Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Consistant BSODs with ndis as fault (W7 x64)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Plan9

Plan9

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 22 July 2018 - 03:24 PM

Hello,

 

I believe I have a kernel mode virus or rootkit. I can generate a BSOD by opening Steam and having it sync the saves of any game of a decent enough size (roughly 80MB or greater). I first started getting them June 13, and I have tried numerous things. On occasion instead of BSODing, it just deadlocks. The mouse doesn't move, HDD light goes off, and my cpu fan starts to spin down as though the CPU has no load and is idling.

 

I ran a boot time scan with avast. Nothing was found. (technically 1 FP, but it is part of a project I wrote)

I ran combofix on several different occasions, one time it disinfected ntdll.dll, another says ndis was infected.

I ran sfc /scannow from windows

I booted from a dvd and ran sfc with my windows install as the offline target, and I manually copied ndis over.

I uninstalled Avast and installed Avira and did a scan with that. Nothing was found.

I ran GMER and it found nothing. I looked at the output and didn't see anything out of the ordinary, although I likely missed something.

I ran MBAM which found something, however the issues persisted.

 

I thought it may be a failing piece of hardware, so I grabbed an old hard drive, quick formatted, and reinstalled windows 7 pro x64. I then ran windows updates until there were no more, and updated my motherboard, and ethernet drivers. I then installed steam and a game that I knew caused the issue. I then made steam sync, and there was no BSOD.

 

I'd rather not have to reinstall as I have plenty of programs which would be a pain to reinstall. If needed I can, everything of importance is backed up.

 

I have no idea what to do anymore, any assistance is appreciated. I have uploaded my combofix logs. I do have a minidump I can upload, however the site doesn't allow me to upload .dmps. If you would like I can change it to some other extension to upload it.

 

Thank you.

 

Specs

 

Windows 7 professional 64

CPU Phenom II x4 955t

Motherboard Asus M4A78T-E

EVGA GTX 970

4x2GB ram

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by Garrett (administrator) on PWN (22-07-2018 16:17:58)
Running from E:\downloads
Loaded Profiles: Garrett (Available Profiles: Garrett)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(EVGA Corp.) E:\Programs\EVGA\PrecisionX 16\PrecisionX_x64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Discord Inc.) C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\Discord.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Discord Inc.) C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\Discord.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) E:\Programs\Origin\OriginWebHelperService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) E:\Programs\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Garrett\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(EVGA Corp.) E:\Programs\EVGA\PrecisionX 16\PrecisionXServer.exe
(EVGA Corp.) E:\Programs\EVGA\PrecisionX 16\PrecisionXServer_x64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Trend Micro Inc.) E:\Programs\Trend Micro\HiJackThis\HiJackThis.exe
(Don HO don.h@free.fr) E:\Programs\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NirSoft) E:\Programs\NirSoft\BlueScreenView\BlueScreenView.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-06] (Razer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\Run: [Discord] => C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7070CA46-B499-4CD7-A071-B32C6BCDCDC9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Programs\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Programs\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} hxxps://asa1.njit.edu/CACHE/stc/2/binaries/vpnweb.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355 [2018-07-22]
FF Extension: (Avira Browser Safety) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\abs@avira.com [2018-07-19]
FF Extension: (MEGA) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\firefox@mega.co.nz.xpi [2018-07-19]
FF Extension: (HTTPS Everywhere) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\https-everywhere-eff@eff.org.xpi [2018-06-21]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2018-06-19]
FF Extension: (Enhanced Steam) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2018-03-28]
FF Extension: (uBlock Origin) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\uBlock0@raymondhill.net.xpi [2018-07-17]
FF Extension: (uMatrix) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\uMatrix@raymondhill.net.xpi [2018-07-17]
FF Extension: (User Agent Switcher) - C:\Users\Garrett\AppData\Roaming\Mozilla\Firefox\Profiles\j9uh0z2d.default-1443898521355\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-10-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-09] ()
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\Programs\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-09] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> E:\Programs\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\Programs\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Programs\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Programs\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-4235691187-2427842575-2540936415-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Garrett\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-4235691187-2427842575-2540936415-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Garrett\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4235691187-2427842575-2540936415-1001: @talk.google.com/O1DPlugin -> C:\Users\Garrett\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4235691187-2427842575-2540936415-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4235691187-2427842575-2540936415-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4235691187-2427842575-2540936415-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-12-31] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Garrett\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Garrett\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jiekonljbeipfklhchhdjddejaennfnl] - C:\Users\Garrett\AppData\Local\JollyWallet\Chrome\JollyWallet.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [880040 2018-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [225384 2018-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [225384 2018-06-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-06-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-10] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-19] (Apple Inc.)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; E:\Programs\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
S3 Origin Client Service; E:\Programs\Origin\OriginClientService.exe [2155328 2018-01-17] (Electronic Arts)
R2 Origin Web Helper Service; E:\Programs\Origin\OriginWebHelperService.exe [3025224 2018-01-17] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189776 2018-03-14] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 TeamViewer; E:\Programs\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
S3 VSStandardCollectorService140; E:\Programs\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 A4E46569; C:\Windows\System32\drivers\A4E46569.sys [478392 2016-01-11] (Kaspersky Lab ZAO)
R3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47160 2008-04-28] (AMD, Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2018-06-28] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-06-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-06-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2018-06-28] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2018-06-28] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2018-06-28] (Avira Operations GmbH & Co. KG)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-09] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-02-27] (Echobit, LLC)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-07-19] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-04-22] (NVIDIA Corporation)
S3 OSFMount; E:\Programs\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] () [File not signed]
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] () [File not signed]
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [41720 2018-03-08] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137592 2018-03-19] (Razer, Inc.)
S3 SilvrLnk; C:\Windows\System32\DRIVERS\silvrlnk.sys [129536 2012-03-07] (Texas Instruments) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2015-08-28] (The OpenVPN Project) [File not signed]
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [74120 2018-01-19] (Cisco Systems, Inc.)
S3 atillk64; \??\E:\Programs\AMD GPU Clock Tool\atillk64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\E:\LOCALT~1\cpuz135\cpuz135_x64.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
U3 fxldapow; \??\E:\LOCALT~1\fxldapow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-22 16:17 - 2018-07-22 16:17 - 000000000 ____D C:\FRST
2018-07-22 15:54 - 2018-07-22 15:54 - 000023332 _____ C:\Users\Garrett\Desktop\dds.txt
2018-07-22 15:54 - 2018-07-22 15:54 - 000019458 _____ C:\Users\Garrett\Desktop\attach.txt
2018-07-22 15:43 - 2018-07-22 15:43 - 000355847 ____N C:\Windows\Minidump\072218-11388-01.dmp
2018-07-19 16:08 - 2018-07-19 16:08 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-19 00:14 - 2018-07-19 00:14 - 000001780 _____ C:\Users\Public\Desktop\MTGArenaLauncher.lnk
2018-07-19 00:13 - 2018-07-19 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTGArena
2018-07-19 00:10 - 2018-07-22 15:59 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-07-19 00:10 - 2018-06-28 15:34 - 000199920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2018-07-19 00:10 - 2018-06-28 15:34 - 000153040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2018-07-19 00:10 - 2018-06-28 15:34 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2018-07-19 00:10 - 2018-06-28 15:34 - 000064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2018-07-19 00:10 - 2018-06-28 15:34 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2018-07-19 00:10 - 2018-06-28 15:34 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2018-07-19 00:09 - 2018-07-19 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-19 00:09 - 2018-07-19 00:09 - 000001194 _____ C:\Users\Public\Desktop\Avira.lnk
2018-07-19 00:08 - 2018-07-19 00:08 - 000032394 _____ C:\ComboFix.txt
2018-07-18 19:59 - 2018-07-19 01:59 - 000000000 ____D C:\Users\Garrett\Documents\MTGA
2018-07-18 18:57 - 2018-07-18 18:57 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\.mono
2018-07-18 18:57 - 2018-07-18 18:57 - 000000000 ____D C:\Users\Garrett\AppData\LocalLow\Wizards Of The Coast
2018-07-17 01:50 - 2018-07-17 01:50 - 000359943 ____N C:\Windows\Minidump\071718-10951-01.dmp
2018-07-13 18:58 - 2018-07-13 18:58 - 000001170 _____ C:\Users\Garrett\Desktop\Fallout 4 (F4SE).lnk
2018-07-12 19:51 - 2018-07-12 19:51 - 000000617 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2018-07-12 19:51 - 2018-07-12 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2018-07-12 19:06 - 2018-07-12 19:06 - 000360071 ____N C:\Windows\Minidump\071218-10920-01.dmp
2018-07-11 23:16 - 2018-07-13 18:53 - 000000000 ____D C:\NexusMods
2018-07-11 18:01 - 2018-07-20 16:34 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\vlc
2018-07-11 18:00 - 2018-07-11 18:00 - 000000873 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-07-11 18:00 - 2018-07-11 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-07-11 18:00 - 2018-07-11 18:00 - 000000000 ____D C:\Program Files\VideoLAN
2018-07-11 16:51 - 2018-07-11 16:51 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-09 23:47 - 2018-07-09 23:47 - 000359943 ____N C:\Windows\Minidump\070918-10592-01.dmp
2018-06-27 19:19 - 2016-04-14 09:49 - 000603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2018-06-27 19:19 - 2016-04-14 09:21 - 000647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2018-06-27 19:19 - 2016-04-09 00:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-06-27 19:19 - 2016-04-08 23:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-06-27 19:19 - 2015-12-08 17:54 - 002285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-06-27 19:19 - 2015-12-08 15:07 - 002777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-06-27 19:19 - 2015-07-30 14:06 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-06-27 19:19 - 2015-07-30 13:57 - 001987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-06-27 19:19 - 2015-02-03 23:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2018-06-27 19:19 - 2015-02-03 22:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2018-06-27 19:19 - 2013-11-26 04:16 - 003419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-06-27 19:19 - 2013-11-22 18:48 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-06-27 18:52 - 2013-01-13 17:17 - 000009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:17 - 000002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:16 - 000010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:11 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:11 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 17:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:35 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:35 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:35 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:31 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:31 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:31 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:31 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:31 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2018-06-27 18:52 - 2013-01-13 16:20 - 000293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2018-06-27 18:52 - 2013-01-13 16:09 - 000249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2018-06-27 18:52 - 2013-01-13 16:08 - 000220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2018-06-27 18:52 - 2013-01-13 15:53 - 000207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2018-06-27 18:52 - 2013-01-13 15:49 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2018-06-27 18:52 - 2013-01-13 15:48 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2018-06-27 18:52 - 2013-01-13 15:46 - 001080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2018-06-27 18:52 - 2013-01-13 15:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2018-06-27 18:52 - 2013-01-13 15:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2018-06-27 18:52 - 2013-01-13 15:25 - 000245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2018-06-27 18:52 - 2013-01-13 15:20 - 001238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2018-06-27 18:52 - 2013-01-13 15:20 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2018-06-27 18:52 - 2013-01-13 14:34 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2018-06-27 18:52 - 2013-01-13 14:09 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2018-06-27 18:52 - 2013-01-13 13:26 - 001158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2018-06-27 18:52 - 2013-01-13 13:05 - 001682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2018-06-27 18:48 - 2018-05-28 22:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-06-27 18:48 - 2018-05-28 22:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-27 18:48 - 2018-05-28 22:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-27 18:48 - 2018-05-28 22:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-27 18:48 - 2018-05-28 22:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-27 18:48 - 2018-05-28 22:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-27 18:48 - 2018-05-28 22:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-27 18:48 - 2018-05-28 22:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-27 18:48 - 2018-05-28 22:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 22:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-27 18:48 - 2018-05-28 22:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-27 18:48 - 2018-05-28 22:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-27 18:48 - 2018-05-28 22:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-27 18:48 - 2018-05-28 22:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-27 18:48 - 2018-05-28 21:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-06-27 18:48 - 2018-05-28 21:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-27 18:48 - 2018-05-28 21:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-27 18:48 - 2018-05-28 21:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-27 18:48 - 2018-05-28 21:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-27 18:48 - 2018-05-28 21:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-27 18:48 - 2018-05-28 21:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-27 18:48 - 2018-05-28 21:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-27 18:48 - 2018-05-28 21:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 21:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 21:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 21:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-27 18:48 - 2018-05-28 21:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-27 18:48 - 2018-05-28 21:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-27 18:48 - 2018-05-28 21:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-27 18:48 - 2018-05-28 21:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-27 18:48 - 2018-05-28 21:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-27 18:48 - 2018-05-28 20:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-27 18:48 - 2018-05-15 00:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-27 18:48 - 2018-05-14 23:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-27 18:48 - 2018-05-14 23:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-27 18:48 - 2018-05-14 23:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-27 18:48 - 2018-05-14 23:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-27 18:48 - 2018-05-14 23:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-27 18:48 - 2018-05-14 23:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-27 18:48 - 2018-05-14 23:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-27 18:48 - 2018-05-14 23:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-27 18:48 - 2018-05-14 23:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-27 18:48 - 2018-05-14 23:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-27 18:48 - 2018-05-14 23:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-27 18:48 - 2018-05-14 23:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-27 18:48 - 2018-05-14 21:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-27 18:48 - 2018-05-14 21:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-27 18:48 - 2018-05-11 22:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-27 18:48 - 2018-05-11 22:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-27 18:48 - 2018-05-11 22:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-27 18:48 - 2018-05-11 17:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-27 18:48 - 2018-05-11 17:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-27 18:48 - 2018-05-11 17:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-27 18:48 - 2018-05-10 20:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-27 18:48 - 2018-05-10 20:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-27 18:48 - 2018-05-10 20:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-27 18:48 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-06-27 18:48 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-06-27 18:48 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-06-27 18:48 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-06-27 18:48 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-06-27 18:48 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-06-27 18:48 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-06-27 18:48 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-06-27 18:48 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-06-27 18:48 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-06-27 18:48 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-06-27 18:48 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-06-27 18:48 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-06-27 18:48 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-06-27 18:48 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-06-27 18:48 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-06-27 18:48 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-06-27 18:48 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-06-27 18:48 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-06-27 18:48 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-06-27 18:48 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-06-27 18:48 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-06-27 18:48 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-06-27 18:48 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-06-27 18:48 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-06-27 18:48 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-06-27 18:48 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-06-27 18:48 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-06-27 18:48 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-27 18:48 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-06-27 18:48 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-06-27 18:48 - 2018-04-06 12:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-27 18:48 - 2018-04-06 12:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-27 18:48 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-06-27 18:48 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-06-27 18:48 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-06-27 18:48 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-06-27 18:48 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-06-27 18:48 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-06-27 18:48 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-06-27 18:48 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-06-27 18:48 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-06-27 18:48 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-06-27 18:48 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-06-27 18:48 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-06-27 18:48 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-06-27 18:48 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-06-27 18:48 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-06-27 18:48 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-06-27 18:42 - 2018-06-27 18:42 - 000359943 ____N C:\Windows\Minidump\062718-11044-01.dmp
2018-06-27 01:17 - 2018-06-27 01:17 - 000359943 ____N C:\Windows\Minidump\062718-11466-01.dmp
2018-06-22 18:57 - 2018-06-22 18:57 - 000359879 ____N C:\Windows\Minidump\062218-12480-01.dmp
2018-06-22 14:22 - 2018-06-22 14:24 - 000331318 _____ C:\Windows\ntbtlog.txt
2018-06-22 14:11 - 2018-06-22 14:11 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2018-06-22 14:01 - 2018-06-22 14:01 - 000359879 ____N C:\Windows\Minidump\062218-10904-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-22 16:12 - 2017-03-13 19:49 - 000000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4235691187-2427842575-2540936415-1001.job
2018-07-22 15:57 - 2009-07-14 00:45 - 000015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-22 15:57 - 2009-07-14 00:45 - 000015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-22 15:54 - 2017-06-09 13:30 - 000000000 ____D C:\Users\Garrett\AppData\LocalLow\Mozilla
2018-07-22 15:54 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-22 15:54 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-07-22 15:51 - 2017-06-22 14:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-22 15:49 - 2016-10-26 14:15 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-22 15:49 - 2015-09-09 19:42 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\discord
2018-07-22 15:49 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-22 15:43 - 2015-07-20 22:32 - 000000000 ____D C:\Windows\Minidump
2018-07-20 18:48 - 2017-09-07 15:53 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Factorio
2018-07-20 17:48 - 2017-03-13 19:49 - 000000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4235691187-2427842575-2540936415-1001.job
2018-07-19 13:42 - 2009-07-14 01:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-07-19 00:09 - 2016-06-30 15:23 - 000000000 ____D C:\ProgramData\Avira
2018-07-19 00:09 - 2016-06-30 15:23 - 000000000 ____D C:\Program Files (x86)\Avira
2018-07-19 00:09 - 2014-02-18 03:47 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-19 00:08 - 2012-09-18 17:54 - 000000000 ____D C:\Qoobox
2018-07-19 00:07 - 2009-07-13 22:34 - 000000215 ____N C:\Windows\system.ini
2018-07-18 23:49 - 2012-05-15 18:27 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-18 14:37 - 2017-12-13 17:01 - 000000000 ____D C:\Users\Garrett\Documents\PoE-TradeMacro
2018-07-17 13:13 - 2016-08-31 13:23 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\KeePass
2018-07-17 12:50 - 2012-05-25 22:07 - 000000625 _____ C:\Users\Public\Desktop\Steam.lnk
2018-07-17 12:50 - 2012-05-25 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-07-17 01:59 - 2018-04-24 15:02 - 000004118 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-17 01:58 - 2012-09-18 17:54 - 000000000 ____D C:\Windows\erdnt
2018-07-17 01:05 - 2014-02-27 00:17 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-07-16 21:17 - 2017-03-13 19:49 - 000003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4235691187-2427842575-2540936415-1001
2018-07-16 21:17 - 2017-03-13 19:49 - 000003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4235691187-2427842575-2540936415-1001
2018-07-16 21:17 - 2012-05-15 20:56 - 000000000 ____D C:\Users\Garrett
2018-07-16 00:32 - 2018-01-15 16:16 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Forge
2018-07-13 18:53 - 2016-10-18 23:43 - 000000711 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2018-07-13 18:53 - 2016-10-18 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2018-07-13 00:32 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-07-12 23:05 - 2015-08-11 12:37 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Skype
2018-07-12 19:15 - 2012-06-07 19:00 - 000000700 _____ C:\Users\Garrett\SciTE.session
2018-07-11 16:51 - 2012-08-11 13:38 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Dropbox
2018-07-10 22:22 - 2017-05-17 18:09 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\Slack
2018-07-10 16:16 - 2015-03-09 17:59 - 000000000 ____D C:\Users\Garrett\AppData\Roaming\qBittorrent
2018-07-10 01:25 - 2012-06-04 18:06 - 000000000 ____D C:\ProgramData\Cisco
2018-06-27 19:06 - 2016-01-11 23:08 - 000424464 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-27 19:02 - 2013-08-26 00:51 - 000000000 ____D C:\Windows\system32\MRT
2018-06-27 18:57 - 2018-02-05 05:43 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-27 18:57 - 2012-05-15 18:49 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-27 18:54 - 2013-01-07 20:29 - 000774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-06-27 18:53 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-22 19:16 - 2012-05-15 20:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2012-09-22 19:49 - 2010-04-02 20:04 - 002650112 _____ () C:\Program Files (x86)\SteamMover.exe
2016-04-29 19:05 - 2016-04-29 19:23 - 000000895 _____ () C:\Users\Garrett\AppData\Roaming\MPQEditor.ini
2015-04-29 19:26 - 2015-04-29 19:26 - 000000036 _____ () C:\Users\Garrett\AppData\Local\housecall.guid.cache
2013-02-02 23:47 - 2018-06-27 19:32 - 000007622 _____ () C:\Users\Garrett\AppData\Local\Resmon.ResmonCfg
2015-04-29 19:31 - 2015-04-29 22:18 - 000000010 _____ () C:\Users\Garrett\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-13 00:25

