Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

fixlist for FRST please?

frst fixlist pagefault

  • Please log in to reply

#1
Burrito132

Burrito132

    New Member

  • Member
  • Pip
  • 2 posts

Hey there, so I was dicking around with Display Fusion and restarted my computer for changes to take effect, but now every time it boots I get a BSOD. At first, it was showing the BSOD but now it flashes too fast to read. I know originally it was saying that it was a page fault in a nonpaged area so I looked into it and was told to get FRST since it may be a driver issue. For some reason, f8 doesn't do anything when the computer is booting so I can't start in recovery mode, but I can start in safe mode with networking (as I currently am using that).

I've attached the FRST.txt and Addition.txt files, and as I'm not incredibly intuitive on how this program works or what I should be deleting, I would greatly appreciate someone helping me out.

Also, in FRST.txt, there's a line that says

RAM Defects
-----------
identifier              {badmemory}
There's also a spot that says
Windows Memory Tester
---------------------
badmemoryaccess         Yes

Does this mean my ram has gone bad?

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Chris (18-06-2018 13:48:38)
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) (2017-11-11 08:25:42)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-7126355-2372664010-1568705411-500 - Administrator - Disabled)
Alexandra (S-1-5-21-7126355-2372664010-1568705411-1001 - Limited - Enabled) => C:\Users\Alexandra
Chris (S-1-5-21-7126355-2372664010-1568705411-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-7126355-2372664010-1568705411-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.17.2008 - BlueStack Systems, Inc.)
Clustertruck (HKLM-x32\...\{BB09E395-9405-44CA-A17C-98DF998CF216}) (Version:  - TinyBuild LLC)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Devil May Cry HD Collection: Devil May Cry HD (HKLM-x32\...\{C24336E8-B8E2-4537-BF1B-9F6CC6CEE40A}) (Version:  - CAPCOM CO., LTD.)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Discord (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Google Chrome SxS) (Version: 69.0.3464.0 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 6.0.2.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
RPG (rm2kdev) (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\RPG (rm2kdev)) (Version:  - )
Skype version 8.21 (HKLM-x32\...\Skype_is1) (Version: 8.21 - Skype Technologies S.A.)
Stardew Valley Editor (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\fd112501192d78a2) (Version: 1.0.0.61 - SDV Modders)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Titan Souls (HKLM-x32\...\{8D842248-54AE-4AA2-B4BF-362CB533982E}) (Version:  - Devolver Digital)
Twitch (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 57.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\WinDirStat) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-7126355-2372664010-1568705411-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7126355-2372664010-1568705411-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-7126355-2372664010-1568705411-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-7126355-2372664010-1568705411-1000_Classes\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F}\localserver32 -> C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\69.0.3464.0\notification_helper.exe (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-18] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C264644-D3FE-48CA-B3DA-DF5241B63A41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7126355-2372664010-1568705411-1000Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
Task: {0E14D43B-5FA3-48C4-94F0-743A613758FE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation)
Task: {10E3275B-AD13-4FE7-A798-4D645660951F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-27] (NVIDIA Corporation)
Task: {249C887E-B215-48B4-8404-B25DA67C9BC2} - System32\Tasks\{F804A2A9-A59B-4599-B9CA-E438E48B50F1} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.21.0.100&LastError=404
Task: {30DCAAD8-385C-4490-B123-E1667A9068E7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation)
Task: {6BB4CC2C-313C-4DE5-8F34-7758DBA1098E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7126355-2372664010-1568705411-1000UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
Task: {8648F8B0-A5AA-435F-8394-80F1914374CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-08] (AVAST Software)
Task: {8AC8B14E-53BF-4DBD-B5C2-91113F41BE8C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation)
Task: {90A9E64F-FE69-42DA-BA37-44BD35668018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {96693F04-2382-4263-8BFD-13444198CAF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-11] (Google Inc.)
Task: {B29E9AAA-0CF2-42E0-A8B8-1FA7894E6E49} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-27] (NVIDIA Corporation)
Task: {C6E545F9-D586-4CDA-9C8E-619EEB83CBBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-11] (Google Inc.)
Task: {D004F258-77AC-43BC-8D60-05023A692D7E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-27] (NVIDIA Corporation)
Task: {E42A45A0-06DA-45FA-8DE9-10321B76DA4A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-27] (NVIDIA Corporation)
Task: {F2D68440-1384-44D6-9B37-721D7AAD51E1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {F30E9042-3711-43C2-9FD6-5A69655CDD07} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation)
Task: {F81EBE6A-7E3F-4138-A67E-015C360A28AD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-06-18 03:57 - 2018-06-17 23:44 - 002682712 _____ () C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\69.0.3464.0\swiftshader\libglesv2.dll
2018-06-18 03:57 - 2018-06-17 23:44 - 000148824 _____ () C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\69.0.3464.0\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [468]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-7126355-2372664010-1568705411-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D88642B2-681F-4307-B149-C8AA99151836}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3D6069D5-6A4E-4C60-B96A-9DDA618B931A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F58CA8E7-C235-4D25-AF51-4631E0FF9ADC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FDF7303F-0DF3-486F-9C00-69965E30F93C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{29CB69EC-AB1E-4209-BF59-75944147C970}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5717EE7-F5AE-4AD0-848E-2B2275F0B35D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{291CA926-84FB-49D7-8934-087C58BAFA41}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D2B40D97-9B85-49CF-8B94-6BE45434CE11}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5EC15370-8115-4FFD-950B-17625716507B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{23C27203-8E02-4A13-8232-6755802F24D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0B4453F-BC22-46D5-8127-4DA041D6600F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{12C8B5AB-BA71-4452-95C1-C6CF3E88750C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{58CF0FF6-3255-41D4-95D5-BB1CF892A701}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{54A8C92D-ECB5-44AE-A822-C933188D6E0B}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{85D66BF3-A2B3-4E6C-976D-F7AB5BBDC4B5}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FFB76515-F650-41D6-9E6A-B2A94831475A}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FA8C7B59-198F-4A0A-BD4F-31DC98EF2ECB}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1231BBEE-5459-4CE8-9EAB-7D0CB17C4F72}] => (Allow) D:\SteamLibrary\steamapps\common\Prototype 2\prototype2.exe
FirewallRules: [{E03838B7-1FBA-493E-A9F8-E9297DD43111}] => (Allow) D:\SteamLibrary\steamapps\common\Prototype 2\prototype2.exe
FirewallRules: [{7A0045D6-93FD-4DEA-B4FE-7FEB93B727D5}] => (Allow) D:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{D1550582-A244-472C-B651-3780E40B6324}] => (Allow) D:\SteamLibrary\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{099C531E-C576-440D-BBE6-95E8169EFF04}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{4533BC2F-F1B0-432D-BC56-1924BB5E4525}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{15B2071D-9A5B-49B7-91CF-40A0615D238A}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{B647DB69-559C-4C44-A368-B30ECBEDA7B6}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{548698E6-BAB7-4BA7-AB24-46CA7BAEAB66}] => (Allow) D:\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{8D7F5D69-6B42-442B-922D-9F0BEED17C7C}] => (Allow) D:\SteamLibrary\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{0C4A94D3-2CE0-46E7-9B51-01B40217F79E}] => (Allow) D:\SteamLibrary\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{1D562472-B82D-424B-9034-93BD85FAD542}] => (Allow) D:\SteamLibrary\steamapps\common\Line of Sight\Binaries\Win32\LSGame_BE.exe
