInstallElevated' is 0
MSI (c) (24:38) [08:42:23:741]: Product {2B587448-4CE3-4196-A237-A425E557F052} is admin assigned: LocalSystem owns the publish key.
MSI (c) (24:38) [08:42:23:741]: Product {2B587448-4CE3-4196-A237-A425E557F052} is managed.
MSI (c) (24:38) [08:42:23:741]: Running product '{2B587448-4CE3-4196-A237-A425E557F052}' with elevated privileges: Product is assigned.
MSI (c) (24:38) [08:42:23:741]: Machine policy value 'EnableUserControl' is 0
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding RestrictedUserControl property. Its value is '1'.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Windows\ImmersiveControlPanel'.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '10020'.
MSI (c) (24:38) [08:42:23:741]: TRANSFORMS property is now:
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'.
MSI (c) (24:38) [08:42:23:741]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\Favorites
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\Documents
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Recent
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\SendTo
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Templates
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Local
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\Pictures
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\Users\AIRWORX 2\Desktop
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (c) (24:38) [08:42:23:741]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (c) (24:38) [08:42:23:741]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (c) (24:38) [08:42:23:756]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (c) (24:38) [08:42:23:756]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (c) (24:38) [08:42:23:756]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Hewlett-Packard Company'.
MSI (c) (24:38) [08:42:23:756]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Hewlett-Packard Company'.
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding Installed property. Its value is '00:00:00'.
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\WINDOWS\Installer\23f010.msi'.
MSI (c) (24:38) [08:42:23:756]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\WINDOWS\Installer\23f010.msi'.
MSI (c) (24:38) [08:42:23:756]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (c) (24:38) [08:42:23:756]: EEUI - Running MsiEmbeddedUI code
MSI (c) (24:A8) [08:42:23:788]: Cloaking enabled.
MSI (c) (24:A8) [08:42:23:788]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (24:A8) [08:42:23:788]: Connected to service for CA interface.
MSI (c) (24:38) [08:42:23:866]: PROPERTY CHANGE: Adding MSICLIENTUSESEMBEDDEDUI property. Its value is '1'.
MSI (c) (24:68) [08:42:23:897]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.
=== Logging started: 8/7/2017 8:42:23 ===
MSI (c) (24:38) [08:42:23:897]: Note: 1: 2205 2: 3: PatchPackage
MSI (c) (24:38) [08:42:23:897]: Machine policy value 'DisableRollback' is 0
MSI (c) (24:38) [08:42:23:897]: User policy value 'DisableRollback' is 0
MSI (c) (24:38) [08:42:23:897]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.
MSI (c) (24:38) [08:42:23:913]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (c) (24:38) [08:42:23:913]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.
MSI (c) (24:38) [08:42:23:913]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (c) (24:38) [08:42:23:913]: Doing action: INSTALL
Action 8:42:23: INSTALL.
Action start 8:42:23: INSTALL.
MSI (c) (24:38) [08:42:23:913]: UI Sequence table 'InstallUISequence' is present and populated.
MSI (c) (24:38) [08:42:23:913]: Running UISequence
MSI (c) (24:38) [08:42:23:913]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.
MSI (c) (24:38) [08:42:23:913]: Skipping action: LaunchConditions (condition is false)
MSI (c) (24:38) [08:42:23:913]: Doing action: FindRelatedProducts
Action 8:42:23: FindRelatedProducts. Searching for related applications
Action start 8:42:23: FindRelatedProducts.
MSI (c) (24:38) [08:42:23:913]: Skipping FindRelatedProducts action: not run in maintenance mode
Action ended 8:42:23: FindRelatedProducts. Return value 0.
MSI (c) (24:38) [08:42:23:913]: Doing action: InstSuppMigrateDirectoryPaths
Action 8:42:23: InstSuppMigrateDirectoryPaths. Migrating folder paths
Action start 8:42:23: InstSuppMigrateDirectoryPaths.
MSI (c) (24:C0) [08:42:23:944]: Invoking remote custom action. DLL: C:\Users\AIRWOR~2\AppData\Local\Temp\MSI86A6.tmp, Entrypoint: MigrateDirectoryPaths
MSI (c) (24:A8) [08:42:23:944]: Cloaking enabled.
MSI (c) (24:A8) [08:42:23:944]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (24:A8) [08:42:23:944]: Connected to service for CA interface.
ESET: Entering CA InstSupp!MigrateDirectoryPaths (limited: yes)
MSI (c) (24!A0) [08:42:24:006]: PROPERTY CHANGE: Adding APPDIR property. Its value is 'C:\Program Files\ESET\ESET Security\'.
MSI (c) (24!A0) [08:42:24:006]: PROPERTY CHANGE: Adding MODULEDIR property. Its value is 'C:\Program Files\ESET\ESET Smart Security\'.
MSI (c) (24!A0) [08:42:24:006]: PROPERTY CHANGE: Adding APPDATADIR property. Its value is 'C:\ProgramData\ESET\ESET Security\'.
ESET: Returing from CA InstSupp!MigrateDirectoryPaths with status 0 (duration: 0.0)
Action ended 8:42:24: InstSuppMigrateDirectoryPaths. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Skipping action: SetAPPDATADIR (condition is false)
MSI (c) (24:38) [08:42:24:022]: Doing action: SetAPPDATADIR_ORIG
Action 8:42:24: SetAPPDATADIR_ORIG.
Action start 8:42:24: SetAPPDATADIR_ORIG.
MSI (c) (24:38) [08:42:24:022]: PROPERTY CHANGE: Adding APPDATADIR_ORIG property. Its value is 'C:\ProgramData\ESET\ESET Security\'.
Action ended 8:42:24: SetAPPDATADIR_ORIG. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Skipping action: SetAPPDIR (condition is false)
MSI (c) (24:38) [08:42:24:022]: Doing action: SetAPPDIR_ORIG
Action 8:42:24: SetAPPDIR_ORIG.
