First off, I am not a newbie, so don't treat me like one. I've been doing this for nearly 30 years.
This all seemed to start when I received a notification in MS Edge that a Flash Player update was needed. The update was loaded with "junk" as I would call it. Chromium, Byte Fence, and something from Yahoo. The Flash update never finished, and I doubt that it was an update at all.
I managed to uninstall Chromium and Byte Fence. At the bottom of the list application list was something which started with Yahoo! I don't remember the rest. It would not uninstall.
I did some digging on my own. I opened a command prompt and did a folder search for anything containing the word yahoo. It went like this. "dir c:\ yahoo*.* /s" This search found one thing. A scheduled task in the Windows\Tasks folder. The name was "Yahoo! Powered tonis.job" I deleted it and did a system restart. The only scheduled task I should have had was an Epson printer driver update check. It was still there. There is still a reference to this in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures. I left it.
After I removed the task, Edges' behavior seemed to improve. Since I was not able to perform a proper uninstall of the Yahoo process, some of it is still floating around somewhere.
So, that's it. Take a look at the logs and let me know what you think. I have a fall-back: An Acronis TrueImage full backup from late January which I can restore.
=======================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Norman at 19:14:04 on 2017-02-07
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.2057.18.4040.2465 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\system32\AUDIODG.EXE
svchost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
C:\Misc\Sleeper.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\InstallAgent.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWoW64\DllHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
uLocal Page = %11%\blank.htm
mStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2650 Series" /EF "HKCU"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
StartupFolder: C:\Users\Norman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sleeper.lnk - C:\Misc\Sleeper.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{c346502b-5e9f-4502-9f9c-ffe0ec1d3f44} : DHCPNameServer = 192.168.254.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\usyvoq48.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;Acronis File Tracker Driver;C:\WINDOWS\System32\drivers\file_tracker.sys [2017-1-24 375136]
R0 fltsrv;Acronis Storage Filter Management;C:\WINDOWS\System32\drivers\fltsrv.sys [2017-1-24 181088]
R0 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-22 48992]
R0 tib;Acronis TIB Manager;C:\WINDOWS\System32\drivers\tib.sys [2017-1-24 1267544]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-22 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-22 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2017-1-24 6086232]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_568e42;CDPUserSvc_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2016-8-2 677376]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-1-25 144560]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-7-28 21184]
R2 mmsminisrv;Acronis Managed Machine Service Mini;C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [2016-8-15 4692840]
R2 mobile_backup_server;Acronis Mobile Backup Server;C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2016-7-18 7717528]
R2 mobile_backup_status_server;Acronis Mobile Backup Status Server;C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2016-9-13 1510712]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-24 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-1-24 459832]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2017-1-24 1163712]
R2 OneSyncSvc_568e42;Sync Host_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2016-8-11 9729272]
R2 tib_mounter;Acronis TIB Mounter;C:\WINDOWS\System32\drivers\tib_mounter.sys [2017-1-24 212320]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 virtual_file;Acronis Virtual File Driver;C:\WINDOWS\System32\drivers\virtual_file.sys [2017-1-24 331104]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-22 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_568e42;Contact Data_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_568e42;User Data Storage_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_568e42;User Data Access_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-11-22 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-22 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MDA_NTDRV;MDA_NTDRV;C:\WINDOWS\System32\MDA_NTDRV.sys [2013-2-25 21208]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-22 64352]
S3 MessagingService_568e42;MessagingService_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2016-11-22 113152]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-24 462784]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-1-24 27584]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-24 46016]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-22 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-11-22 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-22 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [2016-7-27 139264]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 tnd;Acronis Try&Decide filter;C:\WINDOWS\System32\drivers\tnd.sys [2017-1-24 687968]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-11-22 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_568e42;Windows Push Notifications User Service_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-1-24 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-22 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-24 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-02-08 00:06:34 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B5B9B13-CA86-41EC-AB52-67E62B9D8AE7}\mpengine.dll