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Garrett (22-07-2018 16:18:23)
Running from E:\downloads
Windows 7 Professional Service Pack 1 (X64) (2012-05-16 00:55:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4235691187-2427842575-2540936415-500 - Administrator - Disabled)
Garrett (S-1-5-21-4235691187-2427842575-2540936415-1001 - Administrator - Enabled) => C:\Users\Garrett
Guest (S-1-5-21-4235691187-2427842575-2540936415-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4235691187-2427842575-2540936415-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acquisition version 0.7a (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.7a - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{D25C9EDD-984F-444C-9229-5A58130C6B10}) (Version: 4.3.60226.3 - Microsoft Corporation)
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
AutoIt Debugger 0.46.0 (HKLM-x32\...\AutoIt Debugger) (Version: 0.46.0 - Essential Software)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Avira (HKLM-x32\...\{877624ec-f19a-42d2-9310-5060ab8036b4}) (Version: 1.2.116.23028 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{FD88B6CC-128F-4C78-98E9-07571E28A555}) (Version: 1.2.116.23028 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Cadence SPB/OrCAD 16.6 (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\{4CA5F148-A11D-4D37-A2D3-CCFC671F113C}) (Version: 16.60.000 - Cadence Design Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Cockatrice (HKLM-x32\...\Cockatrice) (Version:  - )
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.11 - NVIDIA Corporation) Hidden
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\Dropbox) (Version: 53.4.66 - Dropbox, Inc.)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
EVGA PrecisionX 16 (HKLM-x32\...\{5DE6FF54-FBEE-48D7-BD6C-86DA8B72BAF4}) (Version: 5.3.8 - EVGA Corporation)
FileZilla Client 3.7.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.1 - FileZilla Project)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Geeks3D FurMark 1.16.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Git version 2.7.1.2 (HKLM\...\Git_is1) (Version: 2.7.1.2 - The Git Development Community)
GMapTool 0.8.220 (HKLM-x32\...\{1873789F-59D5-4002-8A2F-60A827B78F98}_is1) (Version:  - AP)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
GoToMeeting 8.30.1.9095 (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\GoToMeeting) (Version: 8.30.1.9095 - LogMeIn, Inc.)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hellblazers Map Script v3 (HKLM-x32\...\{1AF1C240-8609-4063-967B-7A8A94E6BEC5}) (Version: 3.0.0 - HellBlazer)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HydraIRC (HKLM-x32\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
Kaltura CaptureSpace Desktop Recorder (HKLM-x32\...\{B84B3FBF-6B6D-4EAA-B138-213A6C512E3E}) (Version: 4.53.0 - Kaltura)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
Kerbal Space Program (HKLM-x32\...\{ED501254-06B8-4883-B7F3-4799C9EDD288}_is1) (Version: 1.3 - Squad)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{f90e9ec5-977b-4752-8518-abe39dac065d}) (Version: 14.0.24720.41 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
MTGArena (HKLM-x32\...\{5503879A-BDB7-45DB-A5B8-4D5DAAAC8DFA}) (Version: 0.1.786.0 - Wizards of the Coast) Hidden
MTGArena (HKLM-x32\...\MTGArena) (Version: 0.1.786.0 - Wizards of the Coast)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Node.js (HKLM\...\{5030A22A-AE37-4FF7-BE82-5E1A03853B8C}) (Version: 8.2.1 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenRCT2 Launcher version 0.0.6 (HKLM\...\{D71D87CE-20E7-4DB6-A0D8-E6DE57051B35}_is1) (Version: 0.0.6 - OpenRCT2)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Outpost 2 Divided Destiny - 1.3.5 Final (HKLM-x32\...\Outpost 2 Divided Destiny - 1.3.5 Final) (Version: 1.3.5 Final - Outpost Universe)
Path of Exile (HKLM-x32\...\{097641b3-141d-48b0-9981-ee927171309a}) (Version: 2.4.1.1561 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.4.1.1561 - Grinding Gear Games) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
Python 3.6.2 (64-bit) (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\{f71cfe9a-4a67-48a6-844b-571a76b33d33}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Add to Path (64-bit) (HKLM\...\{61F0B6BA-8654-4B98-879E-DAC80FD6C6AF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (64-bit) (HKLM\...\{DBBB1BBC-A398-4262-9C25-D7A6E9B06841}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (64-bit) (HKLM\...\{7EC331E8-5683-4B2B-A22B-5925DBE5E06E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (64-bit) (HKLM\...\{978543A0-731D-4BEF-9CB6-9835B1DFFB33}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (64-bit) (HKLM\...\{90A9D089-DB6E-48DC-9EEC-7F2229B2DFF0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (64-bit) (HKLM\...\{4FF902DF-D960-4A78-9C04-9D8E1CC33149}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (64-bit) (HKLM\...\{1D2E9660-8DD7-4830-AFA6-5EC160F37A4E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (64-bit) (HKLM\...\{27B26342-82FB-4CA4-9ADB-D09982631CB0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (64-bit) (HKLM\...\{9EE8E58D-3021-40C5-8FBB-BF3A91A0B44D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (64-bit) (HKLM\...\{907B8BA6-C91D-4A8E-8237-828BFAB77C63}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
qBittorrent 3.3.16 (HKLM-x32\...\qBittorrent) (Version: 3.3.16 - The qBittorrent project)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.0.2-1.0.1512.31 - raidcall.com)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.20.606 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\RollerCoaster Tycoon 2 Triple Thrill Pack_is1) (Version:  - GOG.com)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version:  - GOG.com)
Roslyn Language Services - x86 (HKLM-x32\...\{3107684C-8011-3031-BD28-10CA30F58267}) (Version: 14.0.24730 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\slack) (Version: 3.2.0 - Slack Technologies)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
StarBank (HKLM-x32\...\{9FD717D6-9657-400E-B634-A71E1ECEF164}) (Version: 1.8 - BlueRaja)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlink (HKLM-x32\...\Streamlink) (Version:  - )
Streamlink Twitch GUI (HKLM-x32\...\streamlink-twitch-gui) (Version: 1.5.0 - Sebastian Meyer)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 42.06.03 - En Masse Entertainment)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Theme Hospital (HKLM-x32\...\Theme Hospital_is1) (Version:  - GOG.com)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TikiOne Steam Cleaner (HKLM-x32\...\TikiOneSteamCleaner) (Version:  - Jonathan Lermitage)
TortoiseSVN 1.7.13.24257 (64 bit) (HKLM\...\{4560A53B-3BB7-4B72-829E-5BDE5803DC11}) (Version: 1.7.24257 - TortoiseSVN)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\WinDirStat) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.4.0 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.0 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\6956\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Garrett\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Programs\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => E:\Programs\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => E:\Programs\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Programs\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\Programs\PowerISO\PWRISOSH.DLL [2017-07-05] (Power Software Ltd)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-28] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2013-06-01] (hxxp://tortoisesvn.net)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2013-06-01] (hxxp://tortoisesvn.net)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => E:\Programs\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\Programs\PowerISO\PWRISOSH.DLL [2017-07-05] (Power Software Ltd)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2013-06-01] (hxxp://tortoisesvn.net)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-01] (NVIDIA Corporation)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2013-06-01] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => E:\Programs\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => E:\Programs\PowerISO\PWRISOSH.DLL [2017-07-05] (Power Software Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-06-28] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2013-06-01] (hxxp://tortoisesvn.net)
ContextMenuHandlers1_S-1-5-21-4235691187-2427842575-2540936415-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-4235691187-2427842575-2540936415-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-4235691187-2427842575-2540936415-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Garrett\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01376767-FAA0-45A7-8FA5-AF03D49791FA} - System32\Tasks\CCleaner Update => E:\Programs\CCleaner\CCUpdate.exe [2018-04-24] (Piriform Ltd)
Task: {1235B9D6-17DF-47C6-B2D1-598A3ED53CC0} - System32\Tasks\{A623A48E-B2A5-424A-9DF9-43CD26A3FC5B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar
Task: {1C3D989F-33FE-48BD-BF20-F739931BF239} - System32\Tasks\G2MUpdateTask-S-1-5-21-4235691187-2427842575-2540936415-1001 => C:\Users\Garrett\AppData\Local\GoToMeeting\9095\g2mupdate.exe [2018-07-16] (LogMeIn, Inc.)
Task: {2D8DD29D-0FD7-486B-A9A8-17783861B793} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-06-28] (Avira Operations GmbH & Co. KG)
Task: {599926FC-B1C8-4DE9-9AD0-AC2C8F0E828C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6D933AA8-C9F8-49A8-95C9-5249038A6786} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4235691187-2427842575-2540936415-1001Core => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Task: {74B4FF58-1441-46ED-BC45-715C91B4928A} - System32\Tasks\EVGAPrecisionX => E:\Programs\EVGA\PrecisionX 16\PrecisionX_x64.exe [2015-09-17] (EVGA Corp.)
Task: {7FA25DE5-4E4F-41E7-86E1-2D0E06C1970A} - System32\Tasks\G2MUploadTask-S-1-5-21-4235691187-2427842575-2540936415-1001 => C:\Users\Garrett\AppData\Local\GoToMeeting\9095\g2mupload.exe [2018-07-16] (LogMeIn, Inc.)
Task: {C4558E4A-B5BA-463A-AE07-1A972DF0080B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4235691187-2427842575-2540936415-1001UA => C:\Users\Garrett\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-28] (Google Inc.)
Task: {EE6D59FE-96A3-4AF2-87C9-3DBC1C017D27} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-05] (AVAST Software)
Task: {F3B95EA1-E413-4AC2-8B34-31EC190F1A97} - System32\Tasks\{D13F2C24-CFED-4A04-8A3B-2A40EFAE09CE} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4235691187-2427842575-2540936415-1001.job => C:\Users\Garrett\AppData\Local\GoToMeeting\9095\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4235691187-2427842575-2540936415-1001.job => C:\Users\Garrett\AppData\Local\GoToMeeting\9095\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Garrett\Desktop\DinoPark Tycoon.bat.lnk -> E:\Programs\DinoParkTycoon\DinoPark Tycoon.bat ()
Shortcut: C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TikiOne Steam Cleaner\TikiOne Steam Cleaner.lnk -> E:\Programs\TikiOne Steam Cleaner\tikione-steam-cleaner.bat ()