Action start 8:42:24: SetAPPDIR_ORIG.
MSI (c) (24:38) [08:42:24:022]: PROPERTY CHANGE: Adding APPDIR_ORIG property. Its value is 'C:\Program Files\ESET\ESET Security\'.
Action ended 8:42:24: SetAPPDIR_ORIG. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Doing action: SetARPINSTALLLOCATION
Action 8:42:24: SetARPINSTALLLOCATION.
Action start 8:42:24: SetARPINSTALLLOCATION.
MSI (c) (24:38) [08:42:24:022]: PROPERTY CHANGE: Adding ARPINSTALLLOCATION property. Its value is 'C:\Program Files\ESET\ESET Security\'.
Action ended 8:42:24: SetARPINSTALLLOCATION. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Doing action: SetDESKTOPDIR
Action 8:42:24: SetDESKTOPDIR.
Action start 8:42:24: SetDESKTOPDIR.
MSI (c) (24:38) [08:42:24:022]: PROPERTY CHANGE: Adding DESKTOPDIR property. Its value is 'C:\Users\Public\Desktop\'.
Action ended 8:42:24: SetDESKTOPDIR. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Doing action: SetMODULEDIR_ORIG
Action 8:42:24: SetMODULEDIR_ORIG.
Action start 8:42:24: SetMODULEDIR_ORIG.
MSI (c) (24:38) [08:42:24:022]: PROPERTY CHANGE: Adding MODULEDIR_ORIG property. Its value is 'C:\Program Files\ESET\ESET Smart Security\'.
Action ended 8:42:24: SetMODULEDIR_ORIG. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Skipping action: SetMODULEDIR (condition is false)
MSI (c) (24:38) [08:42:24:022]: Doing action: SetSHORTCUTDIR
Action 8:42:24: SetSHORTCUTDIR.
Action start 8:42:24: SetSHORTCUTDIR.
MSI (c) (24:38) [08:42:24:022]: PROPERTY CHANGE: Adding SHORTCUTDIR property. Its value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security'.
Action ended 8:42:24: SetSHORTCUTDIR. Return value 1.
MSI (c) (24:38) [08:42:24:022]: Doing action: AppSearch
Action 8:42:24: AppSearch. Searching for installed applications
Action start 8:42:24: AppSearch.
MSI (c) (24:38) [08:42:24:022]: Note: 1: 2205 2: 3: AppSearch
MSI (c) (24:38) [08:42:24:022]: Note: 1: 2228 2: 3: AppSearch 4: SELECT `Property`, `Signature_` FROM `AppSearch`
Action ended 8:42:24: AppSearch. Return value 0.
MSI (c) (24:38) [08:42:24:022]: Doing action: InstSuppCheckReinstallCompatibility
Action 8:42:24: InstSuppCheckReinstallCompatibility. Checking product compatibility
Action start 8:42:24: InstSuppCheckReinstallCompatibility.
MSI (c) (24:48) [08:42:24:022]: Invoking remote custom action. DLL: C:\Users\AIRWOR~2\AppData\Local\Temp\MSI8715.tmp, Entrypoint: CheckReinstallCompatibility
ESET: Entering CA InstSupp!CheckReinstallCompatibility (limited: yes)
ESET: Returing from CA InstSupp!CheckReinstallCompatibility with status 0 (duration: 0.0)
Action ended 8:42:24: InstSuppCheckReinstallCompatibility. Return value 1.
MSI (c) (24:38) [08:42:24:038]: Skipping action: SetInstTypeInstall (condition is false)
MSI (c) (24:38) [08:42:24:038]: Doing action: SetInstTypeMaint
Action 8:42:24: SetInstTypeMaint.
Action start 8:42:24: SetInstTypeMaint.
MSI (c) (24:38) [08:42:24:038]: PROPERTY CHANGE: Adding InstTypeMaint property. Its value is '1'.
Action ended 8:42:24: SetInstTypeMaint. Return value 1.
MSI (c) (24:38) [08:42:24:038]: Skipping action: Win64ErrorMessage (condition is false)
MSI (c) (24:38) [08:42:24:038]: Doing action: PrepareDlg
Action 8:42:24: PrepareDlg.
Action start 8:42:24: PrepareDlg.
Info 2898.For DlgStdFont textstyle, the system created a 'Tahoma' font, in 0 character set, of 13 pixels height.
Info 2898.For UiFont_Bigger textstyle, the system created a 'Verdana' font, in 0 character set, of 20 pixels height.
DEBUG: Error 2826: Control BottomLine on dialog PrepareDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: PrepareDlg, BottomLine, to the right
Action 8:42:24: PrepareDlg. Dialog created
Action ended 8:42:24: PrepareDlg. Return value 1.
MSI (c) (24:38) [08:42:24:100]: Skipping action: AdminRightsError (condition is false)
MSI (c) (24:38) [08:42:24:100]: Skipping action: DowngradeError (condition is false)
MSI (c) (24:38) [08:42:24:100]: Skipping action: CCPSearch (condition is false)
MSI (c) (24:38) [08:42:24:100]: Skipping action: RMCCPSearch (condition is false)
MSI (c) (24:38) [08:42:24:100]: Doing action: ValidateProductID
Action 8:42:24: ValidateProductID.
Action start 8:42:24: ValidateProductID.
Action ended 8:42:24: ValidateProductID. Return value 1.
MSI (c) (24:38) [08:42:24:100]: Skipping action: InstSuppLoadInstallIni (condition is false)
MSI (c) (24:38) [08:42:24:100]: Doing action: CostInitialize
Action 8:42:24: CostInitialize. Computing space requirements
Action start 8:42:24: CostInitialize.
MSI (c) (24:38) [08:42:24:100]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'C:\'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
Action ended 8:42:24: CostInitialize. Return value 1.
MSI (c) (24:38) [08:42:24:131]: Doing action: FileCost
Action 8:42:24: FileCost. Computing space requirements
Action start 8:42:24: FileCost.
