Ran by Primitive (administrator) on RANY (01-04-2017 20:38:50)
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) G:\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) G:\Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes) G:\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Rainmeter) G:\Rainmeter\Rainmeter.exe
(Spotify Ltd) C:\Users\Primitive\Downloads\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => G:\Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => G:\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Steam] => G:\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Discord] => C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [TQOS_REPORT] => g:\non-steam games\monster hunter online\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify Web Helper] => C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify] => C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-01] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-23]
ShortcutTarget: Rainmeter.lnk -> G:\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpotifyWebHelper.exe - Shortcut.lnk [2017-01-25]
ShortcutTarget: SpotifyWebHelper.exe - Shortcut.lnk -> C:\Users\Primitive\Downloads\SpotifyWebHelper.exe (Spotify Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7eb64d0a-f41c-4682-a71c-66653c8069d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{83fe7494-0511-4654-8018-3bf915ca7f93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7427483-624e-4d4c-9009-612f371d9f4c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c88be9c3-cd57-11e5-a678-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [DhcpNameServer] 192.168.29.1
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2017-02-26] (Unity Technologies ApS)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin64 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)
Chrome:
=======
CHR Profile: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default [2017-04-01]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; G:\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-09-24] (Echobit, LLC)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-04-01] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 TesMon; C:\WINDOWS\system32\TesMon.sys [71976 2016-09-18] (Tencent)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1007928 2017-01-18] (TENCENT)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 20:37 - 2017-04-01 20:37 - 00000000 ____D C:\Users\Primitive\AppData\Local\ActiveSync
2017-04-01 20:33 - 2017-04-01 20:25 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-04-01 20:25 - 2017-04-01 20:33 - 00000000 ____D C:\zoek_backup
2017-04-01 20:25 - 2017-04-01 20:25 - 01309184 _____ C:\Users\Primitive\Desktop\zoek.exe
2017-04-01 18:36 - 2017-04-01 18:37 - 00031027 _____ C:\Users\Primitive\Desktop\Fixlog.txt
2017-03-31 16:48 - 2017-03-31 16:48 - 00006916 _____ C:\Users\Primitive\Documents\AdwCleaner[C0].txt
2017-03-31 16:47 - 2017-03-31 16:47 - 00000000 ____D C:\Storage
2017-03-31 16:46 - 2017-04-01 20:36 - 00000008 __RSH C:\Users\Primitive\ntuser.pol
2017-03-31 16:44 - 2017-03-31 16:45 - 00000000 ____D C:\AdwCleaner
2017-03-31 16:43 - 2017-03-31 16:39 - 04089296 _____ C:\Users\Primitive\Desktop\AdwCleaner.exe
2017-03-30 19:06 - 2017-03-30 19:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.scr
2017-03-30 19:06 - 2017-03-30 18:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.com
2017-03-30 18:38 - 2017-03-30 19:29 - 00000000 ____D C:\Users\Primitive\Desktop\mbar
2017-03-30 18:38 - 2017-03-30 18:29 - 19044562 _____ C:\Users\Primitive\Desktop\mbar-1.09.3.1001.zip
2017-03-30 18:38 - 2017-03-30 18:28 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Primitive\Desktop\rkill.exe
2017-03-30 17:15 - 2017-03-30 17:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Primitive\Desktop\mbar-1.09.3.1001.exe
2017-03-29 19:33 - 2017-04-01 20:39 - 00018825 _____ C:\Users\Primitive\Desktop\FRST.txt
2017-03-29 19:33 - 2017-03-31 16:51 - 00081809 _____ C:\Users\Primitive\Desktop\Addition.txt
2017-03-29 18:03 - 2017-03-29 18:03 - 00000159 _____ C:\Users\Primitive\Desktop\ckfiles.txt
2017-03-29 18:02 - 2017-03-29 17:50 - 00468480 _____ () C:\Users\Primitive\Desktop\CKScanner.exe
2017-03-29 17:47 - 2017-03-29 17:47 - 00000000 ____D C:\RegBackup
2017-03-29 16:01 - 2017-03-29 16:01 - 00083371 _____ C:\Users\Primitive\Desktop\2 (1).txt
2017-03-29 16:01 - 2017-03-29 16:01 - 00000100 _____ C:\Users\Primitive\Desktop\2 (2).txt
2017-03-27 21:36 - 2017-03-27 21:37 - 00086726 _____ C:\Users\Primitive\Desktop\1 (2).txt