ShortcutWithArgument: C:\Users\Garrett\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\207745223fb8679b\streamlink-twitch-gui.lnk -> E:\Programs\Streamlink Twitch GUI\streamlink-twitch-gui.exe (The NWJS Community) -> --user-data-dir="C:\Users\Garrett\AppData\Local\streamlink-twitch-gui\User Data" --profile-directory=Default --app-id=kjlcknihpadniagphehmpojkkdigigjp

==================== Loaded Modules (Whitelisted) ==============

2013-07-23 21:09 - 2012-10-04 19:49 - 000087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-06-01 10:00 - 2013-06-01 10:00 - 000088848 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () E:\Programs\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2017-07-27 18:47 - 2014-01-21 16:40 - 000817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2015-03-06 20:07 - 2015-03-06 20:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 23:29 - 2017-10-19 23:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 23:29 - 2017-10-19 23:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-03-14 16:13 - 2018-03-14 16:13 - 000189776 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-07-28 22:45 - 2017-07-28 22:45 - 000298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-05-27 14:51 - 2015-05-27 14:51 - 000156160 _____ () E:\Programs\EVGA\PrecisionX 16\FW1FontWrapper_x64.dll
2017-07-27 18:47 - 2014-01-21 16:40 - 000149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2018-05-01 19:25 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-05-08 06:57 - 2018-05-08 06:57 - 000143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2018-05-01 19:25 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-05-01 19:25 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Garrett\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-05-01 19:25 - 2018-07-19 16:34 - 011270488 _____ () \\?\C:\Users\Garrett\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-05-01 19:25 - 2018-07-17 20:09 - 001635160 _____ () \\?\C:\Users\Garrett\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-05-01 19:25 - 2018-05-01 19:25 - 000512856 _____ () \\?\C:\Users\Garrett\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-05-01 19:25 - 2018-07-06 11:42 - 001648984 _____ () \\?\C:\Users\Garrett\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-05-01 19:25 - 2018-05-01 19:25 - 002722648 _____ () \\?\C:\Users\Garrett\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-05-01 19:25 - 2018-05-01 19:25 - 001249112 _____ () \\?\C:\Users\Garrett\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
2018-06-17 02:54 - 2017-09-08 17:22 - 050656768 _____ () C:\Users\Garrett\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2018-06-17 02:54 - 2017-09-08 17:22 - 001874944 _____ () C:\Users\Garrett\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2018-06-17 02:54 - 2017-09-08 17:22 - 000075264 _____ () C:\Users\Garrett\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-05-27 14:51 - 2015-05-27 14:51 - 000129536 _____ () E:\Programs\EVGA\PrecisionX 16\FW1FontWrapper.dll
2018-01-05 15:02 - 2013-06-13 17:07 - 000188928 _____ () E:\Programs\Notepad++\plugins\ComparePlugin.dll
2017-12-31 21:07 - 2017-12-31 21:07 - 000021680 _____ () E:\Programs\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 [144]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\A4E46569.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\A4E46569.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\...\123simsen.com -> www.123simsen.com