MSI (c) (24:38) [08:42:24:131]: Note: 1: 2205 2: 3: MsiAssembly
MSI (c) (24:38) [08:42:24:131]: Note: 1: 2205 2: 3: Class
MSI (c) (24:38) [08:42:24:131]: Note: 1: 2205 2: 3: Extension
MSI (c) (24:38) [08:42:24:131]: Note: 1: 2205 2: 3: TypeLib
Action ended 8:42:24: FileCost. Return value 1.
MSI (c) (24:38) [08:42:24:131]: Doing action: CostFinalize
Action 8:42:24: CostFinalize. Computing space requirements
Action start 8:42:24: CostFinalize.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (c) (24:38) [08:42:24:131]: Note: 1: 2205 2: 3: MsiAssembly
MSI (c) (24:38) [08:42:24:131]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Modifying APPDIR property. Its current value is 'C:\Program Files\ESET\ESET Security\'. Its new value: 'C:\Program Files\ESET\ESET Security'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Modifying APPDATADIR property. Its current value is 'C:\ProgramData\ESET\ESET Security\'. Its new value: 'C:\ProgramData\ESET\ESET Security'.
MSI (c) (24:38) [08:42:24:131]: PROPERTY CHANGE: Adding x86Dir property. Its value is 'C:\Program Files\ESET\ESET Security\x86'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Modifying MODULEDIR property. Its current value is 'C:\Program Files\ESET\ESET Smart Security\'. Its new value: 'C:\Program Files\ESET\ESET Smart Security'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding HelpDir property. Its value is 'C:\Program Files\ESET\ESET Security\Help'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding LogsDir property. Its value is 'C:\ProgramData\ESET\ESET Security\Logs'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding EamonMiniFilterDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\eamonm'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding DevmonDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\edevmon'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding EelamDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\eelam'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding EhdrvDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\ehdrv'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding EkbdfltDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\ekbdflt'.
MSI (c) (24:38) [08:42:24:147]: PROPERTY CHANGE: Adding UpdfilesDIR property. Its value is 'C:\ProgramData\ESET\ESET Security\Updfiles'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfw'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwwfpDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwwfp'.
MSI (c) (24:38) [08:42:24:163]: Note: 1: 2205 2: 3: Patch
MSI (c) (24:38) [08:42:24:163]: Note: 1: 2205 2: 3: Condition
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'C:\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying SHORTCUTDIR property. Its current value is 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security'. Its new value: 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying APPDATADIR property. Its current value is 'C:\ProgramData\ESET\ESET Security'. Its new value: 'C:\ProgramData\ESET\ESET Security\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding InstallerDIR property. Its value is 'C:\ProgramData\ESET\ESET Security\Installer\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying UpdfilesDIR property. Its current value is 'C:\ProgramData\ESET\ESET Security\Updfiles'. Its new value: 'C:\ProgramData\ESET\ESET Security\Updfiles\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding SupportRequestsDir property. Its value is 'C:\ProgramData\ESET\ESET Security\SupportRequests\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding StatsDir property. Its value is 'C:\ProgramData\ESET\ESET Security\Stats\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding OldfilesDir property. Its value is 'C:\ProgramData\ESET\ESET Security\Oldfiles\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying LogsDir property. Its current value is 'C:\ProgramData\ESET\ESET Security\Logs'. Its new value: 'C:\ProgramData\ESET\ESET Security\Logs\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding eScanDir property. Its value is 'C:\ProgramData\ESET\ESET Security\Logs\eScan\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding LicenseDir property. Its value is 'C:\ProgramData\ESET\ESET Security\License\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding CharonDir property. Its value is 'C:\ProgramData\ESET\ESET Security\Charon\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying MODULEDIR property. Its current value is 'C:\Program Files\ESET\ESET Smart Security'. Its new value: 'C:\Program Files\ESET\ESET Smart Security\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying APPDIR property. Its current value is 'C:\Program Files\ESET\ESET Security'. Its new value: 'C:\Program Files\ESET\ESET Security\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying HelpDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Help'. Its new value: 'C:\Program Files\ESET\ESET Security\Help\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding DriversDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding Epfwtdr4DIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwtdr4\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwndhkDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwndhk\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EamonNTDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\eamon4\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EamonDir property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\eamon\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwwfprDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwwfpr\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying EpfwwfpDIR property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwwfp'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\epfwwfp\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwtdirDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwtdir\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwtdiDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwtdi\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwndisDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwndis\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding EpfwlwfDIR property. Its value is 'C:\Program Files\ESET\ESET Security\Drivers\epfwlwf\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying EpfwDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\epfw'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\epfw\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying EkbdfltDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\ekbdflt'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\ekbdflt\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying EhdrvDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\ehdrv'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\ehdrv\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying EelamDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\eelam'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\eelam\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying DevmonDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\edevmon'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\edevmon\'.
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying EamonMiniFilterDir property. Its current value is 'C:\Program Files\ESET\ESET Security\Drivers\eamonm'. Its new value: 'C:\Program Files\ESET\ESET Security\Drivers\eamonm\'.
MSI
 
(c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Modifying x86Dir property. Its current value is 'C:\Program Files\ESET\ESET Security\x86'. Its new value: 'C:\Program Files\ESET\ESET Security\x86\'.
MSI (c) (24:38) [08:42:24:163]: Target path resolution complete. Dumping Directory table...