2017-02-07 16:45:42 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-02-07 02:57:53 -------- d-----w- C:\Users\Norman\AppData\Local\Mozilla
2017-02-07 02:57:48 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 02:57:27 -------- d-----w- C:\Users\Norman\AppData\Local\Chromium
2017-02-07 02:15:51 -------- d-----w- C:\Users\Norman\AppData\Local\Adobe
2017-02-07 02:15:40 -------- d-----w- C:\ProgramData\{EEE42B87-64A6-A141-E260-3F037822B4CD}
2017-02-07 02:15:34 -------- d-----w- C:\Users\Norman\AppData\Local\lafe
2017-02-07 01:01:53 -------- d-----w- C:\Program Files (x86)\Common Files\SONY Digital Images
2017-02-07 01:01:26 -------- d-----w- C:\Program Files (x86)\Ulead Systems
2017-02-06 17:50:09 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2017-02-06 17:50:03 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2017-02-06 07:46:08 -------- d-----w- C:\Users\Norman\AppData\Roaming\Digiarty
2017-02-06 07:45:53 -------- d-----w- C:\Program Files (x86)\Digiarty
2017-02-05 19:16:21 -------- d-----w- C:\ProgramData\BSD
2017-02-05 19:15:37 -------- d-----w- C:\Program Files (x86)\Auslogics
2017-02-01 15:37:49 -------- d-----w- C:\Users\Norman\AppData\Roaming\Big Angry Dog
2017-02-01 15:37:46 -------- d---a-w- C:\Program Files\Hardwipe
2017-02-01 13:26:27 82432 ----a-w- C:\WINDOWS\System32\VSD3DWARP12Debug.dll
2017-02-01 13:26:27 6583296 ----a-w- C:\WINDOWS\System32\d3d12warp.dll
2017-02-01 13:26:27 61952 ----a-w- C:\WINDOWS\System32\VSD3DWARPDebug.dll
2017-02-01 13:26:27 5850624 ----a-w- C:\WINDOWS\System32\VsGraphicsDesktopEngine.exe
2017-02-01 13:26:27 4978176 ----a-w- C:\WINDOWS\SysWow64\d3d12warp.dll
2017-02-01 13:26:27 4596224 ----a-w- C:\WINDOWS\SysWow64\VsGraphicsDesktopEngine.exe
2017-02-01 13:26:27 2795520 ----a-w- C:\WINDOWS\System32\d3d12SDKLayers.dll
2017-02-01 13:26:27 2220032 ----a-w- C:\WINDOWS\SysWow64\d3d12SDKLayers.dll
2017-02-01 13:26:26 64000 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARP12Debug.dll
2017-02-01 13:26:26 60928 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARPDebug.dll
2017-02-01 13:26:26 384000 ----a-w- C:\WINDOWS\System32\DXCpl.exe
2017-02-01 13:26:26 362496 ----a-w- C:\WINDOWS\SysWow64\DXCpl.exe
2017-02-01 07:08:45 -------- d-----w- C:\Users\Norman\AppData\Roaming\NuGet
2017-02-01 03:47:26 1654528 ----a-w- C:\ProgramData\Microsoft\WDExpress\14.0\1033\ResourceCache.dll
2017-02-01 03:35:31 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-02-01 03:31:21 -------- d---a-w- C:\Program Files\Application Verifier
2017-02-01 03:31:21 -------- d---a-w- C:\Program Files (x86)\Application Verifier
2017-02-01 03:31:17 -------- d---a-w- C:\ProgramData\Windows App Certification Kit
2017-02-01 03:04:29 -------- d---a-w- C:\Program Files\IIS
2017-02-01 03:04:29 -------- d-----w- C:\Program Files (x86)\IIS
2017-02-01 02:41:18 -------- d-----w- C:\ProgramData\NuGet
2017-02-01 02:41:18 -------- d-----w- C:\Program Files (x86)\NuGet
2017-02-01 02:20:54 -------- d---a-w- C:\Program Files (x86)\Common Files\Merge Modules
2017-02-01 01:40:20 -------- d-----w- C:\Program Files (x86)\Windows Kits
2017-02-01 01:40:20 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2017-02-01 01:34:19 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2017-02-01 01:31:22 -------- d-----w- C:\WINDOWS\SysWow64\1033
2017-02-01 01:31:22 -------- d-----w- C:\WINDOWS\System32\1033
2017-02-01 01:31:07 -------- d---a-w- C:\Program Files\Microsoft SQL Server
2017-02-01 01:31:07 -------- d---a-w- C:\Program Files (x86)\Microsoft SQL Server
2017-02-01 01:28:21 -------- d---a-w- C:\Program Files\Microsoft SQL Server Compact Edition
2017-02-01 01:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-02-01 01:27:56 -------- d---a-w- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-01-31 18:39:10 -------- d-----w- C:\Users\Norman\AppData\Local\N_A
2017-01-27 17:10:03 -------- d-----w- C:\Users\Norman\AppData\Roaming\log
2017-01-26 01:26:29 -------- d---a-w- C:\Program Files (x86)\ExactFile
2017-01-25 19:21:52 -------- d-----w- C:\Program Files\Macrorit
2017-01-25 18:59:51 -------- d-----w- C:\ProgramData\Auslogics
2017-01-25 18:53:20 -------- d-----w- C:\Program Files\Common Files\EPSON
2017-01-25 18:51:14 -------- d-----w- C:\Program Files\EPSON
2017-01-25 18:50:44 -------- d---a-w- C:\Program Files (x86)\EPSON Software
2017-01-25 18:50:37 -------- d-----w- C:\Program Files\EpsonNet
2017-01-25 18:50:25 466944 ----a-w- C:\WINDOWS\System32\esxw2ud.dll
2017-01-25 18:50:25 147472 ----a-w- C:\WINDOWS\SysWow64\twaindsm.dll
2017-01-25 18:50:25 144560 ----a-w- C:\WINDOWS\System32\escsvc64.exe
2017-01-25 18:50:25 -------- d-----w- C:\Program Files (x86)\epson
2017-01-25 18:49:55 10752 ----a-w- C:\WINDOWS\System32\E_GCINST.DLL
2017-01-25 18:49:53 83968 ----a-w- C:\WINDOWS\System32\E_YD4BMBE.DLL
2017-01-25 18:49:53 179712 ----a-w- C:\WINDOWS\System32\E_YLMBMBE.DLL
2017-01-25 18:49:50 -------- d-----w- C:\ProgramData\EPSON
2017-01-25 18:44:24 -------- d---a-w- C:\Program Files (x86)\Microsoft ActiveSync
2017-01-25 18:44:21 -------- d-----w- C:\WINDOWS\SHELLNEW
2017-01-25 18:43:25 -------- d-----w- C:\WINDOWS\PCHEALTH
2017-01-25 18:39:47 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2017-01-25 18:39:41 -------- d-----w- C:\Program Files (x86)\Corel
2017-01-25 18:37:30 -------- d-----w- C:\WINDOWS\Downloaded Installations
2017-01-25 06:02:12 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 06:02:12 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-25 03:59:04 -------- d-----w- C:\Users\Norman\AppData\Local\ConnectedDevicesPlatform