There are 7863 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-07-12 19:16 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4235691187-2427842575-2540936415-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Garrett\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A94A0B66-9D7D-4B07-96B9-A024088DB907}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
FirewallRules: [{F7B7DF52-34B8-45FC-91F8-DE7B35005A20}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
FirewallRules: [{6AC64A4F-B0D6-4A90-9484-B22D62E51F32}] => (Block) E:\Programs\Steam\Steam.exe
FirewallRules: [{FF12FA77-3833-4671-A379-B1403ED3EDBF}] => (Block) E:\Programs\Steam\Steam.exe
FirewallRules: [{C2ACC835-F0D9-472D-AB7C-8C1CFADFFC54}] => (Allow) E:\Programs\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{16D7F433-E59B-42DB-BB69-7C41238408A8}] => (Allow) E:\Programs\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{83121EDE-97B4-4FD2-80DA-1F234131012D}] => (Allow) E:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{2CDD4AC0-76B2-419F-918F-3EFE3B0CDEC4}] => (Allow) E:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D831A721-9303-49A3-BD2E-A8A6A40B22F1}] => (Allow) E:\Programs\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{77FC4F4F-4F0F-4C68-AEEF-130FE0610371}] => (Allow) E:\Programs\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{5F61E3E6-6554-4596-A1FD-DFA8075CAE40}C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C1549899-46E2-485A-8062-3AC1617A81E2}C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D87C5F9F-1070-4E2F-820C-A54DCAA8C46C}E:\programs\hydrairc\hydrairc.exe] => (Allow) E:\programs\hydrairc\hydrairc.exe
FirewallRules: [UDP Query User{357CFB27-1E59-46E2-AD43-91A15CB6E012}E:\programs\hydrairc\hydrairc.exe] => (Allow) E:\programs\hydrairc\hydrairc.exe
FirewallRules: [{5968E52A-053C-483B-A681-AF6925137B5E}] => (Allow) E:\Programs\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{9C57772C-AAD5-4ABB-8FDE-01240D8255F9}] => (Allow) E:\Programs\Steam\steamapps\common\jamestown\Jamestown.exe
FirewallRules: [{803B49D9-F9CA-4D78-9009-9E00985EAC6A}] => (Allow) E:\Programs\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{8A6921FB-7631-4A4D-9580-1BB968E7C18C}] => (Allow) E:\Programs\Steam\steamapps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{43C4FA05-6630-4FA6-8200-84E4DC45FD65}] => (Allow) E:\Programs\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{4AD2E996-9586-445B-8B31-C427DD77B848}] => (Allow) E:\Programs\Steam\steamapps\common\How to Survive\Detect.exe
FirewallRules: [{0C82EE56-5DE5-44C7-A7FD-BF8BD2703A5C}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{A1683C52-894F-43C9-AD8B-BC237B5EA918}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{D667CB1A-D8B0-4D24-A04C-4F212FAAC8DD}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{70B0089A-BC13-4EFD-8929-3F4E63EEEF2E}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [TCP Query User{74A310FB-A3A2-42E5-A8D5-F36A0A33E83F}E:\programs\livestreamer\livestreamer.exe] => (Allow) E:\programs\livestreamer\livestreamer.exe
FirewallRules: [UDP Query User{503DE87B-3A95-4B82-8380-A0BFEBE005C0}E:\programs\livestreamer\livestreamer.exe] => (Allow) E:\programs\livestreamer\livestreamer.exe
FirewallRules: [{93854A5C-04E3-4210-B3A5-3F3B60908F13}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1624E5F3-B5F0-4441-BD0A-483EEB58AEAD}E:\programs\qbittorrent\qbittorrent.exe] => (Allow) E:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{EAFB5D39-006F-400E-9D6D-2A3B0A902E32}E:\programs\qbittorrent\qbittorrent.exe] => (Allow) E:\programs\qbittorrent\qbittorrent.exe
FirewallRules: [{08051454-960E-4590-902E-2B124D3275EF}] => (Allow) E:\Programs\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{19934343-9823-4601-842D-F31022C5AA73}] => (Allow) E:\Programs\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [TCP Query User{3DCA3F15-8DB6-491E-9A2E-7AFD671F872F}E:\programs\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Block) E:\programs\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{389C3F1F-1019-43FD-A964-A15E1F21BB69}E:\programs\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Block) E:\programs\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{448175C4-1E4F-4E89-9754-4EB2A085DFA9}E:\programs\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) E:\programs\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{F54134F1-8E1C-469F-8635-70AE4BAB043D}E:\programs\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) E:\programs\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{8E2645E3-048F-41B6-90C2-FA51A4C0EE90}E:\programs\filezilla ftp client\filezilla.exe] => (Block) E:\programs\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{83E156A3-ACB5-4D3F-9684-56F1596C516B}E:\programs\filezilla ftp client\filezilla.exe] => (Block) E:\programs\filezilla ftp client\filezilla.exe
FirewallRules: [{84652285-40E6-4C26-8FCF-6F8CDEB23613}] => (Allow) E:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{67335E4C-E68C-42E2-BC2D-1D89F96C1538}] => (Allow) E:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{DA8A80A6-96CD-4B4E-B642-D63EC1609B10}] => (Allow) E:\Programs\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [{A6BDDF71-4753-4B7E-A5D7-571FD26A7F49}] => (Allow) E:\Programs\Steam\steamapps\common\Tropico 4\Tropico4.exe
FirewallRules: [TCP Query User{151A7528-CC02-4736-A5C6-7EC1C318B129}E:\programs\eclipse.new.dawn.for.the.galaxy.v2.0\eclipse.exe] => (Block) E:\programs\eclipse.new.dawn.for.the.galaxy.v2.0\eclipse.exe
FirewallRules: [UDP Query User{DD0A0991-D434-4BF7-9D5B-673E6EA792DA}E:\programs\eclipse.new.dawn.for.the.galaxy.v2.0\eclipse.exe] => (Block) E:\programs\eclipse.new.dawn.for.the.galaxy.v2.0\eclipse.exe
FirewallRules: [{E219D3CB-D171-4B4A-A1BD-4DD2F463B8B3}] => (Block) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{BC7E706F-E240-4B9C-B4BF-14CE414AAEEB}E:\programs\streamlink twitch gui\streamlink-twitch-gui.exe] => (Allow) E:\programs\streamlink twitch gui\streamlink-twitch-gui.exe
FirewallRules: [UDP Query User{4663A457-9117-457D-879B-577F2F77D827}E:\programs\streamlink twitch gui\streamlink-twitch-gui.exe] => (Allow) E:\programs\streamlink twitch gui\streamlink-twitch-gui.exe
FirewallRules: [{7B58E366-E9DC-44D4-B960-E66E203F0EF7}] => (Allow) E:\Programs\Steam\steamapps\common\Tabletopia\Tabletopia.exe
FirewallRules: [{7F5E63C6-0525-49F3-9AFF-3E0CE54C74BB}] => (Allow) E:\Programs\Steam\steamapps\common\Tabletopia\Tabletopia.exe
FirewallRules: [{3884AC66-2421-43CF-B5E2-010AE6DE4C3F}] => (Allow) E:\Programs\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{31AE7A7E-C1F4-42E1-9736-53AA1ADE4EF8}] => (Allow) E:\Programs\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{194BE8F9-CB83-4020-B141-F2076FC22B27}] => (Allow) E:\Programs\StarCraft\StarCraft.exe
FirewallRules: [{647558D0-9DE9-476D-9849-740C0FC72ED8}] => (Allow) E:\Programs\StarCraft\StarCraft.exe
FirewallRules: [{4CE3C10A-21B5-4576-AB82-47CA7B163461}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [{661B92C9-7DBC-459C-9071-19CE39D58483}] => (Allow) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
FirewallRules: [{FD3BD8C1-3D0B-4E64-93C6-0FFCFEB13287}] => (Allow) E:\Programs\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe
FirewallRules: [{79100EF7-E42C-46AA-AF86-534E8FA2D822}] => (Allow) E:\Programs\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe
FirewallRules: [TCP Query User{FD3B050F-9A46-4143-8668-7047DA50898D}E:\programs\livestreamer\livestreamer.exe] => (Block) E:\programs\livestreamer\livestreamer.exe
FirewallRules: [UDP Query User{85D359CC-D851-4F90-AE40-4A8B709DFE29}E:\programs\livestreamer\livestreamer.exe] => (Block) E:\programs\livestreamer\livestreamer.exe
FirewallRules: [{CBBD62A7-B97A-4A90-A750-7B7CA6CD8C80}] => (Allow) E:\Programs\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{77BFEDA1-045C-4036-A19C-11FD87CD3A3A}] => (Allow) E:\Programs\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [TCP Query User{C05D35CA-690C-4414-895B-89D1CEB8B6D6}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{759209A0-9B9A-41BB-9314-14ED6A6BE9BC}C:\program files\diablo iii\diablo iii.exe] => (Allow) C:\program files\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{0C6D20FC-2DF0-4AB5-B129-183680BF7C89}C:\program files\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{BC257214-258B-4210-B779-A9396EE5F407}C:\program files\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files\diablo iii\x64\diablo iii64.exe
FirewallRules: [{0A1172A2-4881-480A-A973-1CA7CBCB2BA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D615F54A-621C-453F-9E2E-8760111A61E7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E79B99B1-6A5D-404E-B2CF-36E19C7B6A83}] => (Allow) C:\Steam Games\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{2462BBAF-7F0F-4251-851E-D9A6EBBF6BD8}] => (Allow) C:\Steam Games\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [TCP Query User{7B30DA95-09C3-478A-8632-502EDDC88CF1}E:\programs\outpost 2\outpost2.exe] => (Allow) E:\programs\outpost 2\outpost2.exe
FirewallRules: [UDP Query User{BFA3847C-4568-45FB-93ED-4D43D835DD73}E:\programs\outpost 2\outpost2.exe] => (Allow) E:\programs\outpost 2\outpost2.exe
FirewallRules: [{3B9A539A-D70C-4928-BA54-1C6708B22820}] => (Allow) E:\Programs\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{3D69C135-E8C5-4DAB-8C66-7D85AAAA5BD1}] => (Allow) E:\Programs\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [{9CCD9D00-81EA-45F2-9F6F-B196B4BA4881}] => (Allow) E:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{37DABC05-00AD-4E0E-BDD0-CDD60534E093}] => (Allow) E:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{AA74CC7E-48C9-4B11-BC1E-225286DD4F31}] => (Allow) G:\Programs\Steam Games\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{34755998-CC4B-40CE-935C-F4CCFAA737A0}] => (Allow) G:\Programs\Steam Games\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [TCP Query User{C45CF701-BF19-4606-B29F-F92CD7A2361F}C:\users\garrett\documents\openrct2\bin\openrct2.exe] => (Allow) C:\users\garrett\documents\openrct2\bin\openrct2.exe
FirewallRules: [UDP Query User{4E459BFE-953B-4CDD-8AFD-3081C73046B2}C:\users\garrett\documents\openrct2\bin\openrct2.exe] => (Allow) C:\users\garrett\documents\openrct2\bin\openrct2.exe
FirewallRules: [{345FEFB2-68B6-4AD4-BD84-933F849353E6}] => (Block) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DE139354-73B9-406A-A100-A285606D2067}] => (Block) E:\Programs\Steam\Steam.exe
FirewallRules: [{FE7150AD-07EC-438A-A44D-6FE02BCD866F}] => (Block) E:\Programs\Steam\Steam.exe
FirewallRules: [{CDA17141-26D4-48DB-A090-8D99F87258EE}] => (Allow) E:\Programs\Steam\Steam.exe
FirewallRules: [{4F96FCDB-861B-44D8-A5EE-B8060D5C169F}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA49E2C8-5502-4C4E-AAD6-75E4D417C8CC}] => (Block) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{84C22364-95CD-4F80-9115-637074C76CB8}] => (Allow) G:\Programs\Steam Games\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{212B4D00-D080-486E-AE26-E6874D1A25E4}] => (Allow) G:\Programs\Steam Games\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{4DE758F8-99B3-4399-839B-C78EA0F6C230}] => (Allow) E:\Programs\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{A74159BB-59F6-47F4-94B2-2C37CC0E9C52}] => (Allow) E:\Programs\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{E47F1E77-66CF-4286-A5E9-C87702AB586C}] => (Allow) E:\Programs\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{5801E06A-40A3-477D-ADB6-6F6641DB72C5}] => (Allow) E:\Programs\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{944A811D-9215-48E1-89FD-36D1636E4901}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{5E7FF36F-56A4-4936-88FB-543D723001E9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{ECA1C7D8-5A63-448B-B8B0-0DAF50633DB7}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0CC60027-351D-4463-B4F2-9018A76AAEA6}] => (Block) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{ACD0F3D1-461D-4C2F-B435-BA28B5172F73}] => (Allow) E:\Programs\Steam\Steam.exe
FirewallRules: [{6E6B26FE-5772-4E66-9103-698B47065014}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{16A8F6BB-3265-4266-A52D-C14442E066B7}] => (Allow) E:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{695B9F1D-18E0-467A-A601-EB8AF7EF055D}C:\program files\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{A495A5E2-D73C-4B50-B8C9-7B2B6D89E1BC}C:\program files\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{B6809A78-3FA2-4A10-898A-B8C8B1C73395}E:\programs\starcraft\starcraft.exe] => (Allow) E:\programs\starcraft\starcraft.exe
FirewallRules: [UDP Query User{9B51B5F8-D5F6-4140-899A-20F3B995E5F2}E:\programs\starcraft\starcraft.exe] => (Allow) E:\programs\starcraft\starcraft.exe
FirewallRules: [TCP Query User{780F9857-0CD9-4C4D-AFE4-CE86120341ED}C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{458ADA07-3517-4D5F-82C7-95C70A159E8E}C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\garrett\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{39530D65-C30A-4751-92CC-E15BF8510A96}] => (Allow) E:\Programs\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{611E528C-96F5-49E8-A139-B30148E7D9BC}] => (Allow) E:\Programs\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{686F73C3-5BD8-4A8D-B813-AA8E8F302601}E:\programs\hydrairc\hydrairc.exe] => (Allow) E:\programs\hydrairc\hydrairc.exe
FirewallRules: [UDP Query User{6AE2FFC3-3A26-4CEA-BBB1-C1C65EDA36BF}E:\programs\hydrairc\hydrairc.exe] => (Allow) E:\programs\hydrairc\hydrairc.exe
FirewallRules: [{205A86B9-4B39-4BB3-AA26-AEFEDCFC753D}] => (Allow) E:\Programs\TeamViewer\TeamViewer.exe
FirewallRules: [{73C2D9BE-6FCF-4029-8950-8C6EB6450347}] => (Allow) E:\Programs\TeamViewer\TeamViewer.exe
FirewallRules: [{44336E31-8440-4950-AF33-9E565F3A56BE}] => (Allow) E:\Programs\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D2994D9-80D8-46F9-A0BA-1BC5671E1285}] => (Allow) E:\Programs\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94B6C784-C874-4892-8D12-AC3CCEF96256}] => (Allow) E:\Programs\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{DBAF6C8B-7638-47B9-9BF9-6335F6EEECD0}] => (Allow) E:\Programs\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{8F6EDC31-5780-4556-BCEE-3921FA3F0F4B}] => (Allow) E:\Programs\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{06E8B564-5513-4C0D-988C-E8431832A0A6}] => (Allow) E:\Programs\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{077751B8-3998-40B3-9A31-8E521382D280}] => (Allow) G:\Programs\Steam Games\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{51DE0FD6-BD95-4FBA-89B3-D5ED4B4FC7B4}] => (Allow) G:\Programs\Steam Games\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{DB0B1880-7362-479C-A921-237E11ABC799}] => (Allow) E:\Programs\TeamViewer\TeamViewer.exe
FirewallRules: [{6015E20F-C332-49A8-ADA1-A0C15DBE626C}] => (Allow) E:\Programs\TeamViewer\TeamViewer.exe
FirewallRules: [{3B6C26DF-1F8F-4F38-8FC4-2F70C134613A}] => (Allow) E:\Programs\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{938BBDBE-6FF6-481C-8A21-BE915B4B437A}] => (Allow) E:\Programs\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6B40BAF-D28D-4EAE-B0ED-E929F55E366D}] => (Allow) E:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{62B2AB4F-D41F-4066-B8BA-0A21879EB6CB}] => (Allow) E:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{E1C6FACE-D34F-4570-A76F-E0E90D220B10}] => (Allow) E:\Programs\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{25180287-D0D4-4101-BA5A-F5E70BE2862B}] => (Allow) E:\Programs\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{40CE3C89-197B-49CA-829C-C97C6F806396}] => (Allow) E:\Programs\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{1F6D92D8-4A45-40B6-A849-4261DDB2403D}] => (Allow) E:\Programs\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{8E66B730-B46B-4859-A182-E55A8192664B}] => (Allow) G:\Programs\Steam Games\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{9C7B2D8C-8BB4-4863-8EBC-8F792CCF7E61}] => (Allow) G:\Programs\Steam Games\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{08BFD6AD-8195-4BBE-A587-EBFDE643CE5B}] => (Allow) G:\Programs\Steam Games\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{57A792D0-241A-481C-8A4B-5672B20D3A5B}] => (Allow) G:\Programs\Steam Games\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{E3E82F1E-ABA7-4E26-85A2-CB48E84532EE}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F240F0E0-C433-4C5B-9DA9-53335DD215BE}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{44931501-F2A7-4E44-ABD9-C6C0A2947001}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{FB3DD4A1-D877-4B10-8F12-7A053F9E41DF}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{2C1DF8AC-7596-4E57-8ED6-9C1C3A74EB50}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{65F11747-6BE9-4D61-AA29-67A1F04FCED7}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8582C118-7144-4004-8961-BEAD51AE3620}] => (Allow) E:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{BFEE2CE8-E5F5-4D1F-AA11-A6D58D43FF04}E:\programs\eclipse\eclipse\eclipse.exe] => (Allow) E:\programs\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{E0B4C114-21FF-4BA6-BC0E-B1F0C0D70CBF}E:\programs\eclipse\eclipse\eclipse.exe] => (Allow) E:\programs\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{F3B15E5B-B425-42E7-9480-5EA7ACFDCF6B}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [UDP Query User{AA696296-5F4E-49A5-BF81-A1FBD3C10457}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.147\deploy\leagueclient.exe
FirewallRules: [TCP Query User{6991307F-6082-4A39-A355-0F37EF22019F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{45E9FD6F-6350-413A-A2EB-76C271C77494}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D2CECA26-8F2E-4994-B6D1-4EB0C660BD79}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3F920CB5-AEFA-486D-8C26-2FF74805361D}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [TCP Query User{7DE30ED0-E37F-4B33-A09D-CF12B6CC8EC1}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [UDP Query User{56C63642-FC7B-483A-9ADB-F0D01BF70B12}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [{038958FA-FA3F-4A18-A49B-A52BA25C0B27}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B610935E-2051-4DBB-9CEA-6F62133F439A}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{DA0149B7-2166-4AF1-83BD-005C71274E7E}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{AA1C604F-46C3-4DE0-ABA9-DF7AF55995B1}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{CD53962A-B059-4281-9B8E-4406D830328C}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{2637CC93-E820-48F7-8A8B-9E12A32F8481}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{75A34C2A-DD57-4298-A334-7DF08DE761F1}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{47F01B68-DF1A-4C10-AD81-074CB76C02AE}] => (Allow) E:\Programs\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [TCP Query User{195EE288-CD76-4666-A707-1A9F488F0E03}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [UDP Query User{3D09B997-D023-41EF-B494-7636593E3C4D}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [{7EEFC703-CFED-4190-A4B6-D9A36DDFB5DC}] => (Allow) G:\Programs\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{193F98AA-2E7C-44DF-8EC2-A0D949085E64}] => (Allow) G:\Programs\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{3CA9EFF7-CF5A-4C6C-AF92-CAE6E10F5F0A}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [UDP Query User{18D7B876-7EA0-4CC3-900C-0B08A59BCDA9}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [TCP Query User{466377F5-DFDD-4D9A-BFB3-4510318C63B3}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{071C1AB3-37A4-4021-B500-86B6AE7B2A5B}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [{0CD036A7-F244-48CC-934B-F8ACD376BA25}] => (Allow) E:\Programs\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A83AE715-B7B0-4791-BE5E-622AC0FF40BF}] => (Allow) E:\Programs\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A8AE8975-06B9-477A-9A21-9D7050D322DB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{A8360407-3023-4DA9-8CC2-83C610A6F431}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2AC09666-B9E5-4A91-9AD4-F7568FF5FFF8}] => (Allow) G:\Programs\Steam Games\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{75E9CA21-8476-43C3-A8FD-DD0D2BF325C2}] => (Allow) G:\Programs\Steam Games\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{E8188DC7-5737-4E93-B626-4ACE6B0D150A}E:\programs\wizards of the coast\mtga\mtga.exe] => (Allow) E:\programs\wizards of the coast\mtga\mtga.exe
FirewallRules: [UDP Query User{2E6EF25D-FDE1-489C-BA40-60A88C514CAB}E:\programs\wizards of the coast\mtga\mtga.exe] => (Allow) E:\programs\wizards of the coast\mtga\mtga.exe
FirewallRules: [{66521462-54CB-4690-91AF-D440AF4CA625}] => (Allow) E:\Programs\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{759D2BA5-1FEF-4903-91FE-5ED3E3E92025}] => (Allow) E:\Programs\Steam\steamapps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{B8EF857A-7838-4D99-920D-1A1DCBE25705}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2E52DD8F-8FD5-41A6-B49D-9E08B3B213F9}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CBA9C43B-DCA9-4A67-A30B-DC8C51A92F5B}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8F97301A-0C85-440B-BD33-4E689AD284FD}G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) G:\programs\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
StandardProfile\AuthorizedApplications: [E:\Programs\xchat\xchat.exe] => Enabled:XChat IRC Client