MSI (c) (24:38) [08:42:24:163]: Note: target paths subject to change (via custom actions or browsing)
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: TARGETDIR , Object: C:\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: WindowsFolder , Object: C:\WINDOWS\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: ACTIVATION_LICENSE , Object: NULL
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: COBRANDING , Object: NULL
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: DESKTOPDIR , Object: C:\Users\Public\Desktop\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: SHORTCUTDIR , Object: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: APPDATADIR , Object: C:\ProgramData\ESET\ESET Security\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: InstallerDIR , Object: C:\ProgramData\ESET\ESET Security\Installer\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: UpdfilesDIR , Object: C:\ProgramData\ESET\ESET Security\Updfiles\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: SupportRequestsDir , Object: C:\ProgramData\ESET\ESET Security\SupportRequests\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: StatsDir , Object: C:\ProgramData\ESET\ESET Security\Stats\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: OldfilesDir , Object: C:\ProgramData\ESET\ESET Security\Oldfiles\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: LogsDir , Object: C:\ProgramData\ESET\ESET Security\Logs\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: eScanDir , Object: C:\ProgramData\ESET\ESET Security\Logs\eScan\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: LicenseDir , Object: C:\ProgramData\ESET\ESET Security\License\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: CharonDir , Object: C:\ProgramData\ESET\ESET Security\Charon\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: ProgramFiles64Folder , Object: C:\Program Files\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: MODULEDIR , Object: C:\Program Files\ESET\ESET Smart Security\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: APPDIR , Object: C:\Program Files\ESET\ESET Security\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: HelpDir , Object: C:\Program Files\ESET\ESET Security\Help\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: DriversDir , Object: C:\Program Files\ESET\ESET Security\Drivers\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: Epfwtdr4DIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwtdr4\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwndhkDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwndhk\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EamonNTDir , Object: C:\Program Files\ESET\ESET Security\Drivers\eamon4\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EamonDir , Object: C:\Program Files\ESET\ESET Security\Drivers\eamon\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwwfprDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwwfpr\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwwfpDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwwfp\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwtdirDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwtdir\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwtdiDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwtdi\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwndisDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwndis\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwlwfDIR , Object: C:\Program Files\ESET\ESET Security\Drivers\epfwlwf\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EpfwDir , Object: C:\Program Files\ESET\ESET Security\Drivers\epfw\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EkbdfltDir , Object: C:\Program Files\ESET\ESET Security\Drivers\ekbdflt\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EhdrvDir , Object: C:\Program Files\ESET\ESET Security\Drivers\ehdrv\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EelamDir , Object: C:\Program Files\ESET\ESET Security\Drivers\eelam\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: DevmonDir , Object: C:\Program Files\ESET\ESET Security\Drivers\edevmon\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: EamonMiniFilterDir , Object: C:\Program Files\ESET\ESET Security\Drivers\eamonm\
MSI (c) (24:38) [08:42:24:163]: Dir (target): Key: x86Dir , Object: C:\Program Files\ESET\ESET Security\x86\
MSI (c) (24:38) [08:42:24:163]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.
Action ended 8:42:24: CostFinalize. Return value 1.
MSI (c) (24:38) [08:42:24:163]: Doing action: MigrateFeatureStates
Action 8:42:24: MigrateFeatureStates. Migrating feature states from related applications
Action start 8:42:24: MigrateFeatureStates.
MSI (c) (24:38) [08:42:24:163]: Skipping MigrateFeatureStates action: not run in maintenance mode
Action ended 8:42:24: MigrateFeatureStates. Return value 0.
MSI (c) (24:38) [08:42:24:163]: Skipping action: InstSuppPrepareInstall (condition is false)
MSI (c) (24:38) [08:42:24:163]: Skipping action: WelcomeDlg (condition is false)
MSI (c) (24:38) [08:42:24:163]: Doing action: MaintenanceWelcomeDlg
Action 8:42:24: MaintenanceWelcomeDlg.
Action start 8:42:24: MaintenanceWelcomeDlg.
DEBUG: Error 2826: Control BottomLine on dialog MaintenanceWelcomeDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: MaintenanceWelcomeDlg, BottomLine, to the right
Action 8:42:24: MaintenanceWelcomeDlg. Dialog created
MSI (c) (24:1C) [08:42:24:194]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: BindImage
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: ProgId
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: PublishComponent
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: SelfReg
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: Extension
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: Font
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: Class
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2205 2: 3: TypeLib
MSI (c) (24:1C) [08:42:24:194]: Note: 1: 2727 2:
MSI (c) (24:68) [08:42:25:788]: Doing action: InstSuppVerifyPassword
Action 8:42:25: InstSuppVerifyPassword.
Action start 8:42:25: InstSuppVerifyPassword.
MSI (c) (24:B8) [08:42:25:803]: Invoking remote custom action. DLL: C:\Users\AIRWOR~2\AppData\Local\Temp\MSI8DFB.tmp, Entrypoint: VerifyPassword
MSI (c) (24!7C) [08:42:25:803]: PROPERTY CHANGE: Adding PASSWORD_OK property. Its value is '1'.
Action ended 8:42:25: InstSuppVerifyPassword. Return value 1.
Info 2898.For UiFont_Title textstyle, the system created a 'Tahoma' font, in 0 character set, of 13 pixels height.
DEBUG: Error 2826: Control BannerLine on dialog MaintenanceTypeDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: MaintenanceTypeDlg, BannerLine, to the right
DEBUG: Error 2826: Control BottomLine on dialog MaintenanceTypeDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: MaintenanceTypeDlg, BottomLine, to the right
Action 8:42:25: MaintenanceTypeDlg. Dialog created
MSI (c) (24:68) [08:42:27:335]: PROPERTY CHANGE: Adding InstallMode property. Its value is 'Repair'.
DEBUG: Error 2826: Control BannerLine on dialog VerifyRepairDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: VerifyRepairDlg, BannerLine, to the right
DEBUG: Error 2826: Control BottomLine on dialog VerifyRepairDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: VerifyRepairDlg, BottomLine, to the right
Action 8:42:27: VerifyRepairDlg. Dialog created
MSI (c) (24:68) [08:42:27:835]: Note: 1: 2727 2:
MSI (c) (24:68) [08:42:28:335]: Note: 1: 2727 2:
MSI (c) (24:68) [08:42:28:835]: Note: 1: 2727 2:
MSI (c) (24:68) [08:42:29:335]: Note: 1: 2727 2:
MSI (c) (24:68) [08:42:31:382]: Note: 1: 2727 2:
Action ended 8:42:31: MaintenanceWelcomeDlg. Return value 1.