2017-01-25 03:44:20 -------- d--h--w- C:\Users\Norman\AppData
2017-01-25 03:44:20 -------- d-----w- C:\Users\Norman\AppData\Local\Temp
2017-01-25 03:44:20 -------- d-----w- C:\Users\Norman\AppData\Local\Microsoft
2017-01-25 03:41:50 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2017-01-25 03:41:50 7639617 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2017-01-25 03:41:50 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2017-01-25 03:41:50 6384576 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2017-01-25 03:41:50 548408 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2017-01-25 03:41:50 392128 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2017-01-25 03:41:50 2475968 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2017-01-25 03:41:50 1764408 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2017-01-25 03:41:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2017-01-25 03:41:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2017-01-25 03:41:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2017-01-25 02:27:58 73032 ----a-w- C:\WINDOWS\System32\e1cmsg.dll
2017-01-25 02:27:58 36472 ----a-w- C:\WINDOWS\System32\NicCo36.dll
2017-01-25 02:27:58 101224 ----a-w- C:\WINDOWS\System32\NicInstC.dll
2017-01-25 02:27:57 452432 ----a-w- C:\WINDOWS\System32\drivers\e1c63x64.sys
2017-01-25 01:12:38 -------- d-----w- C:\Users\Norman\AppData\Local\PackageStaging
2017-01-25 01:10:30 -------- d-----w- C:\Users\Norman\AppData\Local\Comms
2017-01-25 00:57:22 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2017-01-24 22:39:07 -------- d-sh--w- C:\Recovery
2017-01-24 22:39:00 -------- dc----w- C:\WINDOWS\Panther
2017-01-24 22:37:04 -------- d-----w- C:\Windows.old
2017-01-24 21:04:09 -------- d-----w- C:\Users\Norman\AppData\Local\ElevatedDiagnostics
2017-01-24 11:22:06 -------- d-----w- C:\Weather Pictures
2017-01-24 11:22:05 -------- d-----w- C:\VB.Net
2017-01-24 11:22:03 -------- d-----w- C:\VB Projects
2017-01-24 11:22:03 -------- d-----w- C:\Temp4
2017-01-24 11:22:03 -------- d-----w- C:\Temp3
2017-01-24 11:22:01 -------- d-----w- C:\Temp2
2017-01-24 11:22:00 -------- d-----w- C:\Temp
2017-01-24 11:21:59 -------- d-----w- C:\Prime95
2017-01-24 11:21:53 -------- d-----w- C:\Photos
2017-01-24 11:21:00 -------- d-----w- C:\Blowfish
2017-01-24 11:20:59 -------- d-----w- C:\audiograbber
2017-01-24 11:20:57 -------- d-----w- C:\clucas
2017-01-24 11:20:16 -------- d-----w- C:\kodak
2017-01-24 11:20:12 -------- d-----w- C:\IrfanView
2017-01-24 11:19:59 -------- d-----w- C:\IconForge
2017-01-24 11:19:59 -------- d-----w- C:\Hold
2017-01-24 11:19:51 -------- d-----w- C:\Misc
2017-01-24 11:16:30 -------- d-----w- C:\Program Files (x86)\VideoLAN
2017-01-24 11:15:07 -------- d---a-w- C:\Program Files (x86)\BurnAware Free
2017-01-24 11:14:36 -------- d-----w- C:\Program Files\Axantum
2017-01-24 11:11:54 99384 ----a-w- C:\Users\Norman\AppData\Roaming\inst.exe
2017-01-24 11:11:54 82816 ----a-w- C:\Users\Norman\AppData\Roaming\pcouffin.sys
2017-01-24 11:11:52 -------- d-----w- C:\Program Files (x86)\vso
2017-01-24 11:11:22 -------- d-----w- C:\Users\Norman\AppData\Roaming\IrfanView
2017-01-24 11:11:21 -------- d---a-w- C:\Program Files (x86)\IrfanView
2017-01-24 11:10:51 -------- d---a-w- C:\Program Files (x86)\HxD
2017-01-24 11:07:27 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2017-01-24 11:06:00 -------- d---a-w- C:\Program Files\Defraggler
2017-01-24 11:05:09 -------- d---a-w- C:\Program Files (x86)\CrystalDiskInfo
2017-01-24 11:04:56 -------- d-----w- C:\Users\Norman\AppData\Local\Programs
2017-01-24 11:01:28 -------- d---a-w- C:\Program Files\CCleaner
2017-01-24 10:43:49 -------- d-----w- C:\Users\Norman\AppData\Local\Diagnostics
2017-01-24 10:38:33 -------- d---a-w- C:\Program Files\Bonjour
2017-01-24 10:38:33 -------- d---a-w- C:\Program Files (x86)\Bonjour
2017-01-24 10:37:57 375136 ----a-w- C:\WINDOWS\System32\drivers\file_tracker.sys
2017-01-24 10:37:57 -------- d-----w- C:\ProgramData\Acronis Mobile Backup Data
2017-01-24 10:37:54 331104 ----a-w- C:\WINDOWS\System32\drivers\virtual_file.sys
2017-01-24 10:37:53 687968 ----a-w- C:\WINDOWS\System32\drivers\tnd.sys
2017-01-24 10:37:53 212320 ----a-w- C:\WINDOWS\System32\drivers\tib_mounter.sys
2017-01-24 10:37:52 1267544 ----a-w- C:\WINDOWS\System32\drivers\tib.sys
2017-01-24 10:37:50 368480 ----a-w- C:\WINDOWS\System32\drivers\snapman.sys
2017-01-24 10:37:49 181088 ----a-w- C:\WINDOWS\System32\drivers\fltsrv.sys
2017-01-24 10:00:56 -------- d-----w- C:\WINDOWS\System32\MRT
2017-01-24 09:59:52 -------- d-----r- C:\Users\Norman\OneDrive
2017-01-24 09:58:29 -------- d-----w- C:\Users\Norman\AppData\Local\Publishers
2017-01-24 09:58:01 -------- d-----r- C:\Users\Norman\Searches
2017-01-24 09:58:01 -------- d-----r- C:\Users\Norman\Contacts
2017-01-24 09:54:39 41472 ------w- C:\WINDOWS\SysWow64\Windows.Speech.Pal.dll
2017-01-24 08:05:05 -------- d-----w- C:\Users\Norman\AppData\Local\PeerDistRepub
2017-01-24 07:57:18 202032 ----a-w- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
2017-01-24 07:50:46 -------- d-----w- C:\Users\Norman\AppData\Roaming\NVIDIA
2017-01-24 07:46:50 -------- d-----w- C:\mfaktc
2017-01-24 07:44:27 -------- d-----w- C:\Users\Norman\AppData\Local\CEF
2017-01-24 07:44:16 120256 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2017-01-24 07:44:15 1854400 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2017-01-24 07:44:15 1755072 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2017-01-24 07:44:15 1317312 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2017-01-24 07:44:14 1452480 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2017-01-24 07:43:40 269600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2017-01-24 07:43:40 261920 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2017-01-24 07:43:40 125216 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2017-01-24 07:43:40 110880 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2017-01-24 07:43:40 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-01-24 07:43:10 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