FirewallRules: [{B8951820-C382-46EE-86A7-2BDEC3B2FDE6}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{2BC60F62-318A-44BB-BD0B-09A68AD63EB6}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{4E402F71-D587-45BF-BDC8-B0DB4E06401C}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{967E2805-D0FF-42F2-BE4A-89702424B41E}] => (Allow) D:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{6ED885C4-F3A6-4AF1-B67D-01D62F442BA4}] => (Allow) D:\SteamLibrary\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{6193D647-C8D6-4D68-9904-D23163D6C3F1}] => (Allow) D:\SteamLibrary\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{37D493D8-5DC4-46F8-B71D-A4DB2F234A12}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2937FC88-DA35-4C60-8DCE-0E64F0CB99BF}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{4EB65412-6BB3-4434-B70D-8A81748E4F8D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C461311A-6424-4882-BAC6-05C35E9427FC}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0ED09C2C-CB56-4FEB-99EF-F06DE64943DB}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{13F2E93F-CBDB-4C07-BA80-B79D42E273EC}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{DF743949-7429-488B-A009-C8315726FEF8}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8A64532F-599F-437E-B226-226B8DE71238}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{01F2A68F-A781-4237-8D76-7C2DDF8B674F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{CD20A95A-50AA-43F4-BE95-A5E274CC2681}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EBE23C3C-561C-404A-8BA1-10DD9B62B78D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F4A16029-EBDC-4197-ADCB-567B4C271C50}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{DBFC9C1A-12BA-46A3-9F6E-53142E86EBEB}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{4F2B8731-541E-4BBC-87BC-ADB01B2A8192}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{09681D5F-C4EA-460B-B352-9BEE62138A9D}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{E8E1F2FD-BCD7-47CA-BF4D-7339D0D6DCC7}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{1E1F1ACB-9BDF-48E5-A950-53D471DA1F55}] => (Allow) D:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{415E1B81-78A0-46E2-AAC8-2388C2299A30}] => (Allow) D:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{1C1DB0A3-5038-479D-B951-DB38E42BB96E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D031B300-2273-4F44-9D98-C3E1DC1EE7C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{984DC809-EC0F-4172-8820-1C7D8053749D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{34E94A75-6FA8-4E5C-9655-6DA331DDAB3F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{43249A8F-DD78-466B-9AB8-865B6CB93AC6}D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe
FirewallRules: [UDP Query User{4369BC17-11A9-4BDC-B4F6-C80D197F39DD}D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe
FirewallRules: [{C2DD3FB1-7079-4893-822D-2C1B638EF73D}] => (Allow) D:\SteamLibrary\steamapps\common\Clickteam Fusion 2.5 Free Edition\mmf2u.exe
FirewallRules: [{19EF503A-8C84-49A7-9E8F-7D2E08E4F9A9}] => (Allow) D:\SteamLibrary\steamapps\common\Clickteam Fusion 2.5 Free Edition\mmf2u.exe
FirewallRules: [{7A6582EA-9002-4C77-AEED-16D643DD0705}] => (Allow) D:\SteamLibrary\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [{D6CC2689-2541-4A53-BE46-0AA21AFDC8E2}] => (Allow) D:\SteamLibrary\steamapps\common\King Arthur's Gold\KAG.exe
FirewallRules: [TCP Query User{D3B35D3A-52E0-4E3A-BEF8-EA88912D0200}D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe
FirewallRules: [UDP Query User{A3EA97DC-B02C-4B5D-8A20-7CCA0D38FC5F}D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty world at war\codwaw.exe
FirewallRules: [{2A305285-29FB-424D-A06C-8CB6B6B33619}] => (Allow) D:\SteamLibrary\steamapps\common\quakechampions\client\bin\pc\QuakeChampions.exe
FirewallRules: [{E159D90B-2DAD-4B24-9658-D627F99DE8FA}] => (Allow) D:\SteamLibrary\steamapps\common\quakechampions\client\bin\pc\QuakeChampions.exe
FirewallRules: [{578237D9-3997-409E-89D5-0FB1F4450528}] => (Allow) D:\SteamLibrary\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{D29E8944-55BD-4E93-A1E1-E8189D99F4E1}] => (Allow) D:\SteamLibrary\steamapps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{E201145C-7534-4098-92E1-69AEE07924DB}] => (Allow) D:\SteamLibrary\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{EFB00A67-999D-413C-87CA-36365EC7FB64}] => (Allow) D:\SteamLibrary\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{B3C22010-E02D-4857-A0A0-21C55E5404EC}] => (Allow) D:\SteamLibrary\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{F2A16DDC-1B50-4BD9-8009-73FD9157E4AA}] => (Allow) D:\SteamLibrary\steamapps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{4893E338-27EC-4BC4-A2CD-35818CFF3FF0}] => (Allow) C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CE2432B6-2FC5-44C1-B332-E4D32EABB59A}] => (Allow) C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15D091B0-0D86-4782-A795-0AC2C964AC17}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{6A83D70F-5A69-4B9E-8597-554145EC21D5}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{D861D367-EF0A-45B6-8290-FBFF61AC1180}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{AE9041AF-F767-42F0-ACD2-F57CC4365BAC}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{73A059B7-1E5F-4525-88AD-9F5518351B87}] => (Allow) D:\SteamLibrary\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{899206A3-9F95-48BE-9929-F8411BE47458}] => (Allow) D:\SteamLibrary\steamapps\common\Savage Lands\SavageLands.exe
FirewallRules: [{9357A4F5-12CF-43F5-A593-5A368299529E}] => (Allow) D:\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{2D431A5D-C8E6-47C5-B3FC-5CB45520FFFD}] => (Allow) D:\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{28CC9598-5E6C-4E0B-B666-9D4D836B1E6F}] => (Allow) D:\SteamLibrary\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{7391FDCB-2260-4DE4-A10C-749B8533B39C}] => (Allow) D:\SteamLibrary\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{E7E69D66-C40A-44DA-995F-F1E47AC6F08B}] => (Allow) D:\SteamLibrary\steamapps\common\Minimum\Binaries\Win32\Minimum.exe
FirewallRules: [{61E1E065-31A9-498E-B58B-A9850205BDDD}] => (Allow) D:\SteamLibrary\steamapps\common\Minimum\Binaries\Win32\Minimum.exe
FirewallRules: [{94773EF4-6B0B-4478-A069-FA359C03FB98}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{6048BBEE-13B4-4142-9E27-7F26906B2F5B}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{BA4D7E40-08A9-4BF2-8E05-69BB7102F8CE}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{7F2E5F1C-993B-41CB-A9BB-5E1C9C207B2A}] => (Allow) D:\SteamLibrary\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{4E0C4038-5408-4879-B549-7790FFBC7EF1}] => (Allow) D:\SteamLibrary\steamapps\common\The Incredible Adventures of Van Helsing Final Cut\VanHelsing.exe
FirewallRules: [{7BCD5FD6-2D8A-41FB-9F2C-651732349E6F}] => (Allow) D:\SteamLibrary\steamapps\common\The Incredible Adventures of Van Helsing Final Cut\VanHelsing.exe
FirewallRules: [{57D6341A-53F3-4566-8848-5F15C612156E}] => (Allow) D:\SteamLibrary\steamapps\common\GRAV\Binaries\Win64\CAGGame-Win64-Shipping.exe
FirewallRules: [{7C107002-4341-45F8-A6A8-85F0D93EC682}] => (Allow) D:\SteamLibrary\steamapps\common\GRAV\Binaries\Win64\CAGGame-Win64-Shipping.exe
FirewallRules: [{5C69D1C3-AF63-4DF6-8C6C-1F16B5323A88}] => (Allow) D:\SteamLibrary\steamapps\common\TeleglitchDME\Teleglitch.exe
FirewallRules: [{079A1F9B-0952-4A27-BF9C-3C2C738E567A}] => (Allow) D:\SteamLibrary\steamapps\common\TeleglitchDME\Teleglitch.exe
FirewallRules: [{987E35B4-2482-4A3D-BBBB-6FBFAE3878DB}] => (Allow) D:\SteamLibrary\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{613A6CF6-189B-4B4B-B107-8781F304A5C6}] => (Allow) D:\SteamLibrary\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{E9828C34-CAC3-4090-8319-0AD0A45B0CD6}] => (Allow) D:\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{E2253C37-BB81-4372-8E90-B1B4BB000ED2}] => (Allow) D:\SteamLibrary\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe
FirewallRules: [{9B653452-A045-4FB2-AF99-3E501E436899}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{61B55691-78B6-47E9-801D-C2351103C8A2}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{94344409-637B-4369-94FE-04815D46691D}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E0B175F0-CBDB-46CE-BA05-CC12A80960F7}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7D0BFF05-FA19-46D1-B05E-4075311C5422}] => (Allow) D:\SteamLibrary\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{D079DC5B-F78C-4817-88D5-595217EC53CF}] => (Allow) D:\SteamLibrary\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [TCP Query User{149FA3F0-06A1-4A42-8E2D-58F7404EB209}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{B316303E-04BC-4984-818D-835A0219D983}D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{7A831836-737F-4DE7-91E2-CA05F3A6C46A}] => (Allow) D:\SteamLibrary\steamapps\common\BRINK\brink.exe
FirewallRules: [{9B6D1B10-BDCE-42F0-A416-5D6D25C0E6DB}] => (Allow) D:\SteamLibrary\steamapps\common\BRINK\brink.exe
FirewallRules: [{491CBC67-D054-47D2-ABF1-AADAF43A5F17}] => (Allow) D:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{EA1C42EE-FB8B-4784-A7DB-8D562D67B560}] => (Allow) D:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{27640616-83BD-4199-A5D1-E3501E2A888F}] => (Allow) D:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{379E825B-1E76-488F-AB97-4022EC50914E}] => (Allow) D:\SteamLibrary\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{4BFB3F99-5FCF-4D25-8EEF-E4070EE9A24C}] => (Allow) D:\SteamLibrary\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{61622850-E5C7-49D6-9035-C2E720DDA651}] => (Allow) D:\SteamLibrary\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{64287E3F-CF8E-42DA-9BAF-8FAE68208C41}] => (Allow) D:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{DEDBDC11-A4ED-48A2-A48A-62C5A2CBD815}] => (Allow) D:\SteamLibrary\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{2A842F8B-C6A2-4CDC-B006-38053051D4C4}] => (Allow) D:\SteamLibrary\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{FE3B5A0D-2C9F-438B-9798-25D0F277B36A}] => (Allow) D:\SteamLibrary\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{12DFBF7B-B2DB-4502-B958-1FDF26A40730}] => (Allow) D:\SteamLibrary\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{6777FF25-127B-412B-8E0A-ACB04E76F36D}] => (Allow) D:\SteamLibrary\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [TCP Query User{5E3D807D-AD12-4387-85B7-2DD5F3255F8A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{2AA318EC-3FBE-4C97-81B1-5ADA9A4A116C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{E73C4029-C6A2-4E11-843A-13BA23D0998C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{0235B832-3108-4A12-A09D-26861536D822}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{D590539E-0412-4F43-939F-F79ECCFDC5FF}D:\epicgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epicgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{C56A7E6F-F112-4B83-8EDA-5C34FCB3D63F}D:\epicgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epicgames\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{C6734B34-F7A4-46CC-BAD5-4040BB6C15C0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{8F97C941-279A-443B-B8F3-1F212A4F168E}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{9CEAA876-DA33-46F3-95E4-619C829735BC}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0BF33DC7-6A82-431D-89BE-B2D286567A77}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{483924B7-52BF-4313-ADFD-69DEB1103DDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{74F66709-23B3-4172-BA66-29DBF552A076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{DB966DA4-9061-40F0-BF0D-E753BD5C3A17}] => (Allow) D:\SteamLibrary\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{D3B1E6A2-1769-4323-915B-883D2090BC24}] => (Allow) D:\SteamLibrary\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe
FirewallRules: [{7D58C011-C07F-467E-AD77-4FCBDBF2AC95}] => (Allow) D:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{8A410DEE-FB50-4CC7-B092-D727F8CE1CF7}] => (Allow) D:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{70948110-90B2-488C-A178-C5FD1DD05124}] => (Allow) D:\SteamLibrary\steamapps\common\SUPERHOTMCD\SUPERHOTMCD.exe
FirewallRules: [{98C76B68-8957-4DFD-B858-5817D129A2E3}] => (Allow) D:\SteamLibrary\steamapps\common\SUPERHOTMCD\SUPERHOTMCD.exe
FirewallRules: [TCP Query User{B920C462-8397-4F94-96FB-3CEEE4AA7BF5}D:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [UDP Query User{9417FF10-D8A2-4B85-B8A1-8FB5BC06DDD5}D:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) D:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe
FirewallRules: [{5C3FD861-720A-4569-B8BB-9C8F698F16C9}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{DA7ECC5B-272C-42C3-899A-E2F73BDEE3ED}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{617A3DF0-062C-4754-9E7D-C340769145F7}] => (Allow) D:\SteamLibrary\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{C8C83037-06AE-4214-AE95-352AF469871A}] => (Allow) D:\SteamLibrary\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [TCP Query User{78C3D19F-38FC-429C-8B8F-8C16217B48B6}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{E7C353AA-6657-439D-80D9-2AD388FB6727}D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{7BF81F96-ACBE-419B-A4EC-046B3EDD6563}] => (Allow) D:\SteamLibrary\steamapps\common\Monsters\Monsters.exe
FirewallRules: [{FCC9459E-E136-48B2-ABEC-16EE34DE81D4}] => (Allow) D:\SteamLibrary\steamapps\common\Monsters\Monsters.exe
FirewallRules: [{9CC761AF-3E75-41EF-81C3-BCE5AB667B29}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{7858FA77-E4CA-48F3-856E-D5B9108DCF7C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CFEB8BF3-0B80-4E6F-B29C-AB265A3FA4D4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{4AA46335-A335-4ECA-95CD-C650F751D510}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{0EAE2BD7-9B4E-498E-BC74-31290EFAB71F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B58355CA-53DF-43D4-9B7D-C7FFF63285F1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{467BB827-BA2A-4B1A-8A87-7AA0443B6FE4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{4868A985-3318-4F4F-9A9C-6ABBD83E8808}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [TCP Query User{1E804132-1BF5-4A26-9637-2B1F62AFDEDC}D:\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B94E772A-2598-42E7-9CC0-A3AFA7D5CCBA}D:\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{F2574DF8-4988-43EF-8543-45FBA4C9072F}D:\lol\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe
FirewallRules: [UDP Query User{AA819D00-7CC2-417B-A24D-4B83C46C6A88}D:\lol\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe
FirewallRules: [TCP Query User{93F05370-9877-43E6-B951-E7D702A52CEC}D:\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E2C3B3CF-4B2B-46E4-8688-4EC1FB99D9CD}D:\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [{8FEA2DF0-9C5B-4006-BB75-89EAE15CB0B6}] => (Allow) D:\SteamLibrary\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{5690BDF7-F35A-40E2-8FAD-3B8D6FE183EA}] => (Allow) D:\SteamLibrary\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [TCP Query User{1D00B595-BA92-4E00-A26A-9F124A5A7BAE}D:\lol\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{AC685540-0CAD-4564-990F-8D44878AC6C3}D:\lol\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [{954C790A-9E61-44B2-8A6D-121F70E3FD54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{57D0673F-B0DA-4EB3-88D9-DE856D13C6CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E836623C-EAAF-4E91-B9C5-3F3504C8BD22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F828CCEC-7AA4-483C-90A2-ABFD65974D26}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4E4376D4-57B8-4C4E-A143-696567B11F78}D:\lol\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [UDP Query User{5E5CC155-FB51-43BF-82A3-4B4C72ADEB81}D:\lol\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.139\deploy\leagueclient.exe
FirewallRules: [{A4727759-693E-4E02-A90C-4439FD8A207B}] => (Allow) D:\Uplay\Ubisoft Game Launcher\games\Far Cry Primal\bin\FCPrimal.exe
FirewallRules: [{3CAD7C6E-0377-4552-A9D1-F9C8C361113B}] => (Allow) D:\SteamLibrary\steamapps\common\H1Z1\H1Z1_BE.exe
FirewallRules: [{E492B73E-041F-43DB-886F-D7EA32EDBC5E}] => (Allow) D:\SteamLibrary\steamapps\common\H1Z1\H1Z1_BE.exe
FirewallRules: [TCP Query User{9DCA8CE8-2737-489C-9C48-6E27C3168273}D:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{DB79DC16-BF98-4603-B0C4-F2ED1C5E69D2}D:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{4C66AE27-B37C-47F8-91A1-E59C5A60E12F}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{AA4124C5-04F9-467A-8866-28A5C030845E}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{0D2A4930-220E-4F69-841A-0EFDBC330549}D:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{D9D0F42F-8DE6-4721-A9EF-2501FBC6F21B}D:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [{8A979530-AE68-48EE-85FA-4A684582A044}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{BDB39B11-BAEA-4407-A7FD-1807E2E65C46}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{F9F547C3-2E4E-42B3-AE4D-1782B01DD92F}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{194EB011-FDB0-4F61-B30B-441C6E6368E8}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{2204404A-893A-4D3B-8596-C728CBACF9E1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C98B617D-7046-4022-B227-5C4DC59D334D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{BD56C7F8-F807-4E11-8906-57F26F8EC0BD}D:\lol\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D2AFDC4A-23EF-4AE6-BA54-49FC684F0599}D:\lol\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [{85BEEE83-2743-4E15-8E63-3BFE0B68EC05}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{E6AE0D3A-B7E3-4952-BF60-9F09BCADF26E}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{DE9C462C-3ED5-46C6-8E2B-C2AA82004C9E}] => (Allow) D:\SteamLibrary\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{051FEC82-D7E7-48DE-9D37-6C791F32B2A1}] => (Allow) D:\SteamLibrary\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{4BBC0CFC-2BF4-48FF-95C8-E357F32BBC27}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{4F43BF77-8BBF-4FA3-83FB-264B1A58B6B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3CB063D1-E280-4F15-9DC0-EF48BD1CB88E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{387CCEBC-E74A-4D2E-9908-C6B00D1CC9E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{CE47DB4A-22D6-4D0B-BAF6-F251FFCA91A7}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{0D6F3843-CA4C-49F3-97B0-F0685BD0DD3D}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{4945F15F-4FF8-44AB-9188-C6A221E14633}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{4E40F23D-B900-49B9-A298-DD70DEAB3377}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3485ACAD-07D3-4772-931D-F84AC4250653}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{235A3741-EFA0-4FEA-9A98-BE022C0786E3}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{B3521654-007C-4922-BBA0-E8429B7A63E8}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{0B19366F-2C38-4FA0-B800-781AAB8C4F48}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{EA53363F-918C-4FFA-B6E7-5F6A94DA0D19}] => (Allow) D:\SteamLibrary\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{1564D659-B220-4374-9A7E-A4FFFA2ED150}] => (Allow) D:\SteamLibrary\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{6F80F167-90C9-43FD-B3EC-1CC40B7E1A3E}] => (Allow) D:\SteamLibrary\steamapps\common\Iron Snout\IronSnout.exe
FirewallRules: [{9B8A683B-A48B-43EA-9F71-CCD729C6CB0B}] => (Allow) D:\SteamLibrary\steamapps\common\Iron Snout\IronSnout.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2018 01:44:26 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (06/18/2018 01:44:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (06/18/2018 01:44:08 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (06/18/2018 01:44:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (06/18/2018 12:59:32 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (06/18/2018 12:59:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (06/18/2018 12:54:27 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (06/18/2018 12:54:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C