MSI (c) (24:38) [08:42:31:397]: Doing action: ProgressDlg
Action 8:42:31: ProgressDlg.
Action start 8:42:31: ProgressDlg.
DEBUG: Error 2826: Control BannerLine on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ProgressDlg, BannerLine, to the right
DEBUG: Error 2826: Control BottomLine on dialog ProgressDlg extends beyond the boundaries of the dialog to the right by 3 pixels
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2826. The arguments are: ProgressDlg, BottomLine, to the right
Action 8:42:31: ProgressDlg. Dialog created
Action ended 8:42:31: ProgressDlg. Return value 1.
MSI (c) (24:38) [08:42:31:444]: Doing action: ExecuteAction
Action 8:42:31: ExecuteAction.
Action start 8:42:31: ExecuteAction.
MSI (c) (24:38) [08:42:31:444]: PROPERTY CHANGE: Adding SECONDSEQUENCE property. Its value is '1'.
MSI (c) (24:38) [08:42:31:444]: Grabbed execution mutex.
MSI (c) (24:38) [08:42:31:444]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (c) (24:38) [08:42:31:444]: Switching to server: APPDIR="C:\Program Files\ESET\ESET Security\" APPDATADIR="C:\ProgramData\ESET\ESET Security\" MODULEDIR="C:\Program Files\ESET\ESET Smart Security\" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\" PASSWORD_OK="1" APPDATADIR_ORIG="C:\ProgramData\ESET\ESET Security\" APPDIR_ORIG="C:\Program Files\ESET\ESET Security\" ARPINSTALLLOCATION="C:\Program Files\ESET\ESET Security\" DESKTOPDIR="C:\Users\Public\Desktop\" MODULEDIR_ORIG="C:\Program Files\ESET\ESET Smart Security\" TARGETDIR="C:\" CURRENTDIRECTORY="C:\Windows\ImmersiveControlPanel" CLIENTUILEVEL="0" CLIENTPROCESSID="10020" PRODUCTLANGUAGE="1033" USERNAME="Hewlett-Packard Company" COMPANYNAME="Hewlett-Packard Company" MSICLIENTUSESEMBEDDEDUI="1" ACTION="INSTALL" EXECUTEACTION="INSTALL" ROOTDRIVE="C:\" INSTALLLEVEL="1" SECONDSEQUENCE="1" REINSTALL=ShellExt,Antispam,_Features,Antitheft,Demeter,DeviceControl,DocumentProtection,EmailClientProtection,Firewall,GraphicUserInterface,HIPS,MailPlugins,OnlinePaymentProtection,Parental,ProtocolFilteri
MSI (c) (24:68) [08:42:31:460]: Cloaking enabled.
MSI (c) (24:68) [08:42:31:460]: Attempting to enable all disabled privileges before calling Install on Server
MSI (s) (04:98) [08:42:31:444]: Running installation inside multi-package transaction C:\WINDOWS\Installer\23f010.msi
MSI (s) (04:98) [08:42:31:444]: Grabbed execution mutex.
MSI (s) (04:50) [08:42:31:460]: Running as a service.
MSI (s) (04:70) [08:42:31:460]: Resetting cached policy values
MSI (s) (04:70) [08:42:31:460]: Machine policy value 'Debug' is 0
MSI (s) (04:70) [08:42:31:460]: ******* RunEngine:
******* Product: C:\WINDOWS\Installer\23f010.msi
******* Action: INSTALL
******* CommandLine: **********
MSI (s) (04:70) [08:42:31:475]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (04:70) [08:42:31:491]: Note: 1: 2203 2: C:\WINDOWS\Installer\inprogressinstallinfo.ipi 3: -2147287038
MSI (s) (04:70) [08:42:31:491]: Machine policy value 'LimitSystemRestoreCheckpointing' is 0
MSI (s) (04:70) [08:42:31:491]: SRSetRestorePoint skipped for this transaction.
MSI (s) (04:70) [08:42:31:491]: MSCOREE not loaded loading copy from system32
MSI (s) (04:70) [08:42:31:491]: End dialog not enabled
MSI (s) (04:70) [08:42:31:491]: Original package ==> C:\WINDOWS\Installer\23f010.msi
MSI (s) (04:70) [08:42:31:491]: Package we're running from ==> C:\WINDOWS\Installer\23f010.msi
MSI (s) (04:70) [08:42:31:491]: APPCOMPAT: Uninstall Flags override found.
MSI (s) (04:70) [08:42:31:491]: APPCOMPAT: Uninstall VersionNT override found.
MSI (s) (04:70) [08:42:31:491]: APPCOMPAT: Uninstall ServicePackLevel override found.
MSI (s) (04:70) [08:42:31:491]: APPCOMPAT: looking for appcompat database entry with ProductCode '{2B587448-4CE3-4196-A237-A425E557F052}'.
MSI (s) (04:70) [08:42:31:491]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'DisablePatch' is 0
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'DisableMsi' is 0
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (04:70) [08:42:31:507]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (04:70) [08:42:31:507]: Product {2B587448-4CE3-4196-A237-A425E557F052} is admin assigned: LocalSystem owns the publish key.
MSI (s) (04:70) [08:42:31:507]: Product {2B587448-4CE3-4196-A237-A425E557F052} is managed.
MSI (s) (04:70) [08:42:31:507]: Running product '{2B587448-4CE3-4196-A237-A425E557F052}' with elevated privileges: Product is assigned.
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (04:70) [08:42:31:507]: APPCOMPAT: looking for appcompat database entry with ProductCode '{2B587448-4CE3-4196-A237-A425E557F052}'.