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2018 02:03:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MTGA.exe version 2017.1.2.42687 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 920

Start Time: 01d41f262208f437

Termination Time: 57

Application Path: E:\Programs\Wizards of the Coast\MTGA\MTGA.exe

Report Id: 66c0cab8-8b19-11e8-8656-485b39388b9e

Error: (07/19/2018 12:00:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 8wj531c7.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 8wj531c7.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x00062538
Faulting process id: 0xcc4
Faulting application start time: 0x01d41f13a323453a
Faulting application path: E:\downloads\8wj531c7.exe
Faulting module path: E:\downloads\8wj531c7.exe
Report Id: 413502e2-8b08-11e8-8656-485b39388b9e

Error: (07/18/2018 11:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 8wj531c7.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 8wj531c7.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008db76
Faulting process id: 0x1ca0
Faulting application start time: 0x01d41f13654a7ca0
Faulting application path: E:\downloads\8wj531c7.exe
Faulting module path: E:\downloads\8wj531c7.exe
Report Id: b3a55ab0-8b06-11e8-9a13-485b39388b9e

Error: (07/18/2018 11:05:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program League of Legends.exe version 8.14.238.1713 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c3c

Start Time: 01d41f0d56a77966

Termination Time: 35

Application Path: G:\Programs\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.228\deploy\League of Legends.exe

Report Id: a108378f-8b00-11e8-9a13-485b39388b9e

Error: (07/18/2018 11:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.2.16.0, time stamp: 0x587327cf
Faulting module name: DNSAPI.dll, version: 6.1.7601.17570, time stamp: 0x4d6f2733
Exception code: 0xc0000005
Fault offset: 0x00027aa2
Faulting process id: 0x1790
Faulting application start time: 0x01d41f08701314fd
Faulting application path: C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
Faulting module path: C:\Windows\system32\DNSAPI.dll
Report Id: 9b388d75-8b00-11e8-9a13-485b39388b9e

Error: (07/18/2018 11:05:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 72657AA2
Stack:

Error: (07/17/2018 10:19:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fallout4.exe, version: 1.10.98.0, time stamp: 0x5b2bd372
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefda53e40
Faulting process id: 0x1840
Faulting application start time: 0x01d41e3dd193b69f
Faulting application path: G:\Programs\Steam Games\steamapps\common\Fallout 4\Fallout4.exe
Faulting module path: unknown
Report Id: 0fa66777-8a31-11e8-a7b3-485b39388b9e

Error: (07/16/2018 10:58:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: League of Legends.exe, version: 8.13.235.7366, time stamp: 0x5b32d90f
Faulting module name: stub.dll, version: 0.0.0.0, time stamp: 0x5b32d9c5
Exception code: 0xc0000005
Fault offset: 0x0002d3c0
Faulting process id: 0x1f90
Faulting application start time: 0x01d41d7a0bc8c071
Faulting application path: G:\Programs\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.227\deploy\League of Legends.exe
Faulting module path: G:\Programs\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.227\deploy\stub.dll
Report Id: 4b18d7ef-896d-11e8-aa74-485b39388b9e


System errors:
=============
Error: (07/22/2018 03:49:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:47:49 PM on ‎7/‎22/‎2018 was unexpected.

Error: (07/22/2018 03:43:50 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0x0000000000000032, 0x0000000000000002, 0x0000000000000000, 0xfffff88001cc46ba). A dump was saved in: C:\Windows\Minidump\072218-11388-01.dmp. Report Id: 072218-11388-01.

Error: (07/22/2018 03:43:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:48:39 PM on ‎7/‎20/‎2018 was unexpected.

Error: (07/19/2018 12:07:13 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/19/2018 12:05:14 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/18/2018 11:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (07/18/2018 10:30:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (07/18/2018 10:29:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.


Windows Defender:
===================================
Date: 2014-12-23 06:33:33.583
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C9C6CC3B-A794-4B4F-9CCB-251C8137C818}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-01-11 22:08:50.912
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2018-02-05 04:19:12.124
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-05 04:19:12.077
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-05 04:19:12.031
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-05 04:19:11.984
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-16 17:33:04.956
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-16 17:33:04.840
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-16 17:33:04.723
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-09-16 17:33:04.607
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 35%
Total physical RAM: 8190.18 MB
Available physical RAM: 5294.64 MB
Total Virtual: 16378.53 MB
Available Virtual: 12340.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.79 GB) (Free:37.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DVD_ROM) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
Drive e: () (Fixed) (Total:465.66 GB) (Free:55.21 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:50.48 GB) NTFS
Drive g: (SSD Data) (Fixed) (Total:465.76 GB) (Free:348.29 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 800DB577)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: E929B65B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 28253F54)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: F2EAB498)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Plan9, 22 July 2018 - 09:57 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 PM

Posted 23 July 2018 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
<<<>>>

Remove these programs in bold via the Control Panel > Programs > Programs and Features.

CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
This version is not Signed and may be compomised.
If needed download a fresh copy for the Owner'ssite.
https://www.cpuid.com/
===


HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis is no longer supported and not ready for your Operating system.
The Farbar Recovery Scan Tool is the program to use from now on.
<<<>>>


Please download the free home edition of BlueScreenView to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.
---

At the bottom of the page select Download BlueScreenView 64-bit (in Zip file) for your Operating system.

Please scroll down the Information window to copy and paste the results in your next reply.

#3 Plan9

Plan9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 23 July 2018 - 10:40 AM

I intentionally had system restore disabled as my OS is on a small SSD and I didn't want excessive writes to it. I did enable it at your request. I did not create a restore point yet, and there are no saved restore points.

 

I uninstalled CPU-Z and HiJackThis.

 

There is no "whocrashedSetup.exe" available for download at that site. I already had BlueScreenView 1.55 installed, so I uninstalled it, downloaded and reinstalled.

 