System errors:
=============
Error: (06/18/2018 01:45:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/18/2018 01:44:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/18/2018 01:44:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/18/2018 01:44:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/18/2018 01:44:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/18/2018 01:44:32 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/18/2018 01:44:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/18/2018 01:44:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2017-11-11 02:55:43.334
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2017-11-11 02:39:01.608
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mvs91xx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-11-11 02:39:01.608
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mvs91xx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 14%
Total physical RAM: 16349.88 MB
Available physical RAM: 13971.97 MB
Total Virtual: 16348.06 MB
Available Virtual: 13816 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:44.34 GB) NTFS
Drive d: (DataDisk) (Fixed) (Total:931.51 GB) (Free:21.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Vice_City_Play) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
Drive f: (BURRITOSSD) (Removable) (Total:29.98 GB) (Free:28.83 GB) FAT32

\\?\Volume{753b9e1e-c6b9-11e7-9171-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 4FC8393A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BA35402A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: 88E2630F)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,346 posts
  • MVP

Could you copy and paste your FRST.txt file?  For some reason I am unable to download it.


  • 0

#3
Burrito132

Burrito132

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Here it is
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Chris (administrator) on BURRITO-PC (18-06-2018 13:48:15)
Running from F:\
Loaded Profiles: Chris (Available Profiles: Chris & Alexandra)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google) C:\Users\Chris\AppData\Local\Google\Chrome SxS\User Data\SwReporter\24.137.203\software_reporter_tool.exe
(Google) C:\Users\Chris\AppData\Local\Google\Chrome SxS\User Data\SwReporter\24.137.203\software_reporter_tool.exe
(Google) C:\Users\Chris\AppData\Local\Google\Chrome SxS\User Data\SwReporter\24.137.203\software_reporter_tool.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Users\Chris\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Run: [Google Update] => C:\Users\Chris\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654728 2018-05-15] (Skype Technologies S.A.)
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Run: [Discord] => C:\Users\Chris\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-7126355-2372664010-1568705411-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-03-30]
ShortcutTarget: Twitch.lnk -> C:\Users\Chris\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-7126355-2372664010-1568705411-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D818202-46F0-4254-950D-5593CF1D28BE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-7126355-2372664010-1568705411-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D112617-A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
SearchScopes: HKU\S-1-5-21-7126355-2372664010-1568705411-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D112617-A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-21] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 130lxymy.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\130lxymy.default [2018-06-18]
FF Homepage: Mozilla\Firefox\Profiles\130lxymy.default -> hxxp://www.bing.com/?pc=COSP&ptag=D112617-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF NewTab: Mozilla\Firefox\Profiles\130lxymy.default -> hxxp://www.bing.com/?pc=COSP&ptag=D112617-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\130lxymy.default\features\{0b834026-82ea-4f15-a5a5-32a80098bc34}\[email protected] [2018-06-05] [Legacy]
FF SearchPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\130lxymy.default\searchplugins\bing-lavasoft.xml [2017-11-25]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-21] (Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-7126355-2372664010-1568705411-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-7126355-2372664010-1568705411-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://mountvernonhigh.mountvernonschools.org/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2018-06-18]
CHR Extension: (Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-11]
CHR Extension: (Turn Off the Lights) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2018-06-11]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-11]
CHR Extension: (Black Menu for Google™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2018-06-14]
CHR Extension: (Avast SafePrice) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-11]
CHR Extension: (Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Tab Groups) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccimjdagnkcchleckogmciiefdngcgl [2017-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-11]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-25]
CHR Extension: (Black red shards) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjlkkaalgfbbegfnjoclhfidancjpch [2017-11-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-05-21]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-05-09] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-08] (EasyAntiCheat Ltd)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-11-15] ()
S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2017-11-15] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-05-23] (Bluestack System Inc. )
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys C16B5B379A2A79702CC5FF923EAAE3FD
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\BstkDrv.sys AE5ADD416B20A7E39E71E4F8B46467E4
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\gdrv.sys 9AB9F3B75A2EB87FAFB1B7361BE9DFB3
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DFE85B031220F8E0271716BBB3C4C8FF
C:\Windows\System32\Drivers\ksecpkg.sys 70D7302DD70B979637179BFD8295C924
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 767C6DF04C5758B9F0790D400541B44F
C:\Windows\System32\DRIVERS\mrxsmb10.sys BD55F604FFABC911F8E5500186AE70E5
C:\Windows\System32\DRIVERS\mrxsmb20.sys 92EECFB046D4706A4B8D699A4069B6EC
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nx6000.sys BB590070D606AE6F008341FC9A7B2AD7
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 1065D9AFE491706EB00AD3CBB76C9E54
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 6DD0B2337F74336EB1F83C3866538F9B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 30072BE9FE207E0DB73DBD3EA7AE273F