MSI (s) (04:70) [08:42:31:507]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (04:70) [08:42:31:507]: Transforms are not secure.
MSI (s) (04:70) [08:42:31:507]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\AIRWOR~2\AppData\Local\Temp\MSI6857e.LOG'.
MSI (s) (04:70) [08:42:31:507]: Command Line: APPDIR=C:\Program Files\ESET\ESET Security\ APPDATADIR=C:\ProgramData\ESET\ESET Security\ MODULEDIR=C:\Program Files\ESET\ESET Smart Security\ SHORTCUTDIR=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ PASSWORD_OK=1 APPDATADIR_ORIG=C:\ProgramData\ESET\ESET Security\ APPDIR_ORIG=C:\Program Files\ESET\ESET Security\ ARPINSTALLLOCATION=C:\Program Files\ESET\ESET Security\ DESKTOPDIR=C:\Users\Public\Desktop\ MODULEDIR_ORIG=C:\Program Files\ESET\ESET Smart Security\ TARGETDIR=C:\ CURRENTDIRECTORY=C:\Windows\ImmersiveControlPanel CLIENTUILEVEL=0 CLIENTPROCESSID=10020 PRODUCTLANGUAGE=1033 USERNAME=Hewlett-Packard Company COMPANYNAME=Hewlett-Packard Company MSICLIENTUSESEMBEDDEDUI=1 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE=C:\ INSTALLLEVEL=1 SECONDSEQUENCE=1 REINSTALL=ShellExt,Antispam,_Features,Antitheft,Demeter,DeviceControl,DocumentProtection,EmailClientProtection,Firewall,GraphicUserInterface,HIPS,MailPlugins,OnlinePaymentProtection,Parental,ProtocolFiltering,RealtimeProtection,Scan,ScriptProtection,SysInspect
MSI (s) (04:70) [08:42:31:507]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{FF9CE2A0-D4CC-41D0-835E-4A385ADC1AD6}'.
MSI (s) (04:70) [08:42:31:507]: Product Code passed to Engine.Initialize: '{2B587448-4CE3-4196-A237-A425E557F052}'
MSI (s) (04:70) [08:42:31:507]: Product Code from property table before transforms: '{2B587448-4CE3-4196-A237-A425E557F052}'
MSI (s) (04:70) [08:42:31:507]: Product Code from property table after transforms: '{2B587448-4CE3-4196-A237-A425E557F052}'
MSI (s) (04:70) [08:42:31:507]: Product registered: entering maintenance mode
MSI (s) (04:70) [08:42:31:507]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (s) (04:70) [08:42:31:507]: Product {2B587448-4CE3-4196-A237-A425E557F052} is admin assigned: LocalSystem owns the publish key.
MSI (s) (04:70) [08:42:31:507]: Product {2B587448-4CE3-4196-A237-A425E557F052} is managed.
MSI (s) (04:70) [08:42:31:507]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (04:70) [08:42:31:507]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (04:70) [08:42:31:522]: MSI_LUA: Credential prompt is not required at this point, product is managed
MSI (s) (04:70) [08:42:31:522]: Note: 1: 2205 2: 3: MsiPackageCertificate
MSI (s) (04:70) [08:42:31:522]: Note: 1: 2205 2: 3: MsiDigitalCertificate
MSI (s) (04:70) [08:42:31:522]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
MSI (s) (04:70) [08:42:31:522]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (04:70) [08:42:31:522]: Package name retrieved from configuration data: 'ess_nt64_ENU.msi'
MSI (s) (04:70) [08:42:31:522]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (04:70) [08:42:31:522]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (04:70) [08:42:31:522]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (04:70) [08:42:31:522]: Product {2B587448-4CE3-4196-A237-A425E557F052} is admin assigned: LocalSystem owns the publish key.
MSI (s) (04:70) [08:42:31:522]: Product {2B587448-4CE3-4196-A237-A425E557F052} is managed.
MSI (s) (04:70) [08:42:31:522]: Running product '{2B587448-4CE3-4196-A237-A425E557F052}' with elevated privileges: Product is assigned.
 
I still don't see anything malicious there. Just some garbage.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.5 KB · Views: 2
I read something about running this in Debug mode, so I did, and thought I'd post the findings, and cleanup report. Running the fixlist now. THX by the way!! :eek:) Oh, quick update, I've lost access to pretty much any admin tools, officially. I cannot even get to the device manager, or several others. Fix then that report first though. :eek:) THX

# AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 26 19:24:39 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Yahoo\SS


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C01].txt - [1761 B] - [2017/8/14 9:20:24]
C:/AdwCleaner/AdwCleaner[C0].txt - [1761 B] - [2017/8/11 18:46:54]
C:/AdwCleaner/AdwCleaner[C2].txt - [1334 B] - [2017/8/14 9:21:36]
C:/AdwCleaner/AdwCleaner[S0].txt - [1676 B] - [2017/8/11 17:27:10]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2017/8/12 3:7:34]
C:/AdwCleaner/AdwCleaner[S2].txt - [1282 B] - [2017/8/18 4:11:38]
C:/AdwCleaner/AdwCleaner[S3].txt - [1371 B] - [2017/8/26 19:23:19]


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########
 
Running the farbar scan again, after this fix was conducted, I'll post those next.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by AIRWORX 2 (26-08-2017 13:15:42) Run:3
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & airwo & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\MountPoints2: {2d9e978b-43d2-11e6-bec8-78e3b588cafb} - "G:\VerizonSWUpgradeAssistantLauncher.exe"
2015-04-01 09:26 - 2005-12-08 19:51 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2017-04-14 06:58 - 2017-04-14 06:58 - 000000000 _____ () C:\Users\AIRWORX 2\AppData\Roaming\IVOPEN.$$$
2014-12-17 10:09 - 2014-12-17 10:10 - 000012962 _____ () C:\Users\AIRWORX 2\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-03-26 13:47 - 2017-07-28 12:54 - 000007609 _____ () C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2015-12-09 12:34 - 2015-12-09 12:34 - 000000145 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-03-24 15:02 - 2014-10-23 13:06 - 000000226 _____ () C:\ProgramData\RSUserCfg.ini
C:\Users\AIRWORX 2\ASAP_Utilities_5-2-1_HS_Setup.exe
C:\Users\AIRWORX 2\WDMyCloud_win.exe
2017-08-01 04:48 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\dllnt_dump.dll
2017-08-07 13:39 - 2017-08-07 13:49 - 001503232 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\libmysqlinstanceconf.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000455328 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcp120.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000970912 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcr120.dll
2016-07-30 17:08 - 2016-07-30 17:08 - 003112960 _____ (Jason York) C:\Users\AIRWORX 2\AppData\Local\Temp\pc-decrapifier.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000510752 _____ (Acronis) C:\Users\AIRWORX 2\AppData\Local\Temp\setupapp_amd64.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000540432 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\setupnt64.dll
2017-07-26 04:50 - 2006-05-24 10:10 - 000455600 _____ (Macrovision Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\_isC014.exe
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll => No File

*****************

HKU\S-1-5-21-2671885098-678752524-1400920573-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d9e978b-43d2-11e6-bec8-78e3b588cafb} => key removed successfully
HKLM\Software\Classes\CLSID\{2d9e978b-43d2-11e6-bec8-78e3b588cafb} => key not found.