2017-01-24 07:42:04 -------- d-----w- C:\ProgramData\Package Cache
2017-01-24 07:35:09 511328 ----a-w- C:\WINDOWS\System32\d3dx10_43.dll
2017-01-24 07:35:09 470880 ----a-w- C:\WINDOWS\SysWow64\d3dx10_43.dll
2017-01-24 07:35:09 276832 ----a-w- C:\WINDOWS\System32\d3dx11_43.dll
2017-01-24 07:35:09 248672 ----a-w- C:\WINDOWS\SysWow64\d3dx11_43.dll
2017-01-24 07:35:08 2401112 ----a-w- C:\WINDOWS\System32\D3DX9_43.dll
2017-01-24 07:35:08 1998168 ----a-w- C:\WINDOWS\SysWow64\D3DX9_43.dll
2017-01-24 07:34:49 -------- d-----w- C:\Users\Norman\AppData\Local\NVIDIA Corporation
2017-01-24 07:34:49 -------- d-----w- C:\Users\Norman\AppData\Local\NVIDIA
2017-01-24 07:33:58 838224 ----a-w- C:\WINDOWS\System32\msvcr110.dll
2017-01-24 07:33:58 670800 ----a-w- C:\WINDOWS\System32\msvcp110.dll
2017-01-24 07:33:58 3942864 ----a-w- C:\WINDOWS\System32\LogiLDA.DLL
2017-01-24 07:33:58 363616 ----a-w- C:\WINDOWS\System32\vccorlib110.dll
2017-01-24 07:33:58 2468304 ----a-w- C:\WINDOWS\System32\LdaCx2.dll
2017-01-24 07:33:52 1558648 ----a-w- C:\WINDOWS\System32\nvdispgenco6435582.dll
2017-01-24 07:33:51 1898104 ----a-w- C:\WINDOWS\System32\nvdispco6435582.dll
2017-01-24 07:30:52 1187344 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-01-24 07:30:52 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7505EA83-1D9D-46FB-BA41-7AD0082355EF}\gapaengine.dll
2017-01-24 07:30:29 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-01-24 07:20:32 -------- d-----w- C:\Users\Norman\AppData\Local\MicrosoftEdge
2017-01-19 03:08:52 712096 ----a-w- C:\WINDOWS\System32\ndm-fre.exe
.
==================== Find3M ====================
.
2017-01-24 22:32:30 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2017-01-24 09:57:57 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-GPOV9FN_defaultuser0_HistoryPrediction.bin
2017-01-24 09:20:41 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-24 09:20:41 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
2016-12-29 08:21:02 97784 ----a-w- C:\WINDOWS\suite.vssMgr.exe
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-11-22 23:20:16 583680 ----a-w- C:\WINDOWS\System32\quickassist.exe
2016-11-22 23:16:11 27136 ----a-w- C:\WINDOWS\SysWow64\opencl.dll
2016-11-22 23:14:59 99840 ----a-w- C:\WINDOWS\SysWow64\rdvgumd32.dll
2016-11-22 22:56:38 6354944 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2016-11-22 22:55:59 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-22 22:54:33 75104 ----a-w- C:\WINDOWS\System32\SyncAppvPublishingServer.exe
2016-11-22 22:54:33 291680 ----a-w- C:\WINDOWS\System32\AppVStreamingUX.exe
2016-11-22 22:54:33 268128 ----a-w- C:\WINDOWS\System32\AppVFileSystemMetadata.dll
2016-11-22 22:54:33 236384 ----a-w- C:\WINDOWS\System32\AppVStreamMap.dll
2016-11-22 22:54:33 21856 ----a-w- C:\WINDOWS\System32\ScriptRunner.exe
2016-11-22 22:54:33 202592 ----a-w- C:\WINDOWS\System32\AppVStreamingUX.dll
2016-11-22 22:54:33 178528 ----a-w- C:\WINDOWS\System32\AppVNice.exe
2016-11-22 22:54:33 157024 ----a-w- C:\WINDOWS\System32\drivers\AppvVemgr.sys
2016-11-22 22:54:33 141152 ----a-w- C:\WINDOWS\System32\drivers\AppvVfs.sys
2016-11-22 22:54:33 13824 ----a-w- C:\WINDOWS\System32\appvetwstreamingux.dll
2016-11-22 22:54:33 129024 ----a-w- C:\WINDOWS\System32\appvetwclientres.dll
2016-11-22 22:54:17 88064 ----a-w- C:\WINDOWS\System32\rdpsign.exe
2016-11-22 22:49:49 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2016-11-22 22:49:49 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2016-11-22 22:48:50 4096 ----a-w- C:\WINDOWS\SysWow64\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2016-11-22 22:48:50 4096 ----a-w- C:\WINDOWS\System32\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2016-11-22 22:48:45 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-GB\NdisImPlatform.sys.mui
2016-11-22 22:48:44 8192 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2016-11-22 22:48:44 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2016-11-22 22:48:44 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2016-11-22 22:48:44 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-GB\SensorsCx.dll.mui
.
============= FINISH: 19:14:47.16 ===============
This all seemed to start when I received a notification in MS Edge that a Flash Player update was needed. The update was loaded with "junk" as I would call it. Chromium, Byte Fence, and something from Yahoo. The Flash update never finished, and I doubt that it was an update at all.
I managed to uninstall Chromium and Byte Fence. At the bottom of the list application list was something which started with Yahoo! I don't remember the rest. It would not uninstall.
I did some digging on my own. I opened a command prompt and did a folder search for anything containing the word yahoo. It went like this. "dir c:\ yahoo*.* /s" This search found one thing. A scheduled task in the Windows\Tasks folder. The name was "Yahoo! Powered tonis.job" I deleted it and did a system restart. The only scheduled task I should have had was an Epson printer driver update check. It was still there. There is still a reference to this in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures. I left it.
After I removed the task, Edges' behavior seemed to improve. Since I was not able to perform a proper uninstall of the Yahoo process, some of it is still floating around somewhere.