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 3F39E00090D0CC71F6C393A51E7014E5
C:\Windows\System32\drivers\nvvad64v.sys 22C6DD258B9ED587EE83E90D5B5719C9
C:\Windows\System32\DRIVERS\nvvhci.sys 10B663AD8B52D46C72B2BC80B5498803
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys FB45727105E27756B3252572A138FA19
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 4D3B50366F453BF1D17CB3DD72A024FF
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 439F755B450CF66B139742CA32AACF9F
C:\Windows\System32\DRIVERS\RtNdPt60.sys 2B38C905492F36FE42B59DA52D6B4EB7
C:\Windows\System32\DRIVERS\RtTeam60.sys 3FB2FD668FA4CD4AED1953F85F916CF1
C:\Windows\System32\DRIVERS\RtVlan60.sys 8B6B42D782202363A562F82B0E13B1C0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 72E6A150A8C8530B201832D1C801CDE6
C:\Windows\System32\DRIVERS\srv2.sys C4F67ABCC5033D334613F28F9E782809
C:\Windows\System32\DRIVERS\srvnet.sys C53CB62B0E57488AAE41FDA0FF8A0AB9
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\System32\DRIVERS\RtTeam60.sys 3FB2FD668FA4CD4AED1953F85F916CF1
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\system32\drivers\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtVLAN60.sys 8B6B42D782202363A562F82B0E13B1C0
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 13:33 - 2018-06-18 13:48 - 000000000 ____D C:\FRST
2018-06-18 13:03 - 2018-06-18 13:03 - 000022936 ____N C:\bootsqm.dat
2018-06-18 12:54 - 2018-06-18 12:54 - 000359920 _____ C:\Windows\Minidump\061818-10264-01.dmp
2018-06-18 12:10 - 2018-06-18 12:54 - 466157464 _____ C:\Windows\MEMORY.DMP
2018-06-18 12:10 - 2018-06-18 12:10 - 000359920 _____ C:\Windows\Minidump\061818-10218-01.dmp
2018-06-18 11:46 - 2018-06-18 11:46 - 000000000 __SHD C:\Users\Chris\AppData\Roaming\Common
2018-06-18 11:44 - 2018-06-18 12:05 - 000000000 ____D C:\Users\Alexandra\AppData\Local\DisplayFusion
2018-06-18 11:44 - 2018-06-18 11:44 - 000000000 __SHD C:\Users\Alexandra\AppData\Roaming\Common
2018-06-18 11:44 - 2018-06-18 11:44 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\DisplayFusion
2018-06-18 11:43 - 2018-06-18 11:43 - 022010688 _____ (Binary Fortress Software ) C:\Users\Alexandra\Downloads\DisplayFusionSetup-9.2.4c.exe
2018-06-18 11:42 - 2018-06-18 11:42 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Sun
2018-06-18 11:42 - 2018-06-18 11:42 - 000000000 ____D C:\Users\Alexandra\AppData\LocalLow\Sun
2018-06-18 11:40 - 2018-06-18 11:40 - 000057560 _____ C:\Users\Alexandra\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-18 11:38 - 2018-06-18 12:55 - 000000000 ____D C:\Windows\pss
2018-06-18 11:38 - 2018-06-18 11:38 - 000000000 ____D C:\Users\Alexandra\AppData\Local\CEF
2018-06-18 11:37 - 2018-06-18 11:40 - 000000000 ____D C:\Users\Alexandra\AppData\Local\NVIDIA
2018-06-18 11:37 - 2018-06-18 11:39 - 000000000 ____D C:\Users\Alexandra\AppData\Local\NVIDIA Corporation
2018-06-18 11:37 - 2018-06-18 11:37 - 000001409 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-06-18 11:37 - 2018-06-18 11:37 - 000001240 __RSH C:\Users\Alexandra\ntuser.pol
2018-06-18 11:37 - 2018-06-18 11:37 - 000000020 ___SH C:\Users\Alexandra\ntuser.ini
2018-06-18 11:37 - 2018-06-18 11:37 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Adobe
2018-06-18 11:37 - 2018-06-18 11:37 - 000000000 ____D C:\Users\Alexandra\AppData\Local\VirtualStore
2018-06-18 11:37 - 2018-06-18 11:37 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Google
2018-06-18 11:36 - 2018-06-18 11:37 - 000000000 ____D C:\Users\Alexandra
2018-06-18 11:36 - 2009-07-14 00:45 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Media Center Programs
2018-06-18 11:34 - 2018-06-18 11:35 - 000000632 __RSH C:\Users\Chris\ntuser.pol
2018-06-05 12:42 - 2018-06-05 12:42 - 000000027 _____ C:\Users\Chris\Desktop\Steam.txt
2018-06-05 00:38 - 2018-06-05 00:38 - 001106840 _____ (Unity Technologies ApS) C:\Users\Chris\Downloads\UnityWebPlayer64(2).exe
2018-06-05 00:37 - 2018-06-05 00:37 - 001106840 _____ (Unity Technologies ApS) C:\Users\Chris\Downloads\UnityWebPlayer64(1).exe
2018-06-01 03:54 - 2018-06-01 11:49 - 000000000 ____D C:\Users\Chris\Desktop\Blenders
2018-06-01 03:11 - 2018-06-01 03:11 - 000000022 _____ C:\Users\Chris\Downloads\FabricRope001.zip
2018-06-01 03:11 - 2018-06-01 03:11 - 000000000 ____D C:\Users\Chris\Downloads\FabricRope001
2018-05-30 19:04 - 2018-05-30 19:04 - 000020728 _____ C:\Users\Chris\Downloads\Range Display - 1.3 Beta-1179-2-4-0-beta-1.zip
2018-05-30 18:58 - 2018-05-30 18:58 - 001445183 _____ C:\Users\Chris\Downloads\SMAPI-2.6-beta.15-installer.zip
2018-05-30 18:58 - 2018-05-30 18:58 - 000000000 ____D C:\Users\Chris\Downloads\SMAPI-2.6-beta.15-installer
2018-05-30 18:57 - 2018-05-30 18:57 - 000020669 _____ C:\Users\Chris\Downloads\Range Display-1179-2-3-0.zip
2018-05-28 14:51 - 2018-05-28 14:51 - 000002277 _____ C:\Users\Chris\Desktop\BTD Battles.lnk
2018-05-28 14:48 - 2018-05-28 14:48 - 000001547 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2018-05-28 14:48 - 2018-05-28 14:48 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-05-28 14:47 - 2018-05-28 14:48 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-05-28 14:47 - 2018-05-28 14:48 - 000000000 ____D C:\ProgramData\BlueStacks
2018-05-28 14:47 - 2018-05-28 14:48 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2018-05-28 14:47 - 2018-05-28 14:47 - 000000000 ____D C:\Users\Chris\AppData\Local\Bluestacks
2018-05-28 14:45 - 2018-05-28 14:46 - 434042496 _____ (BlueStack Systems Inc.) C:\Users\Chris\Downloads\BlueStacks-Installer_BS3_native_8a726ca4644d024990d973bae5592ac0.exe
2018-05-24 20:19 - 2018-05-24 20:19 - 000000354 _____ C:\Users\Chris\Desktop\Stardew Valley Editor.appref-ms
2018-05-24 20:19 - 2018-05-24 20:19 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDV Modders
2018-05-24 20:18 - 2018-05-24 20:18 - 000805696 _____ () C:\Users\Chris\Downloads\WPF Version-127-1-0-0-58.exe
2018-05-24 20:07 - 2018-05-24 20:07 - 000000380 _____ C:\Users\Chris\Downloads\README
2018-05-24 20:06 - 2018-05-24 20:06 - 000000000 ____D C:\Users\Chris\AppData\Local\Notepad++
2018-05-24 20:05 - 2018-05-24 20:14 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Notepad++
2018-05-24 20:05 - 2018-05-24 20:09 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-05-24 20:05 - 2018-05-24 20:05 - 004204144 _____ C:\Users\Chris\Downloads\npp.6.9.Installer.exe
2018-05-24 20:05 - 2018-05-24 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-22 15:42 - 2018-05-22 15:42 - 044040192 _____ C:\Users\Chris\Downloads\VID_20180522_125703.mp4
2018-05-21 16:01 - 2018-05-21 16:01 - 000691048 _____ C:\Users\Chris\Downloads\dice 2 (1).blend
2018-05-21 15:37 - 2018-05-21 15:38 - 000684472 _____ C:\Users\Chris\Downloads\dice 2.blend
2018-05-21 15:37 - 2018-05-21 15:37 - 000691048 _____ C:\Users\Chris\Downloads\dice 2.blend1
2018-05-19 14:43 - 2018-05-19 14:43 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\Landfall
2018-05-19 14:42 - 2018-05-19 14:42 - 000000260 _____ C:\Users\Chris\Desktop\Titan Souls.url