ndis.sys    ndis.sys+26ba    fffff880`01cc2000    fffff880`01db4000    0x000f2000    0x5a4991d1    12/31/2017 9:41:37 PM                        
ntoskrnl.exe    ntoskrnl.exe+b2d69    fffff800`0404b000    fffff800`0462e000    0x005e3000    0x5b0cb355    5/28/2018 9:56:37 PM    Microsoft® Windows® Operating System    NT Kernel & System    6.1.7601.24150 (win7sp1_ldr_escrow.180528-1700)    Microsoft Corporation    C:\Windows\system32\ntoskrnl.exe    
hal.dll        fffff800`04003000    fffff800`0404b000    0x00048000    0x5b0cbbb9    5/28/2018 10:32:25 PM                        
kdcom.dll        fffff800`00bb7000    fffff800`00bc1000    0x0000a000    0x4d4d8061    2/5/2011 12:52:49 PM                        
mcupdate.dll        fffff880`00c84000    fffff880`00c91000    0x0000d000    0x4a5bdf65    7/13/2009 9:29:09 PM                        
PSHED.dll        fffff880`00c91000    fffff880`00ca5000    0x00014000    0x4a5be027    7/13/2009 9:32:23 PM    Microsoft® Windows® Operating System    Platform Specific Hardware Error Driver    6.1.7600.16385 (win7_rtm.090713-1255)    Microsoft Corporation    C:\Windows\system32\PSHED.dll    
CLFS.SYS        fffff880`00ca5000    fffff880`00d04000    0x0005f000    0x5ac8e7a4    4/7/2018 11:45:40 AM                        
CI.dll        fffff880`00d04000    fffff880`00d77000    0x00073000    0x5af60913    5/11/2018 5:20:19 PM                        
Wdf01000.sys        fffff880`00e86000    fffff880`00f48000    0x000c2000    0x51c51641    6/21/2013 11:13:05 PM                        
WDFLDR.SYS        fffff880`00f48000    fffff880`00f58000    0x00010000    0x5010ab70    7/25/2012 10:29:04 PM                        
A4E46569.sys        fffff880`01034000    fffff880`01796000    0x00762000    0x558314c5    6/18/2015 2:58:13 PM                        
ACPI.sys        fffff880`01796000    fffff880`017ed000    0x00057000    0x5a7f2a31    2/10/2018 1:21:53 PM                        
WMILIB.SYS        fffff880`017ed000    fffff880`017f6000    0x00009000    0x4a5bc117    7/13/2009 7:19:51 PM                        
msisadrv.sys        fffff880`017f6000    fffff880`01800000    0x0000a000    0x5a7f2a29    2/10/2018 1:21:45 PM                        
pci.sys        fffff880`01000000    fffff880`01033000    0x00033000    0x5a7f2a42    2/10/2018 1:22:10 PM                        
vdrvroot.sys        fffff880`00f58000    fffff880`00f65000    0x0000d000    0x5a7f2e25    2/10/2018 1:38:45 PM                        
partmgr.sys        fffff880`00f65000    fffff880`00f7a000    0x00015000    0x4f641bc1    3/17/2012 1:06:09 AM                        
volmgr.sys        fffff880`00f7a000    fffff880`00f8e000    0x00014000    0x5a7f2a34    2/10/2018 1:21:56 PM                        
volmgrx.sys        fffff880`00f8e000    fffff880`00fea000    0x0005c000    0x595fa074    7/7/2017 10:53:40 AM                        
pciide.sys        fffff880`00fea000    fffff880`00ff1000    0x00007000    0x4a5bc115    7/13/2009 7:19:49 PM                        
PCIIDEX.SYS        fffff880`00e00000    fffff880`00e10000    0x00010000    0x4a5bc114    7/13/2009 7:19:48 PM                        
mountmgr.sys        fffff880`00e10000    fffff880`00e2a000    0x0001a000    0x590f3498    5/7/2017 10:52:08 AM                        
vmbus.sys        fffff880`00e2a000    fffff880`00e66000    0x0003c000    0x4ce79b89    11/20/2010 5:57:29 AM                        
winhv.sys        fffff880`00e66000    fffff880`00e7a000    0x00014000    0x4ce792c2    11/20/2010 5:20:02 AM                        
iaStorV.sys        fffff880`01817000    fffff880`01935000    0x0011e000    0x4c11875b    6/10/2010 8:46:19 PM                        
atapi.sys        fffff880`01935000    fffff880`0193e000    0x00009000    0x4a5bc113    7/13/2009 7:19:47 PM                        
ataport.SYS        fffff880`0193e000    fffff880`01968000    0x0002a000    0x51fef9b5    8/4/2013 9:02:45 PM                        
msahci.sys        fffff880`01968000    fffff880`01973000    0x0000b000    0x4ce7a416    11/20/2010 6:33:58 AM                        
amd_sata.sys        fffff880`01973000    fffff880`0198b000    0x00018000    0x5077e774    10/12/2012 5:48:36 AM                        
storport.sys        fffff880`0198b000    fffff880`019ef000    0x00064000    0x52f04432    2/3/2014 9:36:50 PM                        
amd_xata.sys        fffff880`019ef000    fffff880`019fd000    0x0000e000    0x5077e777    10/12/2012 5:48:39 AM                        
amdxata.sys        fffff880`01800000    fffff880`0180b000    0x0000b000    0x4ba3a3ca    3/19/2010 12:18:18 PM                        
fltmgr.sys        fffff880`00d77000    fffff880`00dc1000    0x0004a000    0x5a4991bc    12/31/2017 9:41:16 PM                        
fileinfo.sys        fffff880`00dc1000    fffff880`00dd5000    0x00014000    0x4a5bc481    7/13/2009 7:34:25 PM                        
Ntfs.sys        fffff880`01a34000    fffff880`01bdc000    0x001a8000    0x5afa4f1c    5/14/2018 11:08:12 PM                        
msrpc.sys        fffff880`00c00000    fffff880`00c5e000    0x0005e000    0x5a7f2a40    2/10/2018 1:22:08 PM                        
ksecdd.sys        fffff880`01bdc000    fffff880`01bf7000    0x0001b000    0x5b0cb2ec    5/28/2018 9:54:52 PM                        
cng.sys        fffff880`01c32000    fffff880`01ca7000    0x00075000    0x5af4ff06    5/10/2018 10:25:10 PM                        
pcw.sys        fffff880`01ca7000    fffff880`01cb8000    0x00011000    0x4a5bc0ff    7/13/2009 7:19:27 PM                        
Fs_Rec.sys        fffff880`01cb8000    fffff880`01cc2000    0x0000a000    0x4f4eefd2    2/29/2012 11:41:06 PM                        
NETIO.SYS        fffff880`01e4a000    fffff880`01eaa000    0x00060000    0x5a58dc01    1/12/2018 12:02:09 PM                        
ksecpkg.sys        fffff880`01eaa000    fffff880`01ed5000    0x0002b000    0x5b0cb4d6    5/28/2018 10:03:02 PM                        
tcpip.sys        fffff880`02000000    fffff880`021fb000    0x001fb000    0x5a58dc42    1/12/2018 12:03:14 PM                        
fwpkclnt.sys        fffff880`01ed5000    fffff880`01f1e000    0x00049000    0x5a58dbf5    1/12/2018 12:01:57 PM                        
avusbflt.sys        fffff880`01f1e000    fffff880`01f29000    0x0000b000    0x5909bb35    5/3/2017 7:12:53 AM                        
vmstorfl.sys        fffff880`01f29000    fffff880`01f39000    0x00010000    0x4ce79b8a    11/20/2010 5:57:30 AM                        
volsnap.sys        fffff880`01f39000    fffff880`01f85000    0x0004c000    0x4ce792c8    11/20/2010 5:20:08 AM                        
spldr.sys        fffff880`01f85000    fffff880`01f8d000    0x00008000    0x4a0858bb    5/11/2009 12:56:27 PM                        
rdyboost.sys        fffff880`01f8d000    fffff880`01fc7000    0x0003a000    0x5a499288    12/31/2017 9:44:40 PM                        
mup.sys        fffff880`01fc7000    fffff880`01fd9000    0x00012000    0x4a5bc201    7/13/2009 7:23:45 PM                        
hwpolicy.sys        fffff880`01fd9000    fffff880`01fe2000    0x00009000    0x4ce7927e    11/20/2010 5:18:54 AM                        
fvevol.sys        fffff880`01e00000    fffff880`01e3a000    0x0003a000    0x5100a65c    1/23/2013 11:11:24 PM                        
disk.sys        fffff880`01fe2000    fffff880`01ff7000    0x00015000    0x569eecf6    1/19/2016 10:12:06 PM                        
CLASSPNP.SYS        fffff880`01db4000    fffff880`01de4000    0x00030000    0x4ce7929b    11/20/2010 5:19:23 AM                        
avdevprot.sys        fffff880`01de4000    fffff880`01df6000    0x00012000    0x5909bb37    5/3/2017 7:12:55 AM                        
AtiPcie.sys        fffff880`01ff7000    fffff880`01fff000    0x00008000    0x4a005486    5/5/2009 11:00:22 AM                        
cdrom.sys        fffff880`01a00000    fffff880`01a2a000    0x0002a000    0x4ce79298    11/20/2010 5:19:20 AM                        
Null.SYS        fffff880`01c28000    fffff300`01c31000    0xfffffa8000009000    0x4a5bc109    7/13/2009 7:19:37 PM                        
Beep.SYS        fffff880`01df6000    fffff880`01dfd000    0x00007000    0x4a5bca8d    7/13/2009 8:00:13 PM                        
vga.sys        fffff880`00ff1000    fffff880`00fff000    0x0000e000    0x4a5bc587    7/13/2009 7:38:47 PM                        
VIDEOPRT.SYS        fffff880`00c5e000    fffff880`00c83000    0x00025000    0x5b0cb3ff    5/28/2018 9:59:27 PM                        
watchdog.sys        fffff880`00dd5000    fffff880`00de5000    0x00010000    0x4a5bc53f    7/13/2009 7:37:35 PM                        
RDPCDD.sys        fffff880`01a2a000    fffff880`01a33000    0x00009000    0x4a5bce62    7/13/2009 8:16:34 PM                        
rdpencdd.sys        fffff880`01bf7000    fffff300`01c00000    0xfffffa8000009000    0x4a5bce62    7/13/2009 8:16:34 PM                        
rdprefmp.sys        fffff880`0180b000    fffff880`01814000    0x00009000    0x4a5bce63    7/13/2009 8:16:35 PM                        
Msfs.SYS        fffff880`00e7a000    fffff880`00e85000    0x0000b000    0x4a5bc113    7/13/2009 7:19:47 PM                        
Npfs.SYS        fffff880`00de5000    fffff880`00df6000    0x00011000    0x4a5bc114    7/13/2009 7:19:48 PM                        
tdx.sys        fffff880`04611000    fffff880`04633000    0x00022000    0x597ca21d    7/29/2017 10:56:29 AM                        
TDI.SYS        fffff880`04633000    fffff880`04640000    0x0000d000    0x4ce7933e    11/20/2010 5:22:06 AM                        
afd.sys        fffff880`04640000    fffff880`046c9000    0x00089000    0x58e3b35c    4/4/2017 10:53:16 AM                        
netbt.sys        fffff880`046c9000    fffff880`0470e000    0x00045000    0x598d47df    8/11/2017 1:59:59 AM                        
ws2ifsl.sys        fffff880`0470e000    fffff300`04719000    0xfffffa800000b000    0x4a5bccf9    7/13/2009 8:10:33 PM                        
wfplwf.sys        fffff880`04719000    fffff880`04722000    0x00009000    0x4a5bccb6    7/13/2009 8:09:26 PM                        
pacer.sys        fffff880`04722000    fffff880`04748000    0x00026000    0x5a4994f8    12/31/2017 9:55:04 PM                        
netbios.sys        fffff880`04748000    fffff880`04758000    0x00010000    0x5a4994f4    12/31/2017 9:55:00 PM                        
wanarp.sys        fffff880`04775000    005bf880`04790000    0x005c00000001b000    0x5a499504    12/31/2017 9:55:16 PM                        
termdd.sys        fffff880`04790000    fffff880`047a4000    0x00014000    0x5a7f2f9e    2/10/2018 1:45:02 PM                        
SCDEmu.SYS        fffff880`047a4000    fffff120`047cb000    0xfffff8a000027000    0x595d63f8    7/5/2017 6:11:04 PM                        
rdbss.sys        fffff880`0481d000    fffff880`04870000    0x00053000    0x59deb54c    10/11/2017 8:20:28 PM                        
nsiproxy.sys        fffff880`04870000    fffff880`0487c000    0x0000c000    0x598d479f    8/11/2017 1:58:55 AM                        
mssmbios.sys        fffff880`0487c000    fffff880`04887000    0x0000b000    0x5a7f2b12    2/10/2018 1:25:38 PM                        
discache.sys        fffff880`04887000    fffff100`04896000    0xfffff8800000f000    0x4a5bc52e    7/13/2009 7:37:18 PM                        
csc.sys        fffff880`04896000    fffff880`04919000    0x00083000    0x4ce79470    11/20/2010 5:27:12 AM                        
dfsc.sys        fffff880`04919000    fffff300`04938000    0xfffffa800001f000    0x5a4991e3    12/31/2017 9:41:55 PM                        
blbdrive.sys        fffff880`04938000    fffff880`04949000    0x00011000    0x4a5bc4df    7/13/2009 7:35:59 PM                        