2017-03-27 21:35 - 2017-04-01 20:38 - 00000000 ____D C:\FRST
2017-03-27 21:35 - 2017-03-29 16:01 - 00045799 _____ C:\Users\Primitive\Desktop\1 (1).txt
2017-03-27 21:29 - 2017-03-27 21:34 - 02424832 _____ (Farbar) C:\Users\Primitive\Desktop\FRST64.exe
2017-03-25 00:36 - 2017-03-25 00:36 - 01962408 _____ C:\Users\Primitive\Downloads\wrar540.exe
2017-03-24 21:14 - 2017-03-24 21:14 - 00012872 ____N C:\bootsqm.dat
2017-03-24 19:16 - 2017-03-24 21:17 - 00000000 ____D C:\Users\Primitive\Desktop\Keep Talking and Nobody Explodes
2017-03-24 19:16 - 2017-03-24 19:16 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\Steel Crate Games
2017-03-20 17:17 - 2017-03-16 18:56 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-03-20 17:15 - 2017-03-16 21:01 - 40190400 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 34991672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 16851280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11019888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 09306312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 08990256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 03169848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 02716096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00687408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00515648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00207856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00183136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00177992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00152064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-03-14 12:44 - 2017-03-14 12:44 - 04220719 _____ C:\Users\Primitive\Downloads\HS-HSS-TAP-Part_5_--_Chapter_31-_American_Life_in_the_Roaring_Twenties.pdf
2017-03-12 21:46 - 2016-10-27 17:18 - 00000000 ____D C:\Users\Primitive\Desktop\4.3.0
2017-03-09 19:27 - 2017-02-23 18:55 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437878.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437878.dll
2017-03-06 21:26 - 2017-03-06 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-03-06 20:54 - 2017-03-06 20:57 - 1182291124 _____ C:\Users\Primitive\Downloads\397483-ZOTYCE.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-01 20:37 - 2016-10-09 16:08 - 00000000 ____D C:\Users\Primitive\AppData\Local\ClassicShell
2017-04-01 20:37 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Spotify
2017-04-01 20:37 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\Spotify
2017-04-01 20:37 - 2016-02-07 01:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-01 20:36 - 2016-02-07 01:04 - 00000000 ____D C:\Users\Primitive
2017-04-01 20:35 - 2017-01-10 02:10 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-01 20:35 - 2016-04-04 16:11 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 20:35 - 2016-02-07 01:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-01 20:35 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-04-01 20:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-04-01 18:43 - 2016-02-07 01:12 - 00770738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-31 16:48 - 2016-02-11 18:47 - 00000000 ____D C:\Users\Primitive\AppData\Local\CrashDumps
2017-03-30 19:30 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2017-03-30 19:11 - 2016-04-04 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 18:21 - 2017-01-12 18:10 - 00264598 ____N C:\WINDOWS\Minidump\032917-4390-01.dmp
2017-03-29 18:21 - 2016-04-07 16:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-29 15:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-26 22:18 - 2016-02-07 01:07 - 00000000 ____D C:\Users\Primitive\AppData\Local\Packages
2017-03-26 21:20 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-25 21:53 - 2016-02-09 15:31 - 00000000 ____D C:\Users\Primitive\AppData\Local\Battle.net
2017-03-25 21:52 - 2016-02-09 15:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-25 20:03 - 2016-02-07 04:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mumble
2017-03-24 23:47 - 2017-02-04 04:52 - 00000000 ____D C:\Users\Primitive\MusicBot
2017-03-24 20:05 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-24 20:04 - 2016-10-14 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-24 17:40 - 2016-03-11 18:19 - 00565800 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-03-20 17:18 - 2016-10-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 17:18 - 2016-02-07 01:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 17:18 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-20 17:18 - 2014-08-31 14:59 - 00000000 ____D C:\Temp
2017-03-20 17:17 - 2016-04-30 16:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-17 16:03 - 2016-04-05 18:23 - 14574640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-03-16 21:01 - 2017-01-01 20:05 - 28254264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-03-16 21:01 - 2017-01-01 20:05 - 00043636 _____ C:\WINDOWS\system32\nvinfo.pb
2017-03-16 21:01 - 2016-10-28 21:08 - 00640456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00573632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 24492880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 20769264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 13800944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 03597456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-03-16 19:31 - 2016-10-08 15:14 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-16 19:16 - 2016-04-05 18:24 - 00549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-16 19:16 - 2016-04-05 18:24 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-16 05:39 - 2016-02-07 01:10 - 07813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-09 00:07 - 2016-02-07 01:15 - 00000000 ____D C:\Users\Primitive\AppData\Local\Roblox
2017-03-08 22:00 - 2016-09-26 17:57 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-08 19:25 - 2017-01-10 02:01 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-06 21:44 - 2016-05-01 20:31 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft Games
2017-03-06 21:43 - 2016-05-01 20:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-06 21:43 - 2016-05-01 20:30 - 00000000 ____D C:\ProgramData\Microsoft Games
2017-03-06 21:24 - 2016-02-07 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-04 19:12 - 2017-01-22 01:30 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-06-01 21:22 - 2016-06-01 21:22 - 0007606 _____ () C:\Users\Primitive\AppData\Local\Resmon.ResmonCfg
2017-01-09 22:52 - 2017-01-09 22:52 - 0000000 _____ () C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 22:54 - 2017-01-09 22:54 - 0000001 _____ () C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 22:52 - 2017-01-09 22:54 - 0000000 _____ () C:\Users\Primitive\AppData\Local\stxtname.txt
2016-12-23 20:55 - 2016-12-23 20:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2017-01-01 20:00 - 2017-01-22 01:30 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 20:00 - 2017-01-22 00:32 - 0004188 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {9dc7cb4b-cd57-11e5-b7dd-a388bc2214f9}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
displaybootmenu No
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {bd7b75f8-cd57-11e5-b7dd-a388bc2214f9}
recoveryenabled No
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {9dc7cb4b-cd57-11e5-b7dd-a388bc2214f9}
nx OptIn
bootmenupolicy Standard
bootstatuspolicy IgnoreAllFailures
Windows Boot Loader
-------------------
identifier {bd7b75f8-cd57-11e5-b7dd-a388bc2214f9}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bd7b75f9-cd57-11e5-b7dd-a388bc2214f9}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{bd7b75f9-cd57-11e5-b7dd-a388bc2214f9}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {eaa6785d-3138-11e4-9df6-810d00d19672}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\eaa6785d-3138-11e4-9df6-810d00d19672\Winre.wim,{eaa6785e-3138-11e4-9df6-810d00d19672}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\eaa6785d-3138-11e4-9df6-810d00d19672\Winre.wim,{eaa6785e-3138-11e4-9df6-810d00d19672}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {9dc7cb4b-cd57-11e5-b7dd-a388bc2214f9}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {bd7b75f8-cd57-11e5-b7dd-a388bc2214f9}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Resume from Hibernate
---------------------
identifier {eaa6785b-3138-11e4-9df6-810d00d19672}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {eaa6785d-3138-11e4-9df6-810d00d19672}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {bd7b75f9-cd57-11e5-b7dd-a388bc2214f9}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {eaa6785e-3138-11e4-9df6-810d00d19672}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\eaa6785d-3138-11e4-9df6-810d00d19672\boot.sdi
Device options
--------------
identifier {eaa6785f-3138-11e4-9df6-810d00d19672}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
LastRegBack: 2017-01-09 20:00
==================== End of FRST.txt ============================