2018-05-19 14:40 - 2018-05-19 14:40 - 000000267 _____ C:\Users\Chris\Desktop\Clustertruck.url
2018-05-19 14:36 - 2018-05-19 14:36 - 001106840 _____ (Unity Technologies ApS) C:\Users\Chris\Downloads\UnityWebPlayer64.exe
2018-05-19 14:36 - 2018-05-19 14:36 - 000000000 ____D C:\Program Files\Unity
2018-05-16 09:56 - 2018-05-16 09:56 - 002880015 _____ C:\Users\Chris\Downloads\SMAPI-2.6-beta.13-installer.zip
2018-05-16 09:56 - 2018-05-16 09:56 - 000000000 ____D C:\Users\Chris\Downloads\SMAPI-2.6-beta.13-installer
2018-05-16 09:55 - 2018-05-16 09:55 - 000018367 _____ C:\Users\Chris\Downloads\RotateToolbar 1.2.1.zip-1100-1-2-1.zip
2018-05-12 11:14 - 2018-05-12 11:14 - 000000000 ____D C:\Users\Chris\Screenshot
2018-05-11 14:39 - 2018-06-16 17:50 - 000000000 ____D C:\Users\Chris\AppData\Roaming\StardewValley
2018-05-11 14:39 - 2018-05-11 14:39 - 000000000 ____D C:\Users\Chris\AppData\Local\GOG.com
2018-05-11 14:38 - 2018-05-11 14:38 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2018-05-11 14:29 - 2018-05-11 14:29 - 000000222 _____ C:\Users\Chris\Desktop\Shadow Warrior 2.url
2018-05-11 14:28 - 2018-06-16 17:49 - 000000222 _____ C:\Users\Chris\Desktop\Stardew Valley.url
2018-05-11 04:37 - 2018-05-11 04:37 - 000511527 _____ C:\Users\Chris\Downloads\b2137911-c969-4e85-a39f-383689f9b0c6.mp4
2018-05-11 04:25 - 2018-05-11 05:54 - 000000000 ____D C:\Users\Chris\Desktop\Autumn Pics
2018-05-10 22:43 - 2018-05-10 22:43 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-05-10 22:43 - 2018-05-10 22:43 - 000000000 ____D C:\Users\Chris\RPG (rm2kdev)
2018-05-10 22:43 - 2018-05-10 22:43 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPG (rm2kdev)
2018-05-05 19:23 - 2018-05-05 19:48 - 000000000 ____D C:\Users\Chris\Documents\GTA Vice City User Files
2018-05-05 19:17 - 2018-05-05 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2018-05-01 19:21 - 2018-05-01 19:22 - 000000000 ____D C:\Users\Chris\AppData\Local\PAYDAY 2
2018-05-01 19:21 - 2018-05-01 19:21 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-01 18:32 - 2018-05-01 18:32 - 000000222 _____ C:\Users\Chris\Desktop\PAYDAY 2.url
2018-05-01 18:07 - 2018-05-01 18:07 - 000000000 ____D C:\Users\Chris\AppData\Local\SCE
2018-05-01 17:55 - 2018-05-01 17:55 - 000000222 _____ C:\Users\Chris\Desktop\H1Z1.url
2018-05-01 17:30 - 2018-05-01 17:33 - 000000000 ____D C:\Users\Chris\AppData\Local\Skyrim
2018-05-01 16:36 - 2018-05-02 10:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Skyrim Special Edition
2018-05-01 02:13 - 2018-05-01 02:13 - 000000948 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2018-05-01 02:13 - 2018-05-01 02:13 - 000000918 _____ C:\Users\Chris\Desktop\Start Tor Browser.lnk
2018-05-01 02:12 - 2018-05-01 02:13 - 000000000 ____D C:\Users\Chris\Tor Browser
2018-05-01 02:09 - 2018-05-01 02:09 - 053707712 _____ C:\Users\Chris\Downloads\torbrowser-install-7.5.3_en-US.exe
2018-05-01 01:35 - 2018-05-01 01:35 - 087911331 _____ C:\Users\Chris\Downloads\VID_20180419_184308.mp4
2018-04-30 22:28 - 2018-04-30 22:28 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\ESG
2018-04-30 22:18 - 2018-04-30 22:18 - 000000000 ____D C:\Users\Chris\AppData\Roaming\com.playsaurus.heroclicker
2018-04-30 10:40 - 2018-04-30 10:40 - 017841036 _____ C:\Users\Chris\Downloads\gbe_plus_1.2.7z
2018-04-30 10:39 - 2018-04-30 10:39 - 002156125 _____ C:\Users\Chris\Downloads\gbe-plus-1.2.zip
2018-04-25 17:55 - 2018-04-25 17:55 - 000000212 _____ C:\Users\Chris\Desktop\Far Cry Primal.url
2018-04-25 17:53 - 2018-05-07 14:04 - 000000000 ____D C:\Users\Chris\AppData\Local\Ubisoft Game Launcher
2018-04-25 17:53 - 2018-04-25 17:53 - 000000698 _____ C:\Users\Chris\Desktop\Uplay.lnk
2018-04-25 17:53 - 2018-04-25 17:53 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-04-25 17:52 - 2018-04-25 17:52 - 072890528 _____ (Ubisoft) C:\Users\Chris\Downloads\UplayInstaller.exe
2018-04-16 12:05 - 2018-04-16 12:07 - 000000000 ____D C:\Users\Chris\Desktop\AAAAUTUMN
2018-04-15 18:07 - 2018-04-15 18:07 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\Temp
2018-04-15 11:11 - 2018-05-10 22:45 - 000000000 ____D C:\Users\Chris\Desktop\Keep
2018-04-13 15:19 - 2018-05-05 19:23 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-04-13 15:01 - 2018-04-13 15:01 - 000000000 ____D C:\Users\Chris\AppData\Local\Oblivion
2018-04-10 22:52 - 2018-04-10 22:52 - 002542916 _____ C:\Users\Chris\Documents\AutumnFirst.blend
2018-04-10 22:39 - 2018-04-10 22:41 - 000000385 _____ C:\Users\Chris\Desktop\Definitely Not A Virus.txt
2018-04-10 22:19 - 2018-04-10 22:31 - 248836124 _____ C:\Users\Chris\Desktop\Autumn Ring.avi
2018-04-10 19:14 - 2018-04-10 19:14 - 001171025 _____ C:\Users\Chris\Downloads\video-1477838113.mp4
2018-04-09 22:33 - 2018-04-10 20:53 - 000000000 ____D C:\Users\Chris\AppData\Local\TeamViewer
2018-04-09 22:32 - 2018-06-16 17:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-09 22:32 - 2018-05-01 17:21 - 000000000 ____D C:\Users\Chris\AppData\Roaming\TeamViewer
2018-04-09 22:32 - 2018-04-09 22:32 - 000001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-09 22:21 - 2018-04-09 22:21 - 020367104 _____ (TeamViewer GmbH) C:\Users\Chris\Downloads\TeamViewer_Setup.exe
2018-04-09 18:44 - 2018-04-09 18:44 - 000000917 _____ C:\Users\Chris\Desktop\Cube.exe - Shortcut.lnk
2018-04-09 18:25 - 2018-04-09 18:33 - 000000000 ____D C:\Users\Chris\Desktop\Cube World Mods
2018-04-09 18:16 - 2018-04-09 18:51 - 000000000 ____D C:\Program Files (x86)\Cube World
2018-04-09 18:16 - 2018-04-09 18:16 - 000001037 _____ C:\Users\Public\Desktop\Cube World.lnk
2018-04-09 18:16 - 2018-04-09 18:16 - 000000000 ____D C:\ProgramData\Picroma
2018-04-02 06:51 - 2018-05-19 14:42 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2018-04-02 06:51 - 2018-04-02 06:51 - 000000266 _____ C:\Users\Chris\Desktop\Devil May Cry HD Collection  Devil May Cry HD.url
2018-04-02 06:44 - 2018-04-02 06:44 - 000000000 ____D C:\Program Files (x86)\Twitch
2018-03-31 14:30 - 2018-03-31 14:30 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-30 21:00 - 2018-06-18 11:49 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Twitch
2018-03-30 21:00 - 2018-03-30 21:00 - 000000885 _____ C:\Users\Chris\Desktop\Twitch.lnk
2018-03-30 21:00 - 2018-03-30 21:00 - 000000871 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2018-03-30 21:00 - 2018-03-30 21:00 - 000000000 ____D C:\ProgramData\Twitch
2018-03-30 17:17 - 2018-03-30 17:38 - 000000000 ____D C:\DosGames
2018-03-30 17:16 - 2018-03-30 17:16 - 000000000 ____D C:\Users\Chris\AppData\Local\DOSBox
2018-03-30 17:16 - 2018-03-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2018-03-30 17:16 - 2018-03-30 17:16 - 000000000 ____D C:\Program Files (x86)\DOSBox-0.74
2018-03-30 03:48 - 2018-03-30 03:48 - 000000221 _____ C:\Users\Chris\Desktop\Spec Ops The Line.url
2018-03-26 21:32 - 2018-03-26 21:35 - 000000068 _____ C:\Users\Chris\Desktop\pick.ahk