avkmgr.sys        fffff880`04949000    fffff880`04953000    0x0000a000    0x58540c6c    12/16/2016 11:46:52 AM                        
avipbb.sys        fffff880`04953000    fffff880`0497c000    0x00029000    0x5b2933df    6/19/2018 12:48:31 PM                        
tunnel.sys        fffff880`0497c000    fffff880`049a2000    0x00026000    0x4ce7a846    11/20/2010 6:51:50 AM                        
amdppm.sys        fffff880`049a2000    fffff300`049b7000    0xfffffa8000015000    0x4a5bc0fd    7/13/2009 7:19:25 PM                        
nvlddmkm.sys        fffff880`138b0000    fffff880`14938000    0x01088000    0x5b110352    6/1/2018 4:26:58 AM                        
dxgkrnl.sys        fffff880`034db000    625268d0`035d0000    0x62527050000f5000    0x591b136f    5/16/2017 10:57:51 AM                        
dxgmms1.sys        fffff880`03400000    fffff880`03446000    0x00046000    0x591b135e    5/16/2017 10:57:34 AM                        
HDAudBus.sys        fffff880`03446000    fffff300`0346a000    0xfffffa8000024000    0x4ce7a65e    11/20/2010 6:43:42 AM                        
L1E62x64.sys        fffff880`0346a000    fffff880`0347c000    0x00012000    0x4a30a802    6/11/2009 2:45:22 AM                        
usbohci.sys        fffff880`0347c000    fffff300`03487000    0xfffffa800000b000    0x59e6b72f    10/17/2017 10:06:39 PM                        
USBPORT.SYS        fffff880`14938000    fffff880`1498f000    0x00057000    0x59e6b730    10/17/2017 10:06:40 PM                        
usbehci.sys        fffff880`03487000    fffff880`03499000    0x00012000    0x59e6b730    10/17/2017 10:06:40 PM                        
ASACPI.sys        fffff880`03499000    fffff880`034a1000    0x00008000    0x42476c4c    3/27/2005 10:30:36 PM                        
fdc.sys        fffff880`034a1000    fffff880`034ae000    0x0000d000    0x4a5bcab6    7/13/2009 8:00:54 PM                        
wmiacpi.sys        fffff880`034ae000    fffff880`034b7000    0x00009000    0x5a7f2b06    2/10/2018 1:25:26 PM                        
CompositeBus.sys        fffff880`034b7000    fffff880`034c7000    0x00010000    0x4ce7a3ed    11/20/2010 6:33:17 AM                        
AgileVpn.sys        fffff880`035d0000    fffff880`035e6000    0x00016000    0x4a5bccf0    7/13/2009 8:10:24 PM                        
rasl2tp.sys        fffff880`1498f000    fffff880`149b3000    0x00024000    0x4ce7a872    11/20/2010 6:52:34 AM                        
ndistapi.sys        fffff880`035e6000    fffff880`035f2000    0x0000c000    0x5a4994fb    12/31/2017 9:55:07 PM                        
ndiswan.sys        fffff880`149b3000    fffff880`149e2000    0x0002f000    0x4ce7a870    11/20/2010 6:52:32 AM                        
raspppoe.sys        fffff880`149e2000    0062f8ef`149fd000    0x0063006f0001b000    0x4a5bcce9    7/13/2009 8:10:17 PM                        
raspptp.sys        fffff880`13800000    fffff880`13821000    0x00021000    0x4ce7a86f    11/20/2010 6:52:31 AM                        
rassstp.sys        fffff880`13821000    fffff880`1383b000    0x0001a000    0x4a5bccf1    7/13/2009 8:10:25 PM                        
rdpbus.sys        fffff880`035f2000    0064f8e3`035fd000    0x006500630000b000    0x4a5bceaa    7/13/2009 8:17:46 PM                        
kbdclass.sys        fffff880`034c7000    fffff880`034d6000    0x0000f000    0x4a5bc116    7/13/2009 7:19:50 PM                        
mouclass.sys        fffff880`1383b000    fffff880`1384a000    0x0000f000    0x4a5bc116    7/13/2009 7:19:50 PM                        
swenum.sys        fffff880`034d6000    fffff880`034d7480    0x00001480    0x5a7f2e02    2/10/2018 1:38:10 PM                        
ks.sys        fffff880`1384a000    fffff880`1388d000    0x00043000    0x4ce7a3f3    11/20/2010 6:33:23 AM                        
amdiox64.sys        fffff880`1388d000    fffff880`138a1000    0x00014000    0x4b7d5a21    2/18/2010 11:17:53 AM                        
LGBusEnum.sys        fffff880`138a1000    fffff8f4`138a5e00    0x0000007400004e00    0x575effac    6/13/2016 2:47:08 PM                        
LGJoyXlCore.sys        fffff880`049b7000    fffff880`049c3800    0x0000c800    0x575effaa    6/13/2016 2:47:06 PM                        
AmdTools64.sys        fffff880`049c4000    fffff880`049d7000    0x00013000    0x4816036b    4/28/2008 1:03:39 PM                        
umbus.sys        fffff880`049d7000    fffff880`049e9000    0x00012000    0x4ce7a695    11/20/2010 6:44:37 AM                        
usbhub.sys        fffff880`05205000    fffff880`0525f000    0x0005a000    0x59e6b740    10/17/2017 10:06:56 PM                        
flpydisk.sys        fffff880`0525f000    fffff300`0526a000    0xfffffa800000b000    0x4a5bcab6    7/13/2009 8:00:54 PM                        
NDProxy.SYS        fffff880`0526a000    fffff880`0527f000    0x00015000    0x5a4994fd    12/31/2017 9:55:09 PM                        
nvhda64v.sys        fffff880`0527f000    fffff880`052b6000    0x00037000    0x5ac431f0    4/3/2018 10:01:20 PM                        
portcls.sys        fffff880`052b6000    fffff880`052f3000    0x0003d000    0x56671d76    12/8/2015 2:12:06 PM                        
drmk.sys        fffff880`052f3000    fffff880`05315000    0x00022000    0x5667276c    12/8/2015 2:54:36 PM                        
ksthunk.sys        fffff880`05315000    fffff880`0531a200    0x00005200    0x4a5bca93    7/13/2009 8:00:19 PM                        
HdAudio.sys        fffff880`0531b000    fffff100`05377000    0xfffff8800005c000    0x4ce7a687    11/20/2010 6:44:23 AM                        
win32k.sys        fffff960`000b0000    fffff960`003d8000    0x00328000    0x5accde0b    4/10/2018 11:53:47 AM                        
Dxapi.sys        fffff880`05377000    fffff880`05383000    0x0000c000    0x4a5bc574    7/13/2009 7:38:28 PM                        
crashdmp.sys        fffff880`05383000    fffff880`05391000    0x0000e000    0x4a5bcabd    7/13/2009 8:01:01 PM                        
dump_ataport.sys        fffff880`05391000    fffff880`0539d000    0x0000c000    0x4a5bc113    7/13/2009 7:19:47 PM                        
dump_atapi.sys        fffff880`0539d000    fffff300`053a6000    0xfffffa8000009000    0x4a5bc113    7/13/2009 7:19:47 PM                        
dump_dumpfve.sys        fffff880`053a6000    fffff8f4`053b9000    0x0000007400013000    0x4a5bc18f    7/13/2009 7:21:51 PM                        
usbccgp.sys        fffff880`053b9000    fffff880`053d6000    0x0001d000    0x59e6b736    10/17/2017 10:06:46 PM                        
USBD.SYS        fffff880`053d6000    fffff880`053d7e80    0x00001e80    0x59e6b72b    10/17/2017 10:06:35 PM                        
hidusb.sys        fffff880`053d8000    fffff880`053e6000    0x0000e000    0x5af64c72    5/11/2018 10:07:46 PM                        
HIDCLASS.SYS        fffff880`053e6000    4f8f0271`053ff000    0x4f8f09f100019000    0x5af64c73    5/11/2018 10:07:47 PM                        
HIDPARSE.SYS        fffff880`138a6000    137f0511`138ae180    0x137f0c9100008180    0x5af64c72    5/11/2018 10:07:46 PM                        
rzendpt.sys        fffff880`049e9000    fffff880`049f8000    0x0000f000    0x55c9d8ea    8/11/2015 7:13:46 AM                        
kbdhid.sys        fffff880`04800000    fffff880`0480e000    0x0000e000    0x4ce7a3f5    11/20/2010 6:33:25 AM                        
rzudd.sys        fffff880`047cb000    fffff880`047fe000    0x00033000    0x55c9d8ee    8/11/2015 7:13:50 AM                        
mouhid.sys        fffff880`0480e000    fffff880`0481b000    0x0000d000    0x4a5bca94    7/13/2009 8:00:20 PM                        
monitor.sys        fffff880`04600000    0064f8d3`0460e000    0x006500530000e000    0x4a5bc58c    7/13/2009 7:38:52 PM                        
TSDDD.dll        fffff960`005e0000    fffff960`005ea000    0x0000a000    0x4a5bce62    7/13/2009 8:16:34 PM                        
cdd.dll        fffff960`006c0000    fffff960`006e7000    0x00027000    0x591b1b46    5/16/2017 11:31:18 AM                        
PLTGC.sys        fffff880`02c6e000    fffff880`02dfe000    0x00190000    0x50a44da9    11/14/2012 10:04:25 PM                        
ATMFD.DLL        fffff960`008f0000    fffff960`00953000    0x00063000    0x5aa2c37a    3/9/2018 1:25:14 PM    Adobe Type Manager    Windows NT OpenType/Type 1 Font Driver    5.1 Build 253    Adobe Systems Incorporated    C:\Windows\system32\ATMFD.DLL    
luafv.sys        fffff880`02c00000    fffff300`02c23000    0xfffffa8000023000    0x59deb539    10/11/2017 8:20:09 PM                        
avgntflt.sys        fffff880`02c23000    fffff880`02c5a000    0x00037000    0x5b27c97e    6/18/2018 11:02:22 AM                        
lltdio.sys        fffff880`04758000    fffff880`0476d000    0x00015000    0x4a5bcc92    7/13/2009 8:08:50 PM                        
rspndr.sys        fffff880`01c00000    000011e4`01c18000    0x0000196400018000    0x4a5bcc92    7/13/2009 8:08:50 PM                        
HTTP.sys        fffff880`04260000    fffff880`04328000    0x000c8000    0x5a4991d1    12/31/2017 9:41:37 PM                        
bowser.sys        fffff880`04328000    fffff880`04345000    0x0001d000    0x57f51433    10/5/2016 10:54:43 AM                        
mpsdrv.sys        fffff880`04345000    fffff880`0435d000    0x00018000    0x5a4994e2    12/31/2017 9:54:42 PM                        
mrxsmb.sys        fffff880`0435d000    fffff300`0438a000    0xfffffa800002d000    0x5b0cb33d    5/28/2018 9:56:13 PM                        
mrxsmb10.sys        fffff880`0438a000    fffff300`043d8000    0xfffffa800004e000    0x5b0cb31a    5/28/2018 9:55:38 PM                        
mrxsmb20.sys        fffff880`043d8000    fffff880`043fc000    0x00024000    0x5b0cb319    5/28/2018 9:55:37 PM                        
LGVirHid.sys        fffff880`043fc000    fffff880`043fe500    0x00002500    0x575effa7    6/13/2016 2:47:03 PM                        
avnetflt.sys        fffff880`04200000    fffff880`04215000    0x00015000    0x58540ccb    12/16/2016 11:48:27 AM                        
lgcoretemp.sys        fffff880`04215000    6c5265cd`0421d000    0x6c526d4d00008000    0x557719ba    6/9/2015 12:52:10 PM                        
npf.sys        fffff880`0421d000    fffff8d0`04229000    0x000000500000c000    0x513004ec    2/28/2013 9:31:24 PM                        
peauth.sys        fffff880`088b0000    fffff880`0895a000    0x000aa000    0x57603aaa    6/14/2016 1:11:06 PM                        
rzpmgrk.sys        fffff880`0895a000    fffff880`08960d00    0x00006d00    0x5aa0798e    3/7/2018 7:45:18 PM                        
rzpnk.sys        fffff880`08961000    fffff300`0897f380    0xfffffa800001e380    0x5ab00791    3/19/2018 2:55:13 PM                        
srvnet.sys        fffff880`08980000    fffff880`089b1000    0x00031000    0x5accdc84    4/10/2018 11:47:16 AM                        
tcpipreg.sys        fffff880`089b1000    fffff880`089c3000    0x00012000    0x577e7056    7/7/2016 11:08:06 AM                        
srv2.sys        fffff880`08800000    fffff880`08868000    0x00068000    0x5accdc94    4/10/2018 11:47:32 AM                        
srv.sys        fffff880`08cf1000    fffff300`08d88000    0xfffffa8000097000    0x5accdcae    4/10/2018 11:47:58 AM                        
fastfat.SYS        fffff880`08d88000    fffff880`08dbe000    0x00036000    0x58c2cc6e    3/10/2017 11:55:26 AM                        
asyncmac.sys        fffff880`08c71000    0066f8ef`08c7c000    0x0067006f0000b000    0x4a5bcce5    7/13/2009 8:10:13 PM                        
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 PM

Posted 24 July 2018 - 06:35 AM

Hi,

Try this.

HOW TO RESTART A WINDOWS 7 COMPUTER WITH THE LAST KNOWN GOOD CONFIGURATION

https://www.dummies.com/computers/operating-systems/windows-7/how-to-restart-a-windows-7-computer-with-the-last-known-good-configuration/

How is the computer now?

#5 Plan9

Plan9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 24 July 2018 - 06:08 PM

I ran a chkdsk on all my drives, and it found and corrected errors on my E:\ drive.

 

EDIT: I was able to get it to BSOD again with the same method when I booted normally. I then rebooted and chose last known good configuration. It did not BSOD after several attempts. I did not expect this to matter as the computer has booted and shutdown cleanly in this configuration.

 

EDIT 2: It still BSODs while in last known good config.


Edited by Plan9, 24 July 2018 - 11:50 PM.


#6 Plan9

Plan9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 25 July 2018 - 12:08 AM

Another interesting thing of note. I went to change the dump type from small memory dump to a kernel dump and it said

Windows might not be able to record details that could help identify system errors because your current paging file is disabled or less than 400 megabytes.  Click OK to return to the Virtual Memory settings window, enable the paging file, and set the size to a value over 400 megabytes, or click Cancel to change your memory dump selection.

However I have my OS drive set to a system managed paging file size (my other 3 drives have it disabled). The system managed size is 8GB. When I enabled paging on the other 3, I get the same error.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 PM

Posted 25 July 2018 - 08:34 AM

Hi,

I then rebooted and chose last known good configuration. It did not BSOD after several attempts. I did not expect this to matter as the computer has booted and shutdown cleanly in this configuration.


If this works why try to boot while in last known good config.?

#8 Plan9

Plan9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 25 July 2018 - 11:07 AM

Hi,
 

I then rebooted and chose last known good configuration. It did not BSOD after several attempts. I did not expect this to matter as the computer has booted and shutdown cleanly in this configuration.


If this works why try to boot while in last known good config.?

 

 

It was just luck that it didn't BSOD. I clarified in my edits that it did crash later on.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:48 PM

Posted 25 July 2018 - 01:19 PM


Hi


Read carefully and follow these steps.
TDSS
  • Download TDSSKiller
    and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===


#10 Plan9

Plan9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 25 July 2018 - 02:18 PM

I ran TDSS last night and it found nothing. I reran it now and had it scan loaded modules, and it came up clean.

Attached Files



#11 Plan9

Plan9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 25 July 2018 - 04:06 PM

This can be closed. I think the Windows installation is too suspect and I am in the process of reinstalling. Thanks for the help.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users