So, that's it. Take a look at the logs and let me know what you think. I have a fall-back: An Acronis TrueImage full backup from late January which I can restore.
=======================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Norman at 19:14:04 on 2017-02-07
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.2057.18.4040.2465 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\system32\AUDIODG.EXE
svchost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\smartscreen.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE
C:\Misc\Sleeper.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\InstallAgent.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\SysWoW64\DllHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
uLocal Page = %11%\blank.htm
mStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2650 Series" /EF "HKCU"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
StartupFolder: C:\Users\Norman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sleeper.lnk - C:\Misc\Sleeper.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{c346502b-5e9f-4502-9f9c-ffe0ec1d3f44} : DHCPNameServer = 192.168.254.254
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.palikan.com/?f=1&a=plk_coinisre_17_06_ssg02&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDtC0DzytD0A0A0DzytD0CtN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByD0FyEtBtDzytGtCyBzytBtG0BtDyE0DtGtB0E0C0EtG0E0BzytAtCzztBtB0Ezy0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0DzytC0CtDtG0BtB0DtCtGyE0ByBzytGzz0FtAtAtGtAyCtAyDtBtAzz0DtDtC0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyByEzy&cr=1168399139&ir=
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\usyvoq48.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;Acronis File Tracker Driver;C:\WINDOWS\System32\drivers\file_tracker.sys [2017-1-24 375136]
R0 fltsrv;Acronis Storage Filter Management;C:\WINDOWS\System32\drivers\fltsrv.sys [2017-1-24 181088]
R0 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-22 48992]
R0 tib;Acronis TIB Manager;C:\WINDOWS\System32\drivers\tib.sys [2017-1-24 1267544]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-11-22 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-11-22 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2017-1-24 6086232]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_568e42;CDPUserSvc_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2016-8-2 677376]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-1-25 144560]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-7-28 21184]
R2 mmsminisrv;Acronis Managed Machine Service Mini;C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [2016-8-15 4692840]
R2 mobile_backup_server;Acronis Mobile Backup Server;C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2016-7-18 7717528]
R2 mobile_backup_status_server;Acronis Mobile Backup Status Server;C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2016-9-13 1510712]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-24 462784]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-1-24 459832]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2017-1-24 1163712]
R2 OneSyncSvc_568e42;Sync Host_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2016-8-11 9729272]
R2 tib_mounter;Acronis TIB Mounter;C:\WINDOWS\System32\drivers\tib_mounter.sys [2017-1-24 212320]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 virtual_file;Acronis Virtual File Driver;C:\WINDOWS\System32\drivers\virtual_file.sys [2017-1-24 331104]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-11-22 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 PimIndexMaintenanceSvc_568e42;Contact Data_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_568e42;User Data Storage_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_568e42;User Data Access_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-11-22 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-11-22 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MDA_NTDRV;MDA_NTDRV;C:\WINDOWS\System32\MDA_NTDRV.sys [2013-2-25 21208]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-22 64352]
S3 MessagingService_568e42;MessagingService_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2016-11-22 113152]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-1-24 462784]
S3 NvStreamKms;NVIDIA KMS;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-1-24 27584]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2017-1-24 46016]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-11-22 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-11-22 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-11-22 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [2016-7-27 139264]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 tnd;Acronis Try&Decide filter;C:\WINDOWS\System32\drivers\tnd.sys [2017-1-24 687968]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-11-22 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_568e42;Windows Push Notifications User Service_568e42;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-1-24 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-11-22 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-24 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-02-08 00:06:34 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B5B9B13-CA86-41EC-AB52-67E62B9D8AE7}\mpengine.dll