"C:\Program Files (x86)\BRINST.INI" => not found.
"C:\Users\AIRWORX 2\AppData\Roaming\IVOPEN.$$$" => not found.
"C:\Users\AIRWORX 2\AppData\Roaming\Microsoft Excel 97-2003.CAL" => not found.
C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg => moved successfully
"C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc" => not found.
"C:\ProgramData\RSUserCfg.ini" => not found.
"C:\Users\AIRWORX 2\ASAP_Utilities_5-2-1_HS_Setup.exe" => not found.
"C:\Users\AIRWORX 2\WDMyCloud_win.exe" => not found.
"C:\Users\AIRWORX 2\AppData\Local\Temp\dllnt_dump.dll" => not found.
C:\Users\AIRWORX 2\AppData\Local\Temp\libmysqlinstanceconf.dll => moved successfully
"C:\Users\AIRWORX 2\AppData\Local\Temp\msvcp120.dll" => not found.
"C:\Users\AIRWORX 2\AppData\Local\Temp\msvcr120.dll" => not found.
"C:\Users\AIRWORX 2\AppData\Local\Temp\pc-decrapifier.exe" => not found.
"C:\Users\AIRWORX 2\AppData\Local\Temp\setupapp_amd64.exe" => not found.
"C:\Users\AIRWORX 2\AppData\Local\Temp\setupnt64.dll" => not found.
"C:\Users\AIRWORX 2\AppData\Local\Temp\_isC014.exe" => not found.
HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => key not found.
HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key not found.
HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} => key not found.

==== End of Fixlog 13:15:46 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by AIRWORX 2 (administrator) on AIRWORX2-PC (26-08-2017 13:16:44)
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & airwo & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM\...\Policies\Explorer: [0] 0
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Startup: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk [2017-08-18]
ShortcutTarget: Seagate Product Registration.lnk -> C:\Users\AIRWORX 2\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{3b0572ca-8981-41c6-8b49-4de723fbd9b7}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{d9ff143d-a6fe-4d5a-b3c0-c2abdb37d13c}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1499697116239
DPF: HKLM-x32 {D66F9BB1-7D8E-4A96-9166-20FCC91CBFE9} hxxp://99.7.214.118/FDSH_DVR.CAB
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3563

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-26] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 10
CHR StartupUrls: Profile 10 -> "hxxps://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/","hxxps://www.google.com/","hxxps://productforums.google.com/forum/#!topic/chrome/KobCsRA5DC4"
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-28]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10 [2017-08-26]
CHR Extension: (Google Slides) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28]
CHR Extension: (Google Docs) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Google Sheets) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AppHostSvc; C:\WINDOWS\system32\inetsrv\apphostsvc.dll [64512 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AppHostSvc; C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll [56832 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [120320 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [138752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [585216 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2804736 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [625152 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1357824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [111616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BFE; C:\WINDOWS\System32\bfe.dll [815616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\System32\qmgr.dll [1159680 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [847872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 Browser; C:\WINDOWS\System32\browser.dll [133120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [431616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\WINDOWS\system32\bthserv.dll [154112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [970240 2017-07-14] (Microsoft Corporation) [File not signed]
S2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [489984 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [455168 2017-03-18] (Microsoft Corporation) [File not signed]
R3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [304128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [86528 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [2516480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [536064 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [394240 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [55296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [282624 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1305088 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DPS; C:\WINDOWS\system32\dps.dll [168448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [233984 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [149504 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [108032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EFS; C:\WINDOWS\system32\efssvc.dll [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-08-09] (ESET)
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [149504 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33464 2016-11-08] (Microsoft Corporation)
S3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [301056 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1737216 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\system32\es.dll [452096 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [331776 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121856 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1888256 2017-07-14] (Microsoft Corporation) [File not signed]
S4 FrameServer; C:\WINDOWS\system32\FrameServer.dll [600064 2017-07-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1269248 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [34304 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [269312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [463360 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [396288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [210432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [934912 2017-03-18] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [996864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [93696 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [303616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [272384 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [43520 2017-03-18] (Microsoft Corporation) [File not signed]
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [268800 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LSM; C:\WINDOWS\System32\lsm.dll [706048 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MapsBroker; C:\WINDOWS\System32\moshost.dll [90624 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [51712 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [972288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [9027 2017-08-25] () [File not signed]
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [334848 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [777216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [665600 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netman; C:\WINDOWS\System32\netman.dll [253440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [261632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [491520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [1046016 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [30720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [342528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
S4 p2psvc; C:\WINDOWS\system32\p2psvc.dll [421376 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [772096 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [182272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\system32\pla.dll [1462272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [458240 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Power; C:\WINDOWS\system32\umpo.dll [148480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [413696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [278016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [239104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [873472 2017-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [490496 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [406528 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [154624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [647168 2017-07-14] (Microsoft Corporation) [File not signed]
S3 RmSvc; C:\WINDOWS\System32\RMapi.dll [152576 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [77824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250368 2017-07-14] (Microsoft Corporation) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [200192 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [145920 2017-03-18] (Microsoft Corporation) [File not signed]
R3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorService; C:\WINDOWS\system32\SensorService.dll [548864 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [205824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [337408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [537600 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [612864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564224 2017-03-18] (Microsoft Corporation) [File not signed]
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [192512 2017-07-14] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2017-03-18] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [582656 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [208384 2017-03-18] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [634368 2017-03-18] (Microsoft Corporation) [File not signed]
R3 StorSvc; C:\WINDOWS\system32\storsvc.dll [750080 2017-07-14] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 swprv; C:\WINDOWS\System32\swprv.dll [460800 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [972800 2017-07-14] (Microsoft Corporation) [File not signed]
R2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [292352 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [147456 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [306688 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TermService; C:\WINDOWS\System32\termsrv.dll [992256 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [632832 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [165888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1054208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [799232 2017-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [121344 2017-03-18] (Microsoft Corporation) [File not signed]
S4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95744 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [274944 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1177600 2017-07-14] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [969728 2017-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [432128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [325120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1628672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UsoSvc; C:\WINDOWS\system32\usocore.dll [681984 2017-07-14] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [346624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [82432 2017-07-14] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [428032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\system32\inetsrv\iisw3adm.dll [559104 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [497664 2017-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1528832 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [942592 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [802816 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [463872 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [224256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [196608 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [202752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [176640 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [555008 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-14] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [221696 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2757120 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2354688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wisvc; C:\WINDOWS\system32\flightsettings.dll [699904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2425856 2017-03-18] (Microsoft Corporation) [File not signed]
R3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2155008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [199168 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1177088 2017-03-17] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [86016 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [276480 2017-03-18] (Microsoft Corporation) [File not signed]
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [72704 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [208896 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-07-14] (Microsoft Corporation) [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2444288 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1396224 2017-07-14] (Microsoft Corporation) [File not signed]
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1013248 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1135104 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008 2017-07-14] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [238080 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [20480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14848 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
R1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [176640 2017-03-18] (Microsoft Corporation) [File not signed]
R3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [172544 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-03-18] (Qualcomm Atheros Communications, Inc.) [File not signed]
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [35840 2017-07-14] (Microsoft Corporation) [File not signed]
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2017-03-18] (Windows (R) Win 7 DDK provider) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
S3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [32256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [122880 2017-03-18] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [93184 2017-03-18] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [160256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [49152 2017-03-18] (Microsoft Corporation) [File not signed]
S2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 clreg; C:\WINDOWS\System32\drivers\registry.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [30208 2017-03-18] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [150528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-08-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET)
S3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-08-14] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-03-09] (ESET)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2017-08-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 exfat; C:\Windows\System32\Drivers\exfat.sys [347136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32768 2017-03-18] (Microsoft Corporation) [File not signed]
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [54272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [21504 2017-03-18] (Microsoft Corporation) [File not signed]
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HdAudAddService; C:\WINDOWS\system32\DRIVERS\HdAudio.sys [416256 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [86528 2017-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [106496 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [52224 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [40960 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [115200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2017-03-18] (Intel(R) Corporation) [File not signed]
S3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2017-03-18] (Intel(R) Corporation) [File not signed]
S3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2017-03-18] (Intel Corporation) [File not signed]
S3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [193536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [87040 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [214528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19968 2017-03-18] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [23040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [27136 2017-07-14] (Microsoft Corporation) [File not signed]
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2017-03-18] (Qualcomm Atheros Co., Ltd.) [File not signed]
R2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
R2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [124928 2017-03-18] (Microsoft Corporation) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-26] (Malwarebytes)
R2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2017-03-18] (Microsoft Corporation) [File not signed]
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [33280 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [76800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [144384 2017-03-18] (Microsoft Corporation) [File not signed]
S4 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [285696 2017-07-14] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [115712 2017-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2017-03-18] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [32768 2017-07-14] (Microsoft Corporation) [File not signed]
R2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [83456 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [549888 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [128512 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [65536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [62464 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [127488 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2014-06-10] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [305152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [118784 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-01-08] (CACE Technologies, Inc.)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [69120 2017-03-18] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 nvdimmn; C:\WINDOWS\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [741376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [172032 2017-03-18] (Microsoft Corporation) [File not signed]
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [91976 2017-08-23] (Sysinternals - www.sysinternals.com)
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [49664 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [108544 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [107008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [183296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [82432 2017-03-18] (Microsoft Corporation) [File not signed]
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2016-10-27] (Realsil Semiconductor Corporation)
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [26112 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Serial; C:\WINDOWS\System32\drivers\serial.sys [84480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [414208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [722944 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [255488 2017-03-18] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (IDT, Inc.) [File not signed]
S3 StillCam; C:\WINDOWS\system32\DRIVERS\serscan.sys [13312 2017-03-18] (Microsoft Corporation) [File not signed]
R2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64512 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-17] ()
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [61440 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [162304 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [179200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2017-03-18] (Microsoft Corporation) [File not signed]
S4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [324096 2017-03-18] (Microsoft Corporation) [File not signed]
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [57856 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [103424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [71680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2016-03-03] (Acronis)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [77312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\WINDOWS\System32\drivers\vwifimp.sys [41472 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [72192 2017-03-18] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [757248 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [90112 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [23552 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [100864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [277504 2017-07-14] (Microsoft Corporation) [File not signed]
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================
 
Status
Not open for further replies.

Latest posts

Back