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-18 13:45 - 2017-11-11 01:22 - 001852834 _____ C:\Windows\ntbtlog.txt
2018-06-18 13:43 - 2017-11-11 05:21 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-18 13:43 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-18 13:42 - 2017-11-25 22:02 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-18 13:33 - 2009-07-13 22:13 - 000781738 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-18 13:33 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-06-18 12:54 - 2017-11-30 22:13 - 000000000 ____D C:\Windows\Minidump
2018-06-18 12:52 - 2017-11-21 17:33 - 000000000 ____D C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2018-06-18 12:07 - 2018-01-18 05:02 - 000003136 _____ C:\Windows\System32\Tasks\{F804A2A9-A59B-4599-B9CA-E438E48B50F1}
2018-06-18 12:07 - 2017-12-26 00:45 - 000003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7126355-2372664010-1568705411-1000UA
2018-06-18 12:07 - 2017-12-26 00:45 - 000003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7126355-2372664010-1568705411-1000Core
2018-06-18 12:07 - 2017-11-25 22:03 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-06-18 12:07 - 2017-11-11 05:22 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:22 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-18 12:07 - 2017-11-11 05:07 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-18 12:07 - 2017-11-11 05:07 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-18 12:07 - 2017-11-11 04:08 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-18 12:07 - 2017-11-11 04:08 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-18 12:05 - 2009-07-13 21:45 - 000013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-18 12:05 - 2009-07-13 21:45 - 000013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-18 11:46 - 2017-11-11 15:27 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-18 11:35 - 2017-11-11 01:30 - 000000000 ____D C:\Users\Chris
2018-06-18 11:34 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicyUsers
2018-06-18 11:34 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-18 03:57 - 2017-12-26 00:46 - 000002425 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2018-06-18 03:57 - 2017-12-26 00:46 - 000002388 _____ C:\Users\Chris\Desktop\Google Chrome Canary.lnk
2018-06-16 17:06 - 2017-11-24 16:30 - 000000000 ____D C:\Users\Chris\AppData\Roaming\discord
2018-06-16 17:05 - 2017-11-14 22:30 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-06-14 00:25 - 2017-11-11 04:08 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 00:25 - 2017-11-11 04:08 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-11 01:02 - 2017-11-11 12:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-11 01:02 - 2017-11-11 12:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-08 02:21 - 2017-11-11 05:07 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-08 02:21 - 2017-11-11 05:07 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-08 02:21 - 2017-11-11 05:07 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-08 02:21 - 2017-11-11 05:07 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-07 23:19 - 2017-11-11 03:22 - 000000000 ____D C:\Users\Chris\AppData\Local\Deployment
2018-06-05 00:36 - 2017-11-11 12:55 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2018-05-23 11:08 - 2017-11-14 22:28 - 000000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2018-05-19 14:42 - 2017-11-11 15:31 - 000000000 ____D C:\Users\Chris\Documents\My Games
2018-05-19 14:36 - 2017-11-11 12:55 - 000000000 ____D C:\Users\Chris\AppData\Local\Mozilla
2018-05-19 14:35 - 2017-11-11 12:55 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Mozilla