2017-02-07 16:45:42 12229912 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-02-07 02:57:53 -------- d-----w- C:\Users\Norman\AppData\Local\Mozilla
2017-02-07 02:57:48 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-07 02:57:27 -------- d-----w- C:\Users\Norman\AppData\Local\Chromium
2017-02-07 02:15:51 -------- d-----w- C:\Users\Norman\AppData\Local\Adobe
2017-02-07 02:15:40 -------- d-----w- C:\ProgramData\{EEE42B87-64A6-A141-E260-3F037822B4CD}
2017-02-07 02:15:34 -------- d-----w- C:\Users\Norman\AppData\Local\lafe
2017-02-07 01:01:53 -------- d-----w- C:\Program Files (x86)\Common Files\SONY Digital Images
2017-02-07 01:01:26 -------- d-----w- C:\Program Files (x86)\Ulead Systems
2017-02-06 17:50:09 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2017-02-06 17:50:03 -------- d-----w- C:\Program Files (x86)\Windows Media Components
2017-02-06 07:46:08 -------- d-----w- C:\Users\Norman\AppData\Roaming\Digiarty
2017-02-06 07:45:53 -------- d-----w- C:\Program Files (x86)\Digiarty
2017-02-05 19:16:21 -------- d-----w- C:\ProgramData\BSD
2017-02-05 19:15:37 -------- d-----w- C:\Program Files (x86)\Auslogics
2017-02-01 15:37:49 -------- d-----w- C:\Users\Norman\AppData\Roaming\Big Angry Dog
2017-02-01 15:37:46 -------- d---a-w- C:\Program Files\Hardwipe
2017-02-01 13:26:27 82432 ----a-w- C:\WINDOWS\System32\VSD3DWARP12Debug.dll
2017-02-01 13:26:27 6583296 ----a-w- C:\WINDOWS\System32\d3d12warp.dll
2017-02-01 13:26:27 61952 ----a-w- C:\WINDOWS\System32\VSD3DWARPDebug.dll
2017-02-01 13:26:27 5850624 ----a-w- C:\WINDOWS\System32\VsGraphicsDesktopEngine.exe
2017-02-01 13:26:27 4978176 ----a-w- C:\WINDOWS\SysWow64\d3d12warp.dll
2017-02-01 13:26:27 4596224 ----a-w- C:\WINDOWS\SysWow64\VsGraphicsDesktopEngine.exe
2017-02-01 13:26:27 2795520 ----a-w- C:\WINDOWS\System32\d3d12SDKLayers.dll
2017-02-01 13:26:27 2220032 ----a-w- C:\WINDOWS\SysWow64\d3d12SDKLayers.dll
2017-02-01 13:26:26 64000 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARP12Debug.dll
2017-02-01 13:26:26 60928 ----a-w- C:\WINDOWS\SysWow64\VSD3DWARPDebug.dll
2017-02-01 13:26:26 384000 ----a-w- C:\WINDOWS\System32\DXCpl.exe
2017-02-01 13:26:26 362496 ----a-w- C:\WINDOWS\SysWow64\DXCpl.exe
2017-02-01 07:08:45 -------- d-----w- C:\Users\Norman\AppData\Roaming\NuGet
2017-02-01 03:47:26 1654528 ----a-w- C:\ProgramData\Microsoft\WDExpress\14.0\1033\ResourceCache.dll
2017-02-01 03:35:31 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-02-01 03:31:21 -------- d---a-w- C:\Program Files\Application Verifier
2017-02-01 03:31:21 -------- d---a-w- C:\Program Files (x86)\Application Verifier
2017-02-01 03:31:17 -------- d---a-w- C:\ProgramData\Windows App Certification Kit
2017-02-01 03:04:29 -------- d---a-w- C:\Program Files\IIS
2017-02-01 03:04:29 -------- d-----w- C:\Program Files (x86)\IIS
2017-02-01 02:41:18 -------- d-----w- C:\ProgramData\NuGet
2017-02-01 02:41:18 -------- d-----w- C:\Program Files (x86)\NuGet
2017-02-01 02:20:54 -------- d---a-w- C:\Program Files (x86)\Common Files\Merge Modules
2017-02-01 01:40:20 -------- d-----w- C:\Program Files (x86)\Windows Kits
2017-02-01 01:40:20 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2017-02-01 01:34:19 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2017-02-01 01:31:22 -------- d-----w- C:\WINDOWS\SysWow64\1033
2017-02-01 01:31:22 -------- d-----w- C:\WINDOWS\System32\1033
2017-02-01 01:31:07 -------- d---a-w- C:\Program Files\Microsoft SQL Server
2017-02-01 01:31:07 -------- d---a-w- C:\Program Files (x86)\Microsoft SQL Server
2017-02-01 01:28:21 -------- d---a-w- C:\Program Files\Microsoft SQL Server Compact Edition
2017-02-01 01:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-02-01 01:27:56 -------- d---a-w- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-01-31 18:39:10 -------- d-----w- C:\Users\Norman\AppData\Local\N_A
2017-01-27 17:10:03 -------- d-----w- C:\Users\Norman\AppData\Roaming\log
2017-01-26 01:26:29 -------- d---a-w- C:\Program Files (x86)\ExactFile
2017-01-25 19:21:52 -------- d-----w- C:\Program Files\Macrorit
2017-01-25 18:59:51 -------- d-----w- C:\ProgramData\Auslogics
2017-01-25 18:53:20 -------- d-----w- C:\Program Files\Common Files\EPSON
2017-01-25 18:51:14 -------- d-----w- C:\Program Files\EPSON
2017-01-25 18:50:44 -------- d---a-w- C:\Program Files (x86)\EPSON Software
2017-01-25 18:50:37 -------- d-----w- C:\Program Files\EpsonNet
2017-01-25 18:50:25 466944 ----a-w- C:\WINDOWS\System32\esxw2ud.dll
2017-01-25 18:50:25 147472 ----a-w- C:\WINDOWS\SysWow64\twaindsm.dll
2017-01-25 18:50:25 144560 ----a-w- C:\WINDOWS\System32\escsvc64.exe
2017-01-25 18:50:25 -------- d-----w- C:\Program Files (x86)\epson
2017-01-25 18:49:55 10752 ----a-w- C:\WINDOWS\System32\E_GCINST.DLL
2017-01-25 18:49:53 83968 ----a-w- C:\WINDOWS\System32\E_YD4BMBE.DLL
2017-01-25 18:49:53 179712 ----a-w- C:\WINDOWS\System32\E_YLMBMBE.DLL
2017-01-25 18:49:50 -------- d-----w- C:\ProgramData\EPSON
2017-01-25 18:44:24 -------- d---a-w- C:\Program Files (x86)\Microsoft ActiveSync
2017-01-25 18:44:21 -------- d-----w- C:\WINDOWS\SHELLNEW
2017-01-25 18:43:25 -------- d-----w- C:\WINDOWS\PCHEALTH
2017-01-25 18:39:47 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2017-01-25 18:39:41 -------- d-----w- C:\Program Files (x86)\Corel
2017-01-25 18:37:30 -------- d-----w- C:\WINDOWS\Downloaded Installations
2017-01-25 06:02:12 142848 ----a-w- C:\WINDOWS\System32\poqexec.exe
2017-01-25 06:02:12 120320 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2017-01-25 03:59:04 -------- d-----w- C:\Users\Norman\AppData\Local\ConnectedDevicesPlatform
2017-01-25 03:44:20 -------- d--h--w- C:\Users\Norman\AppData
2017-01-25 03:44:20 -------- d-----w- C:\Users\Norman\AppData\Local\Temp
2017-01-25 03:44:20 -------- d-----w- C:\Users\Norman\AppData\Local\Microsoft
2017-01-25 03:41:50 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2017-01-25 03:41:50 7639617 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2017-01-25 03:41:50 71224 ----a-w- C:\WINDOWS\System32\nvshext.dll
2017-01-25 03:41:50 6384576 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2017-01-25 03:41:50 548408 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2017-01-25 03:41:50 392128 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2017-01-25 03:41:50 2475968 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2017-01-25 03:41:50 1764408 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2017-01-25 03:41:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2017-01-25 03:41:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2017-01-25 03:41:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2017-01-25 02:27:58 73032 ----a-w- C:\WINDOWS\System32\e1cmsg.dll
2017-01-25 02:27:58 36472 ----a-w- C:\WINDOWS\System32\NicCo36.dll
2017-01-25 02:27:58 101224 ----a-w- C:\WINDOWS\System32\NicInstC.dll
2017-01-25 02:27:57 452432 ----a-w- C:\WINDOWS\System32\drivers\e1c63x64.sys
2017-01-25 01:12:38 -------- d-----w- C:\Users\Norman\AppData\Local\PackageStaging
2017-01-25 01:10:30 -------- d-----w- C:\Users\Norman\AppData\Local\Comms
2017-01-25 00:57:22 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2017-01-24 22:39:07 -------- d-sh--w- C:\Recovery
2017-01-24 22:39:00 -------- dc----w- C:\WINDOWS\Panther
2017-01-24 22:37:04 -------- d-----w- C:\Windows.old
2017-01-24 21:04:09 -------- d-----w- C:\Users\Norman\AppData\Local\ElevatedDiagnostics
2017-01-24 11:22:06 -------- d-----w- C:\Weather Pictures
2017-01-24 11:22:05 -------- d-----w- C:\VB.Net
2017-01-24 11:22:03 -------- d-----w- C:\VB Projects
2017-01-24 11:22:03 -------- d-----w- C:\Temp4
2017-01-24 11:22:03 -------- d-----w- C:\Temp3
2017-01-24 11:22:01 -------- d-----w- C:\Temp2
2017-01-24 11:22:00 -------- d-----w- C:\Temp
2017-01-24 11:21:59 -------- d-----w- C:\Prime95
2017-01-24 11:21:53 -------- d-----w- C:\Photos
2017-01-24 11:21:00 -------- d-----w- C:\Blowfish
2017-01-24 11:20:59 -------- d-----w- C:\audiograbber
2017-01-24 11:20:57 -------- d-----w- C:\clucas
2017-01-24 11:20:16 -------- d-----w- C:\kodak
2017-01-24 11:20:12 -------- d-----w- C:\IrfanView
2017-01-24 11:19:59 -------- d-----w- C:\IconForge
2017-01-24 11:19:59 -------- d-----w- C:\Hold
2017-01-24 11:19:51 -------- d-----w- C:\Misc
2017-01-24 11:16:30 -------- d-----w- C:\Program Files (x86)\VideoLAN
2017-01-24 11:15:07 -------- d---a-w- C:\Program Files (x86)\BurnAware Free
2017-01-24 11:14:36 -------- d-----w- C:\Program Files\Axantum
2017-01-24 11:11:54 99384 ----a-w- C:\Users\Norman\AppData\Roaming\inst.exe
2017-01-24 11:11:54 82816 ----a-w- C:\Users\Norman\AppData\Roaming\pcouffin.sys
2017-01-24 11:11:52 -------- d-----w- C:\Program Files (x86)\vso
2017-01-24 11:11:22 -------- d-----w- C:\Users\Norman\AppData\Roaming\IrfanView
2017-01-24 11:11:21 -------- d---a-w- C:\Program Files (x86)\IrfanView
2017-01-24 11:10:51 -------- d---a-w- C:\Program Files (x86)\HxD
2017-01-24 11:07:27 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2017-01-24 11:06:00 -------- d---a-w- C:\Program Files\Defraggler
2017-01-24 11:05:09 -------- d---a-w- C:\Program Files (x86)\CrystalDiskInfo
2017-01-24 11:04:56 -------- d-----w- C:\Users\Norman\AppData\Local\Programs
2017-01-24 11:01:28 -------- d---a-w- C:\Program Files\CCleaner
2017-01-24 10:43:49 -------- d-----w- C:\Users\Norman\AppData\Local\Diagnostics
2017-01-24 10:38:33 -------- d---a-w- C:\Program Files\Bonjour
2017-01-24 10:38:33 -------- d---a-w- C:\Program Files (x86)\Bonjour
2017-01-24 10:37:57 375136 ----a-w- C:\WINDOWS\System32\drivers\file_tracker.sys
2017-01-24 10:37:57 -------- d-----w- C:\ProgramData\Acronis Mobile Backup Data
2017-01-24 10:37:54 331104 ----a-w- C:\WINDOWS\System32\drivers\virtual_file.sys
2017-01-24 10:37:53 687968 ----a-w- C:\WINDOWS\System32\drivers\tnd.sys
2017-01-24 10:37:53 212320 ----a-w- C:\WINDOWS\System32\drivers\tib_mounter.sys
2017-01-24 10:37:52 1267544 ----a-w- C:\WINDOWS\System32\drivers\tib.sys
2017-01-24 10:37:50 368480 ----a-w- C:\WINDOWS\System32\drivers\snapman.sys
2017-01-24 10:37:49 181088 ----a-w- C:\WINDOWS\System32\drivers\fltsrv.sys
2017-01-24 10:00:56 -------- d-----w- C:\WINDOWS\System32\MRT
2017-01-24 09:59:52 -------- d-----r- C:\Users\Norman\OneDrive
2017-01-24 09:58:29 -------- d-----w- C:\Users\Norman\AppData\Local\Publishers
2017-01-24 09:58:01 -------- d-----r- C:\Users\Norman\Searches
2017-01-24 09:58:01 -------- d-----r- C:\Users\Norman\Contacts
2017-01-24 09:54:39 41472 ------w- C:\WINDOWS\SysWow64\Windows.Speech.Pal.dll
2017-01-24 08:05:05 -------- d-----w- C:\Users\Norman\AppData\Local\PeerDistRepub
2017-01-24 07:57:18 202032 ----a-w- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
2017-01-24 07:50:46 -------- d-----w- C:\Users\Norman\AppData\Roaming\NVIDIA
2017-01-24 07:46:50 -------- d-----w- C:\mfaktc
2017-01-24 07:44:27 -------- d-----w- C:\Users\Norman\AppData\Local\CEF
2017-01-24 07:44:16 120256 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2017-01-24 07:44:15 1854400 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2017-01-24 07:44:15 1755072 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2017-01-24 07:44:15 1317312 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2017-01-24 07:44:14 1452480 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2017-01-24 07:43:40 269600 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2017-01-24 07:43:40 261920 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2017-01-24 07:43:40 125216 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2017-01-24 07:43:40 110880 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2017-01-24 07:43:40 -------- d-----w- C:\Program Files (x86)\VulkanRT
2017-01-24 07:43:10 1951 ----a-w- C:\WINDOWS\NvContainerRecovery.bat
2017-01-24 07:42:04 -------- d-----w- C:\ProgramData\Package Cache
2017-01-24 07:35:09 511328 ----a-w- C:\WINDOWS\System32\d3dx10_43.dll
2017-01-24 07:35:09 470880 ----a-w- C:\WINDOWS\SysWow64\d3dx10_43.dll
2017-01-24 07:35:09 276832 ----a-w- C:\WINDOWS\System32\d3dx11_43.dll
2017-01-24 07:35:09 248672 ----a-w- C:\WINDOWS\SysWow64\d3dx11_43.dll
2017-01-24 07:35:08 2401112 ----a-w- C:\WINDOWS\System32\D3DX9_43.dll
2017-01-24 07:35:08 1998168 ----a-w- C:\WINDOWS\SysWow64\D3DX9_43.dll
2017-01-24 07:34:49 -------- d-----w- C:\Users\Norman\AppData\Local\NVIDIA Corporation
2017-01-24 07:34:49 -------- d-----w- C:\Users\Norman\AppData\Local\NVIDIA
2017-01-24 07:33:58 838224 ----a-w- C:\WINDOWS\System32\msvcr110.dll
2017-01-24 07:33:58 670800 ----a-w- C:\WINDOWS\System32\msvcp110.dll
2017-01-24 07:33:58 3942864 ----a-w- C:\WINDOWS\System32\LogiLDA.DLL
2017-01-24 07:33:58 363616 ----a-w- C:\WINDOWS\System32\vccorlib110.dll
2017-01-24 07:33:58 2468304 ----a-w- C:\WINDOWS\System32\LdaCx2.dll
2017-01-24 07:33:52 1558648 ----a-w- C:\WINDOWS\System32\nvdispgenco6435582.dll
2017-01-24 07:33:51 1898104 ----a-w- C:\WINDOWS\System32\nvdispco6435582.dll
2017-01-24 07:30:52 1187344 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2017-01-24 07:30:52 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7505EA83-1D9D-46FB-BA41-7AD0082355EF}\gapaengine.dll
2017-01-24 07:30:29 485032 ------w- C:\WINDOWS\System32\MpSigStub.exe
2017-01-24 07:20:32 -------- d-----w- C:\Users\Norman\AppData\Local\MicrosoftEdge
2017-01-19 03:08:52 712096 ----a-w- C:\WINDOWS\System32\ndm-fre.exe
.
==================== Find3M ====================
.
2017-01-24 22:32:30 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2017-01-24 09:57:57 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-GPOV9FN_defaultuser0_HistoryPrediction.bin
2017-01-24 09:20:41 635904 ------w- C:\WINDOWS\SysWow64\mqsnap.dll
2017-01-24 09:20:41 14848 ------w- C:\WINDOWS\SysWow64\mqcertui.dll
2016-12-29 08:21:02 97784 ----a-w- C:\WINDOWS\suite.vssMgr.exe
2016-12-22 23:13:26 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-22 23:13:26 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-11-22 23:20:16 583680 ----a-w- C:\WINDOWS\System32\quickassist.exe
2016-11-22 23:16:11 27136 ----a-w- C:\WINDOWS\SysWow64\opencl.dll
2016-11-22 23:14:59 99840 ----a-w- C:\WINDOWS\SysWow64\rdvgumd32.dll
2016-11-22 22:56:38 6354944 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2016-11-22 22:55:59 896512 ----a-w- C:\WINDOWS\SysWow64\fontext.dll
2016-11-22 22:54:33 75104 ----a-w- C:\WINDOWS\System32\SyncAppvPublishingServer.exe
2016-11-22 22:54:33 291680 ----a-w- C:\WINDOWS\System32\AppVStreamingUX.exe
2016-11-22 22:54:33 268128 ----a-w- C:\WINDOWS\System32\AppVFileSystemMetadata.dll
2016-11-22 22:54:33 236384 ----a-w- C:\WINDOWS\System32\AppVStreamMap.dll
2016-11-22 22:54:33 21856 ----a-w- C:\WINDOWS\System32\ScriptRunner.exe
2016-11-22 22:54:33 202592 ----a-w- C:\WINDOWS\System32\AppVStreamingUX.dll
2016-11-22 22:54:33 178528 ----a-w- C:\WINDOWS\System32\AppVNice.exe
2016-11-22 22:54:33 157024 ----a-w- C:\WINDOWS\System32\drivers\AppvVemgr.sys
2016-11-22 22:54:33 141152 ----a-w- C:\WINDOWS\System32\drivers\AppvVfs.sys
2016-11-22 22:54:33 13824 ----a-w- C:\WINDOWS\System32\appvetwstreamingux.dll
2016-11-22 22:54:33 129024 ----a-w- C:\WINDOWS\System32\appvetwclientres.dll
2016-11-22 22:54:17 88064 ----a-w- C:\WINDOWS\System32\rdpsign.exe
2016-11-22 22:49:49 3753984 ----a-w- C:\WINDOWS\System32\bootux.dll
2016-11-22 22:49:49 199008 ----a-w- C:\WINDOWS\System32\drivers\wof.sys
2016-11-22 22:48:50 4096 ----a-w- C:\WINDOWS\SysWow64\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2016-11-22 22:48:50 4096 ----a-w- C:\WINDOWS\System32\wbem\en\Microsoft.AppV.AppVClientWmi.resources.dll
2016-11-22 22:48:45 11776 ----a-w- C:\WINDOWS\SysWow64\drivers\en-GB\NdisImPlatform.sys.mui
2016-11-22 22:48:44 8192 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2016-11-22 22:48:44 6656 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2016-11-22 22:48:44 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2016-11-22 22:48:44 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-GB\SensorsCx.dll.mui
.
============= FINISH: 19:14:47.16 ===============