Some files in TEMP:
====================
2018-05-05 19:23 - 2018-05-08 14:37 - 000036864 _____ () C:\Users\Chris\AppData\Local\Temp\CmdLineExt02.dll
2018-05-09 13:12 - 2017-09-19 20:57 - 000037376 _____ (Microsoft) C:\Users\Chris\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2018-05-09 13:12 - 2017-09-19 20:57 - 000020480 _____ (Microsoft) C:\Users\Chris\AppData\Local\Temp\HiRezLauncherControls.dll
2018-05-24 20:05 - 2018-05-24 20:05 - 004299968 _____ (Don HO [email protected]) C:\Users\Chris\AppData\Local\Temp\npp.7.5.6.Installer.exe
2018-05-05 19:23 - 2018-05-08 14:37 - 000012067 ____T () C:\Users\Chris\AppData\Local\Temp\SIntf16.dll
2018-05-05 19:23 - 2018-05-08 14:37 - 000019924 ____T () C:\Users\Chris\AppData\Local\Temp\SIntf32.dll
2018-05-05 19:23 - 2018-05-08 14:37 - 000024516 ____T () C:\Users\Chris\AppData\Local\Temp\SIntfNT.dll
2015-08-02 16:58 - 2015-08-02 16:58 - 000118784 _____ () C:\Users\Chris\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {5711aff1-d290-11e5-bbc6-cdfcc14e0307}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {5711aff5-d290-11e5-bbc6-cdfcc14e0307}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5711aff1-d290-11e5-bbc6-cdfcc14e0307}
nx                      OptIn
hypervisorlaunchtype    Off
quietboot               Yes

Windows Boot Loader
-------------------
identifier              {5711aff3-d290-11e5-bbc6-cdfcc14e0307}
device                  ramdisk=[C:]\Recovery\5711aff3-d290-11e5-bbc6-cdfcc14e0307\Winre.wim,{5711aff4-d290-11e5-bbc6-cdfcc14e0307}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\5711aff3-d290-11e5-bbc6-cdfcc14e0307\Winre.wim,{5711aff4-d290-11e5-bbc6-cdfcc14e0307}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {5711aff5-d290-11e5-bbc6-cdfcc14e0307}
device                  ramdisk=[C:]\Recovery\5711aff5-d290-11e5-bbc6-cdfcc14e0307\Winre.wim,{5711aff6-d290-11e5-bbc6-cdfcc14e0307}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\5711aff5-d290-11e5-bbc6-cdfcc14e0307\Winre.wim,{5711aff6-d290-11e5-bbc6-cdfcc14e0307}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {5711aff1-d290-11e5-bbc6-cdfcc14e0307}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {5711aff4-d290-11e5-bbc6-cdfcc14e0307}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\5711aff3-d290-11e5-bbc6-cdfcc14e0307\boot.sdi

Device options
--------------
identifier              {5711aff6-d290-11e5-bbc6-cdfcc14e0307}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\5711aff5-d290-11e5-bbc6-cdfcc14e0307\boot.sdi


LastRegBack: 2018-06-17 01:58

==================== End of FRST.txt ============================

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,346 posts
  • MVP

I can see where the file was downloaded and a few folders that it installed but there is no indication of how any of the files get triggered.  We can try removing the folders but I'm not optimistic.  I also see some minidumps so something is crashing.  For some reason you do not appear to have any  System Restore points or perhaps FRST can't see them  in safe mode.

 

We can try a fixlist:

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1.36KB   75 downloads

Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Also let's see what the dumps show:

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

Might be worth trying a System Restore just in case FRST can't see it:

 

https://www.groovypo...-restore-point/

 

 

 


 

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: frst, fixlist, pagefault

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP