1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Diagnosis needed

Discussion in 'Virus & Other Malware Removal' started by BlackFrancis, Dec 17, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. BlackFrancis

    BlackFrancis Thread Starter

    Joined:
    Oct 21, 2006
    Messages:
    223
    Hello,

    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 10110 Mb
    Graphics Card: NVIDIA GeForce GT 630, -2048 Mb
    Hard Drives: C: 465 GB (289 GB Free); D: 232 GB (81 GB Free);
    Motherboard: Gigabyte Technology Co., Ltd., Z87-HD3
    Antivirus: None

    This reports I have no antivirus, but I do have Malware Bytes. Scans come back clean.
    I need to determine if my issues are hardware or software related. Merely booting my PC now shows 9GB out of 10 RAM is used up, yet in my list of Processes there's not nearly that much being used by my programs. SOME programs take unusually long to boot, I sometimes get freezes, yet I can watch videos online and on VLC as well as play computer games (early 2000s) without issues.

    How should I proceed?

    Thank you
     
  2. BlackFrancis

    BlackFrancis Thread Starter

    Joined:
    Oct 21, 2006
    Messages:
    223
    I've identified a problem. Simply clicking "Show processes from all users" in Task Manager showed me "shkernel.exe" taking up 4GB of RAM. The program being SpyHunter. There are no other users on this computer, so I have no idea how it could hide like that.
    For the sake of my computer's health I've temporarily solved the issue by deleting as many files in the program's folder as possible.
    I need help figuring out how to get rid of this completely. It doesn't show up as an installed program on Control Panel or CCleaner.
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi BlackFrancis,
    Please run the following two scans, but DO NOT attempt to remove anything yet.
    We will take care of that.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    ---------------------------------------------
    Run A Scan With SystemLook
    Please download SystemLook from the download mirror and save it to your Desktop.
    Download Mirror #1 (64-bit)
    • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *spyhunter*
      *enigma*
      :folderfind
      *spyhunter*
      *enigma*
      :regfind
      spyhunter
      enigma
      
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    So we are looking for the two logs from FRST64, and the log from SystemLook.
    If any are too long, feel free to attach them instead of posting.
    askey127
     
  4. BlackFrancis

    BlackFrancis Thread Starter

    Joined:
    Oct 21, 2006
    Messages:
    223
    Hello,
    Thank you and excuse the late reply. The holiday season has me very busy.

    In case it's more convenient for you to have the txt files, I'll attach those also.

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.12.2018
    Ran by Howard (administrator) on LUCIA (24-12-2018 05:22:31)
    Running from C:\Users\Howard\Downloads
    Loaded Profiles: Howard (Available Profiles: Howard)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    () C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (f.lux Software LLC) C:\Users\Howard\AppData\Local\FluxSoftware\Flux\flux.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (WinArchiver Computing, Inc.) C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE
    (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    (Discord Inc.) C:\Users\Howard\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\Howard\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    (Discord Inc.) C:\Users\Howard\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Discord Inc.) C:\Users\Howard\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Nero AG) C:\Users\Howard\Downloads\Nero_Video2019-1.12.0.1_stub_trial.exe
    (Nero AG) C:\Users\Howard\AppData\Local\Temp\7zSACA6.tmp\NeroInstaller.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    "Path" (C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Brackets\command;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Brackets\command;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR) <==== Repaired successfully
    HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
    HKLM-x32\...\Run: [WAHELPER.EXE] => C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE [475136 2012-01-12] (WinArchiver Computing, Inc.)
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\Run: [f.lux] => C:\Users\Howard\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC)
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\Run: [Discord] => C:\Users\Howard\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [54788456 2018-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\MountPoints2: {47519c33-a295-11e8-a824-ca045e6f1241} - V:\setup.exe
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\MountPoints2: {fb68a56f-a22c-11e8-8d27-e0ee25692b32} - G:\HiSuiteDownLoader.exe
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\System32\lvcod64.dll [176416 2012-01-18] (Logitech Inc.)
    HKLM\...\Drivers32: [MSVideo8] => C:\Windows\System32\VfWWDM32.dll [68096 2010-11-21] (Microsoft Corporation)
    HKLM\...\Drivers32: [MSVideo] => C:\Windows\System32\vfwwdm32.dll [68096 2010-11-21] (Microsoft Corporation)
    HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\System32\bdmjpeg64.dll [75248 2017-01-26] ()
    HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\System32\bdmpegv64.dll [75272 2017-01-26] ()
    HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\System32\bdmpega64.acm [75784 2017-01-26] ()
    HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech Inc.)
    HKLM\...\Drivers32-x32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] ()
    HKLM\...\Drivers32-x32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] ()
    HKLM\...\Drivers32-x32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
    Tcpip\..\Interfaces\{1C95FBF7-3703-4377-A2AC-17AAC614D508}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{CDCB0C2E-DD41-49D7-8131-DB867EC7591C}: [DhcpNameServer] 192.168.15.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-08-18] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-18] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: tbewtdlt.default
    FF ProfilePath: C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\tbewtdlt.default [2018-12-24]
    FF user.js: detected! => C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\tbewtdlt.default\user.js [2017-06-30]
    FF Extension: (LastPass: Free Password Manager) - C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\tbewtdlt.default\Extensions\[email protected] [2018-12-14]
    FF Extension: (Adblock Plus) - C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\tbewtdlt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-04]
    FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{8505D6B1-76D5-4788-B417-03DB5A022EE9}.xpi [2018-11-21] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-18] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-24] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-24] (Google Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.google.com/
    CHR Profile: C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default [2018-12-15]
    CHR Extension: (Slides) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-24]
    CHR Extension: (Docs) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-24]
    CHR Extension: (Google Drive) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-24]
    CHR Extension: (YouTube) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-24]
    CHR Extension: (Sheets) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-24]
    CHR Extension: (AdBlock) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-11-21]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-11-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-24]
    CHR Extension: (Gmail) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-24]
    CHR Extension: (Chrome Media Router) - C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-24]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation)
    S4 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [536880 2018-11-21] (EnigmaSoft Limited)
    R2 WinArchiver Service; C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe [196608 2012-01-12] () [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [86528 2017-03-22] (Stardock Corporation)
    S2 EsgShKernel; "C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe" [X]
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 e2eVAWdm; C:\Windows\System32\DRIVERS\VAud_WDM.sys [112696 2017-07-12] (e2eSoft)
    S3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [71352 2018-12-19] (EnigmaSoft Limited)
    R3 fwlanusb6_860; C:\Windows\System32\DRIVERS\fwlanusb6_860.sys [2274336 2015-07-20] (AVM GmbH)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2018-12-21] (Malwarebytes)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
    S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2018-09-11] (Macrovision Europe Ltd) [File not signed]
    R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
    R0 WAEMU; C:\Windows\System32\Drivers\waemu.sys [141368 2012-01-12] (WinArchiver Computing, Inc.)
    R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
    S1 vcdrom; \??\C:\Windows\System32\drivers\VCdRom.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-24 05:22 - 2018-12-24 05:23 - 000015517 _____ C:\Users\Howard\Downloads\FRST.txt
    2018-12-24 05:21 - 2018-12-24 05:22 - 000000000 ____D C:\FRST
    2018-12-24 05:21 - 2018-12-24 05:21 - 002420736 _____ (Farbar) C:\Users\Howard\Downloads\FRST64.exe
    2018-12-24 05:20 - 2018-12-24 05:20 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Nero
    2018-12-24 05:19 - 2018-12-24 05:19 - 003269816 _____ (Nero AG) C:\Users\Howard\Downloads\Nero_Video2019-1.12.0.1_stub_trial.exe
    2018-12-24 05:10 - 2018-12-24 05:10 - 000013538 _____ C:\Users\Howard\AppData\Local\recently-used.xbel
    2018-12-24 05:01 - 2018-12-24 05:03 - 000000000 ____D C:\Users\Howard\AppData\Roaming\dvdcss
    2018-12-24 04:45 - 2018-12-24 05:00 - 000000000 ____D C:\Users\Howard\Documents\dvd
    2018-12-24 03:58 - 2018-12-24 04:37 - 000000000 ____D C:\Users\Howard\Documents\Movies2DVDProjects
    2018-12-24 03:58 - 2018-12-24 03:58 - 000000000 ____D C:\Users\Howard\AppData\Roaming\FreeMoviesToDVD
    2018-12-24 03:58 - 2018-12-24 03:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videos To DVD
    2018-12-24 03:58 - 2018-12-24 03:58 - 000000000 ____D C:\Program Files (x86)\Videos To DVD
    2018-12-24 03:58 - 2009-01-23 20:21 - 000327680 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\dvdauthor.ocx
    2018-12-24 03:58 - 2009-01-23 20:21 - 000000401 _____ C:\Windows\SysWOW64\dvdauthor.lic
    2018-12-24 03:58 - 2009-01-23 20:20 - 000233472 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomdvdimg.dll
    2018-12-24 03:58 - 2009-01-23 20:08 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
    2018-12-24 03:58 - 2009-01-23 20:08 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
    2018-12-24 03:58 - 2009-01-23 20:08 - 000119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
    2018-12-24 03:58 - 2009-01-23 20:08 - 000115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX
    2018-12-24 03:58 - 2009-01-23 20:08 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
    2018-12-24 03:58 - 2009-01-23 20:08 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
    2018-12-24 03:58 - 2009-01-23 20:08 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL
    2018-12-24 03:57 - 2018-12-24 03:57 - 005666871 _____ (Koyote soft ) C:\Users\Howard\Downloads\Setup_VideosToDVD_v3.2.exe
    2018-12-24 03:56 - 2018-12-24 03:56 - 002514304 _____ ( ) C:\Users\Howard\Downloads\Koyote_Free_Videos_To_DVD_3996955491.exe
    2018-12-21 03:09 - 2018-12-21 03:09 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-12-20 12:14 - 2018-12-15 00:06 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-12-20 12:14 - 2018-12-14 23:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-12-20 12:14 - 2018-12-14 08:09 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-12-20 12:14 - 2018-12-14 08:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-12-20 12:14 - 2018-12-14 08:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-12-20 12:14 - 2018-12-14 07:51 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-12-20 12:14 - 2018-12-14 07:49 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-12-20 12:14 - 2018-12-14 07:49 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-12-20 12:14 - 2018-12-14 07:49 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-12-20 12:14 - 2018-12-14 07:48 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-12-20 12:14 - 2018-12-14 07:48 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-12-20 12:14 - 2018-12-14 07:42 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-12-20 12:14 - 2018-12-14 07:41 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-12-20 12:14 - 2018-12-14 07:39 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-12-20 12:14 - 2018-12-14 07:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-12-20 12:14 - 2018-12-14 07:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-12-20 12:14 - 2018-12-14 07:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-12-20 12:14 - 2018-12-14 07:38 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-12-20 12:14 - 2018-12-14 07:36 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-12-20 12:14 - 2018-12-14 07:33 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-12-20 12:14 - 2018-12-14 07:30 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-12-20 12:14 - 2018-12-14 07:24 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-12-20 12:14 - 2018-12-14 07:24 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-12-20 12:14 - 2018-12-14 07:23 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-12-20 12:14 - 2018-12-14 07:21 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-12-20 12:14 - 2018-12-14 07:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-12-20 12:14 - 2018-12-14 07:18 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-12-20 12:14 - 2018-12-14 07:17 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-12-20 12:14 - 2018-12-14 07:09 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-12-20 12:14 - 2018-12-14 07:06 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-12-20 12:14 - 2018-12-14 07:06 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-12-20 12:14 - 2018-12-14 07:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-12-20 12:14 - 2018-12-14 07:04 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-12-20 12:14 - 2018-12-14 07:02 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-12-20 12:14 - 2018-12-14 06:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-12-20 12:14 - 2018-12-14 06:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-12-20 12:14 - 2018-12-14 06:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2018-12-20 12:14 - 2018-12-14 06:45 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-12-20 12:14 - 2018-12-14 06:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-12-20 12:14 - 2018-12-14 06:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2018-12-20 12:14 - 2018-12-14 06:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2018-12-20 12:14 - 2018-12-14 06:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2018-12-20 12:14 - 2018-12-14 06:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2018-12-20 12:14 - 2018-12-14 06:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-12-20 12:14 - 2018-12-14 06:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2018-12-20 12:14 - 2018-12-14 06:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2018-12-20 12:14 - 2018-12-14 06:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-12-20 12:14 - 2018-12-14 06:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2018-12-20 12:14 - 2018-12-14 06:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-12-20 12:14 - 2018-12-14 06:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2018-12-20 12:14 - 2018-12-14 06:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-12-20 12:14 - 2018-12-14 06:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2018-12-20 12:14 - 2018-12-14 06:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2018-12-20 12:14 - 2018-12-14 06:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2018-12-20 12:14 - 2018-12-14 06:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2018-12-20 12:14 - 2018-12-14 06:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2018-12-20 12:14 - 2018-12-14 06:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2018-12-20 12:14 - 2018-12-14 06:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2018-12-20 12:14 - 2018-12-14 06:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-12-20 12:14 - 2018-12-14 06:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2018-12-20 12:14 - 2018-12-14 06:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-12-20 12:14 - 2018-12-14 06:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2018-12-20 12:14 - 2018-12-14 06:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-12-20 12:14 - 2018-12-14 06:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-12-20 12:14 - 2018-12-14 06:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2018-12-20 12:14 - 2018-12-14 05:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-12-20 12:14 - 2018-12-14 05:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-12-20 12:14 - 2018-12-14 05:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-12-20 05:56 - 2018-12-20 05:56 - 000000000 ____D C:\Users\Howard\Downloads\Shut.Eye.S02E05.WEB.h264-TBS[ettv]
    2018-12-19 11:39 - 2018-12-19 11:39 - 000003765 _____ C:\Users\Howard\Desktop\test.html
    2018-12-19 10:12 - 2018-12-19 10:12 - 000001061 _____ C:\Users\Public\Desktop\WinSCP.lnk
    2018-12-19 10:07 - 2018-12-19 10:07 - 009585072 _____ (Martin Prikryl ) C:\Users\Howard\Downloads\WinSCP-5.13.6-Setup.exe
    2018-12-18 23:23 - 2018-12-18 23:31 - 000000000 ____D C:\Users\Howard\Downloads\Shut.Eye.S02E04.WEB.h264-TBS[ettv]
    2018-12-17 19:49 - 2018-12-17 19:49 - 000748192 _____ (TechGuy, Inc.) C:\Users\Howard\Downloads\SysInfo.exe
    2018-12-16 22:33 - 2018-12-16 22:33 - 000000000 ____D C:\Windows\System32\Tasks\ol
    2018-12-16 18:18 - 2018-12-16 18:18 - 002187316 _____ C:\Users\Howard\Documents\Ireland for Sale.xcf
    2018-12-15 18:33 - 2018-12-15 18:39 - 000000000 ____D C:\Users\Howard\Downloads\Shut Eye Season 2
    2018-12-15 13:29 - 2018-12-15 18:28 - 000056874 _____ C:\Users\Howard\Desktop\yellow2.aup
    2018-12-15 13:29 - 2018-12-15 13:29 - 000000000 ____D C:\Users\Howard\Desktop\yellow2_data
    2018-12-15 13:06 - 2018-12-15 13:06 - 000056530 _____ C:\Users\Howard\Desktop\yellow.aup
    2018-12-15 13:06 - 2018-12-15 13:06 - 000000000 ____D C:\Users\Howard\Desktop\yellow_data
    2018-12-15 04:03 - 2018-12-15 04:06 - 000000000 ____D C:\Users\Howard\Downloads\Shut.Eye.S01E01.WEB.H264-DEFLATE[ettv]
    2018-12-15 03:54 - 2018-12-15 09:23 - 000000000 ____D C:\Users\Howard\Downloads\Shut Eye - season 1
    2018-12-14 19:01 - 2018-12-14 20:20 - 000000000 ____D C:\Users\Howard\Documents\Twisted Insurrection 0.7
    2018-12-14 13:16 - 2018-12-14 13:22 - 1743802368 _____ C:\Users\Howard\Documents\sun.iso
    2018-12-14 13:13 - 2018-12-14 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Creator 1.0
    2018-12-14 13:13 - 2018-12-14 13:13 - 000000000 ____D C:\Program Files (x86)\Bunny-Wabbit
    2018-12-14 13:12 - 2018-12-14 13:12 - 000469504 _____ C:\Users\Howard\Downloads\IsoCreator.msi
    2018-12-14 13:07 - 2018-12-14 13:33 - 000000000 ____D C:\Users\Howard\Documents\OpenRA
    2018-12-14 13:07 - 2018-12-14 13:07 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenRA
    2018-12-14 13:07 - 2018-12-14 13:07 - 000000000 ____D C:\ProgramData\OpenRA
    2018-12-14 13:06 - 2018-12-14 13:07 - 000000000 ____D C:\Program Files (x86)\Shattered Paradise
    2018-12-14 02:20 - 2010-02-11 22:14 - 000000000 ____D C:\Users\Howard\Documents\Command & Conquer The First Decade
    2018-12-13 19:32 - 2018-12-13 19:32 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    2018-12-13 19:31 - 2018-12-13 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    2018-12-13 19:31 - 2010-12-13 17:55 - 010915840 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
    2018-12-13 19:31 - 2010-12-13 17:55 - 010833920 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll
    2018-12-13 18:50 - 2018-12-13 18:50 - 000000000 ____D C:\Users\Howard\Downloads\AVS Video Editor v5.2+Crack [ kk ]
    2018-12-13 17:43 - 2018-12-24 05:19 - 000000000 ____D C:\Users\Howard\AppData\Roaming\DVD Flick
    2018-12-13 17:43 - 2018-12-13 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
    2018-12-13 17:43 - 2018-12-13 17:43 - 000000000 ____D C:\Program Files (x86)\DVD Flick
    2018-12-13 17:43 - 2008-08-31 13:27 - 000028672 _____ (-) C:\Windows\SysWOW64\mousewheel.ocx
    2018-12-13 17:43 - 2007-08-31 18:36 - 000036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
    2018-12-13 17:43 - 2004-03-09 00:00 - 001081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
    2018-12-13 17:43 - 2004-03-09 00:00 - 000662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
    2018-12-13 17:43 - 2004-03-09 00:00 - 000609824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
    2018-12-13 17:43 - 2004-03-09 00:00 - 000212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
    2018-12-13 17:43 - 2003-01-26 13:41 - 000040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
    2018-12-13 17:43 - 1998-06-24 00:00 - 000164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
    2018-12-13 17:41 - 2018-12-13 17:41 - 012951423 _____ (Dennis Meuwissen ) C:\Users\Howard\Downloads\dvdflick_setup_1.3.0.7.exe
    2018-12-13 16:12 - 2018-12-13 16:12 - 003942560 _____ (Crystal Dew World ) C:\Users\Howard\Downloads\CrystalDiskInfo8_0_0.exe
    2018-12-13 16:08 - 2018-12-13 16:08 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
    2018-12-13 16:08 - 2018-12-13 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2018-12-13 16:03 - 2018-12-13 16:03 - 065216608 _____ (Skype Technologies S.A.) C:\Users\Howard\Downloads\Skype-8.36.0.52.exe
    2018-12-13 15:59 - 2018-12-13 15:59 - 000000000 ____D C:\Users\Howard\AppData\Roaming\23605
    2018-12-13 15:44 - 2018-12-13 16:00 - 000000000 ____D C:\Users\Howard\AppData\Roaming\DVDFab11
    2018-12-13 15:44 - 2018-12-13 15:44 - 000001057 _____ C:\Users\Howard\AppData\Roaming\88e9dc3a-641c-4dc2-9204-9ba65cc42265
    2018-12-13 15:44 - 2018-12-13 15:44 - 000000171 _____ C:\Users\Howard\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
    2018-12-13 15:44 - 2018-12-13 15:44 - 000000000 ____D C:\Users\Howard\Documents\DVDFabCommon
    2018-12-13 15:44 - 2018-12-13 15:44 - 000000000 ____D C:\ProgramData\boost_interprocess
    2018-12-13 15:32 - 2018-12-13 15:44 - 000000000 ____D C:\Users\Howard\Documents\DVDFab11
    2018-12-13 15:30 - 2018-12-13 15:31 - 003806504 _____ (DVDFab) C:\Users\Howard\Downloads\DVDFab11_X86_Downloader.exe
    2018-12-13 15:20 - 2018-12-13 15:20 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Digiarty
    2018-12-13 15:16 - 2018-12-13 15:17 - 011063024 _____ (DigiartySoft, Inc. ) C:\Users\Howard\Downloads\winx-dvd-author.exe
    2018-12-13 14:56 - 2018-12-13 15:06 - 000008834 _____ C:\Users\Howard\Documents\starburn.txt
    2018-12-13 14:51 - 2018-12-13 14:51 - 000000000 ____D C:\Users\Howard\AppData\Local\Wondershare
    2018-12-13 14:50 - 2018-12-13 15:15 - 000000000 ____D C:\Users\Howard\Documents\Wondershare DVD Creator
    2018-12-13 14:42 - 2018-12-13 14:43 - 041271368 _____ (Wondershare ) C:\Users\Howard\Downloads\ws_dvdcreator_win_av.exe
    2018-12-13 02:16 - 2018-10-01 18:47 - 000070024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2018-12-13 02:16 - 2018-10-01 15:47 - 000074576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
    2018-12-11 23:20 - 2018-12-11 23:20 - 000000000 ____D C:\Users\Howard\Downloads\Z.Nation.S05E10.WEB.x264-TBS[ettv]
    2018-12-11 22:02 - 2018-12-06 02:39 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-12-11 22:02 - 2018-11-28 22:02 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2018-12-11 22:02 - 2018-11-28 22:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2018-12-11 22:02 - 2018-11-28 22:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2018-12-11 22:02 - 2018-11-28 22:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2018-12-11 22:02 - 2018-11-28 22:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2018-12-11 22:02 - 2018-11-28 21:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2018-12-11 22:02 - 2018-11-28 21:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2018-12-11 22:02 - 2018-11-28 21:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2018-12-11 22:02 - 2018-11-28 21:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2018-12-11 22:02 - 2018-11-28 21:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2018-12-11 22:02 - 2018-11-11 17:19 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-12-11 22:02 - 2018-11-11 17:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-12-11 22:02 - 2018-11-11 17:01 - 005551848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-12-11 22:02 - 2018-11-11 17:01 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-12-11 22:02 - 2018-11-11 17:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-12-11 22:02 - 2018-11-11 17:01 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-12-11 22:02 - 2018-11-11 17:01 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-12-11 22:02 - 2018-11-11 17:00 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2018-12-11 22:02 - 2018-11-11 16:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2018-12-11 22:02 - 2018-11-11 16:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2018-12-11 22:02 - 2018-11-11 16:47 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2018-12-11 22:02 - 2018-11-11 16:45 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-12-11 22:02 - 2018-11-11 16:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-12-11 22:02 - 2018-11-11 16:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-12-11 22:02 - 2018-11-11 16:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-12-11 22:02 - 2018-11-11 16:20 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2018-12-11 22:02 - 2018-11-11 16:20 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-12-11 22:02 - 2018-11-11 16:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-12-11 22:02 - 2018-11-11 16:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2018-12-11 22:02 - 2018-11-11 16:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-12-11 22:02 - 2018-11-11 16:16 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-12-11 22:02 - 2018-11-11 16:16 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-12-11 22:02 - 2018-11-11 16:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-12-11 22:02 - 2018-11-11 16:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2018-12-11 22:02 - 2018-11-11 16:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2018-12-11 22:02 - 2018-11-11 16:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2018-12-11 22:02 - 2018-11-11 16:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2018-12-11 22:02 - 2018-11-11 16:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-12-11 22:02 - 2018-11-11 16:15 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2018-12-11 22:02 - 2018-11-11 16:15 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2018-12-11 22:02 - 2018-11-11 16:15 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2018-12-11 22:02 - 2018-11-11 16:15 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2018-12-11 22:02 - 2018-11-11 16:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2018-12-11 22:02 - 2018-11-11 16:13 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:13 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:13 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-11 16:13 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2018-12-11 22:02 - 2018-11-08 16:58 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2018-12-11 22:02 - 2018-11-08 16:58 - 001889280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2018-12-11 22:02 - 2018-11-08 16:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2018-12-11 22:02 - 2018-11-08 16:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2018-12-11 22:02 - 2018-11-08 16:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2018-12-11 22:02 - 2018-11-08 16:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2018-12-11 22:02 - 2018-11-08 16:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2018-12-11 22:02 - 2018-11-08 16:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2018-12-11 22:02 - 2018-11-06 04:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-12-11 22:02 - 2018-11-06 04:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2018-12-11 22:02 - 2018-10-06 16:03 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-12-11 22:02 - 2018-10-06 15:59 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2018-12-11 22:02 - 2018-10-06 15:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2018-12-11 22:02 - 2018-10-06 15:58 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2018-12-11 22:02 - 2018-10-06 15:58 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2018-12-11 22:02 - 2018-10-06 15:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2018-12-11 22:02 - 2018-10-06 15:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2018-12-11 22:02 - 2018-10-06 15:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2018-12-11 22:02 - 2018-10-06 15:44 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2018-12-11 22:02 - 2018-10-06 15:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2018-12-11 22:02 - 2018-10-06 15:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2018-12-11 22:02 - 2018-10-06 15:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2018-12-11 21:18 - 2018-12-11 21:23 - 000000000 ____D C:\Users\Howard\Downloads\Bull.2016.S03E10.720p.HDTV.x264-KILLERS[rarbg]
    2018-12-10 19:54 - 2018-12-15 13:33 - 000028735 _____ C:\Users\Howard\Documents\Yellow Vests, Smellow Shests – May as Well Be Red Vests.odt
    2018-12-07 09:58 - 2018-12-07 10:01 - 000000000 ____D C:\Users\Howard\Downloads\Bull.2016.S03E09.720p.HDTV.x264-AVS[rarbg]
    2018-12-06 20:55 - 2018-12-06 20:55 - 001347741 _____ C:\Users\Howard\Documents\The II promo.xcf
    2018-12-04 19:49 - 2018-12-17 20:49 - 000000000 ____D C:\Users\Howard\Documents\Command & Conquer 3 Tiberium Wars
    2018-12-04 12:34 - 2018-12-04 12:38 - 276520960 _____ C:\Users\Howard\Downloads\CNC3_patch109_english.exe
    2018-12-03 19:06 - 2018-12-03 19:16 - 000000000 ____D C:\Users\Howard\Downloads\F.is.for.Family.S03.COMPLETE.WEB.x264-STRiFE[TGx]
    2018-12-02 21:52 - 2018-12-04 19:48 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    2018-12-02 21:48 - 2018-12-02 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiberium Wars
    2018-12-02 21:46 - 2018-12-02 21:51 - 000000000 ____D C:\Program Files (x86)\CnC3 Tiberium Wars
    2018-12-02 20:58 - 2018-12-02 21:43 - 4054548480 _____ C:\Users\Howard\Downloads\CNC3_TiberiumWars109_by_HWMasters_DVD5.iso
    2018-12-02 20:22 - 2018-12-02 20:22 - 000000796 _____ C:\Users\Public\Desktop\Speccy.lnk
    2018-12-02 20:22 - 2018-12-02 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2018-12-02 20:19 - 2018-12-02 20:22 - 000000000 ____D C:\Program Files\Speccy
    2018-12-02 20:09 - 2018-12-02 20:09 - 006889184 _____ (Piriform Ltd) C:\Users\Howard\Downloads\spsetup132.exe
    2018-12-02 18:10 - 2018-12-02 20:53 - 856370580 _____ C:\Users\Howard\Downloads\Command&Conquer3.dmg
    2018-12-02 17:29 - 2018-12-02 17:30 - 021561026 _____ (cncnet.org ) C:\Users\Howard\Downloads\TiberianDawn_Online_installer.exe
    2018-12-01 18:38 - 2018-12-01 18:38 - 024149282 _____ C:\Users\Howard\Downloads\EU visits Dragons Den.mp4
    2018-12-01 17:46 - 2018-12-01 17:47 - 038288955 _____ C:\Users\Howard\Downloads\Omitted Citizen - MDE World Peace Bumper.mov
    2018-12-01 11:11 - 2018-12-01 11:11 - 068577238 _____ C:\Users\Howard\Downloads\JKBUMPER1.wav
    2018-12-01 11:06 - 2018-12-01 11:07 - 002461680 _____ C:\Users\Howard\Downloads\Childrens nurse simon harris.mp4
    2018-12-01 11:04 - 2018-12-01 11:04 - 000000510 _____ C:\Users\Howard\Downloads\JKBUMPER1.lnk
    2018-12-01 11:02 - 2018-12-01 11:04 - 003703748 _____ C:\Users\Howard\Downloads\47306005_740545459666130_7001430135731650560_n.mp4
    2018-12-01 11:01 - 2018-12-01 11:02 - 000347473 _____ C:\Users\Howard\Downloads\Lisa Chambers on Abortion Regret.mp4
    2018-11-29 20:08 - 2018-11-29 20:08 - 000026987 _____ C:\Users\Howard\Documents\The Great Irish Awakening of 2019.odt
    2018-11-27 02:46 - 2018-11-27 02:46 - 000317102 _____ C:\Users\Howard\Downloads\dlscrib.com_the-forbidden-parapsychology-by-jose-m-herrou-aragon.pdf
    2018-11-25 22:30 - 2018-11-25 22:30 - 002089208 _____ C:\Users\Howard\Downloads\proper-Irish-part-2.pdf
    2018-11-24 20:00 - 2018-11-24 20:00 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Age of Mythology Extended Edition_Uninstall
    2018-11-24 19:44 - 2018-12-02 17:32 - 000000000 ____D C:\Games
    2018-11-24 19:35 - 2018-11-24 19:37 - 000000000 ____D C:\Users\Howard\Downloads\[R.G. Mechanics] Age of Mythology Extended Edition
    2018-11-24 19:09 - 2018-11-24 19:21 - 000000000 ____D C:\Users\Howard\Downloads\Psychokinesis.2018.HDRip.XviD.AC3-EVO
    2018-11-24 18:50 - 2018-11-24 19:31 - 000000000 ____D C:\Program Files (x86)\Age of Mythology Extended Edition
    2018-11-24 18:07 - 2018-11-24 19:31 - 000000000 ____D C:\Users\Howard\Downloads\Age.of.Mythology.Extended.Edition-RELOADED
    2018-11-24 01:48 - 2018-11-24 02:12 - 000000000 ____D C:\Users\Howard\Downloads\No.Activity.US.S02.720p.WEB.H264-METCON[ettv]

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-24 05:11 - 2018-08-24 19:05 - 000000000 ____D C:\Users\Howard\AppData\Local\gtk-2.0
    2018-12-24 05:03 - 2018-08-17 16:18 - 000000000 ____D C:\Users\Howard\AppData\Roaming\vlc
    2018-12-24 04:42 - 2009-07-14 04:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-12-24 04:42 - 2009-07-14 04:45 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-12-24 03:07 - 2018-08-17 21:21 - 000000390 _____ C:\Windows\Tasks\update-sys.job
    2018-12-24 02:42 - 2018-08-18 06:09 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-12-21 17:37 - 2018-08-27 16:41 - 000000000 ____D C:\Users\Howard\AppData\Local\CrashDumps
    2018-12-21 16:27 - 2018-08-17 15:28 - 000000000 ____D C:\Users\Howard\AppData\LocalLow\Mozilla
    2018-12-21 12:31 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-12-21 12:31 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
    2018-12-21 03:08 - 2018-08-18 07:15 - 000000000 __SHD C:\Users\Howard\IntelGraphicsProfiles
    2018-12-21 03:07 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-12-21 03:04 - 2018-08-22 18:38 - 000000000 ____D C:\Users\Howard\AppData\Local\Mixxx
    2018-12-20 10:10 - 2018-08-17 21:21 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-789159303-1820053376-3002927069-1000.job
    2018-12-20 01:39 - 2018-08-24 21:51 - 000000000 ____D C:\Users\Howard\AppData\Roaming\audacity
    2018-12-19 20:01 - 2018-08-21 20:15 - 000000600 _____ C:\Users\Howard\AppData\Roaming\winscp.rnd
    2018-12-19 10:47 - 2018-08-23 22:49 - 000000000 ____D C:\Users\Howard\AppData\Roaming\discord
    2018-12-19 10:46 - 2018-11-21 06:54 - 000071352 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
    2018-12-19 10:12 - 2018-08-21 19:51 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2018-12-19 10:12 - 2018-08-21 19:51 - 000000000 ____D C:\Program Files (x86)\WinSCP
    2018-12-19 00:48 - 2018-08-17 20:58 - 000000000 ____D C:\Users\Howard\AppData\Roaming\deluge
    2018-12-18 21:06 - 2018-08-18 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
    2018-12-17 19:42 - 2018-08-17 14:58 - 000000000 ____D C:\Users\Howard\AppData\Local\VirtualStore
    2018-12-15 17:43 - 2018-11-21 06:39 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2018-12-15 14:27 - 2018-08-17 15:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-12-15 14:27 - 2018-08-17 15:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-12-14 02:23 - 2018-08-18 05:18 - 000000000 ____D C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2018-12-13 19:32 - 2018-10-01 10:33 - 000000000 ____D C:\Program Files (x86)\AVS4YOU
    2018-12-13 15:23 - 2018-08-24 17:51 - 000000000 ____D C:\Windows\Minidump
    2018-12-13 15:00 - 2018-08-18 06:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2018-12-13 04:41 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
    2018-12-13 02:18 - 2018-08-18 06:23 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:18 - 2018-08-18 06:23 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:18 - 2018-08-18 06:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2018-12-13 02:18 - 2018-08-18 06:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2018-12-13 02:17 - 2018-08-18 06:23 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-13 02:17 - 2018-08-18 06:23 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2018-12-12 03:24 - 2009-07-14 04:45 - 000295976 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-12-12 03:03 - 2018-08-18 07:05 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2018-12-10 22:04 - 2010-11-21 03:27 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2018-12-09 15:30 - 2018-08-17 21:21 - 000064816 _____ C:\Users\Howard\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-12-06 10:53 - 2018-08-19 15:58 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2018-12-06 10:53 - 2018-08-19 15:58 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2018-12-06 10:53 - 2018-08-19 15:58 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-12-06 10:53 - 2018-08-19 15:58 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2018-12-06 10:53 - 2018-08-19 15:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-12-06 10:53 - 2018-08-19 15:58 - 000000000 ____D C:\Windows\system32\Macromed
    2018-12-06 10:15 - 2018-08-18 06:23 - 002865136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2018-12-06 10:15 - 2018-08-18 06:23 - 002265072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2018-12-06 10:15 - 2018-08-18 06:23 - 001323504 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
    2018-12-06 09:20 - 2018-08-18 06:23 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
    2018-12-05 22:12 - 2018-08-23 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
    2018-12-05 22:11 - 2018-08-20 18:12 - 000000000 ____D C:\Users\Howard\Documents\Bandicam
    2018-11-24 20:00 - 2018-09-01 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
    2018-11-24 18:49 - 2018-11-21 18:53 - 000000000 ____D C:\Program Files (x86)\Age of Empires II HD

    ==================== Files in the root of some directories =======

    2018-12-13 15:44 - 2018-12-13 15:44 - 000000171 _____ () C:\Users\Howard\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
    2018-12-13 15:44 - 2018-12-13 15:44 - 000001057 _____ () C:\Users\Howard\AppData\Roaming\88e9dc3a-641c-4dc2-9204-9ba65cc42265
    2018-08-21 20:15 - 2018-12-19 20:01 - 000000600 _____ () C:\Users\Howard\AppData\Roaming\winscp.rnd
    2018-11-21 03:57 - 2018-11-21 03:57 - 000140800 _____ () C:\Users\Howard\AppData\Local\installer.dat
    2018-12-24 05:10 - 2018-12-24 05:10 - 000013538 _____ () C:\Users\Howard\AppData\Local\recently-used.xbel
    2018-08-17 21:21 - 2018-08-17 21:21 - 000000003 _____ () C:\Users\Howard\AppData\Local\updater.log
    2018-08-17 21:21 - 2018-08-17 21:21 - 000000425 _____ () C:\Users\Howard\AppData\Local\UserProducts.xml

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll
    [2018-08-18 03:51] - [2018-08-28 17:18] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

    C:\Windows\SysWOW64\User32.dll
    [2018-08-18 03:51] - [2018-08-28 17:18] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-12-14 03:31

    ==================== End of FRST.txt ============================
     

    Attached Files:

  5. BlackFrancis

    BlackFrancis Thread Starter

    Joined:
    Oct 21, 2006
    Messages:
    223
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.12.2018
    Ran by Howard (24-12-2018 05:23:31)
    Running from C:\Users\Howard\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2018-08-17 14:58:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-789159303-1820053376-3002927069-500 - Administrator - Disabled)
    Guest (S-1-5-21-789159303-1820053376-3002927069-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-789159303-1820053376-3002927069-1002 - Limited - Enabled)
    Howard (S-1-5-21-789159303-1820053376-3002927069-1000 - Administrator - Enabled) => C:\Users\Howard

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 30.0.0.107 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
    Age of Mythology Extended Edition (HKLM-x32\...\Age of Mythology Extended Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
    AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
    AVS Video Editor 5 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
    AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 4.2.0.1439 - Bandicam.com)
    Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
    Brackets (HKLM-x32\...\{9CB3A036-0B7E-49B7-A60B-291E245CA6B2}) (Version: 1.13.17696 - brackets.io)
    Broadcom 802.11n Network Adapter (HKLM-x32\...\{AFD36BF1-DA28-4702-A83F-C49D03199A0F}) (Version: 07.13.2006 - Broadcom)
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - )
    Discord (HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
    DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
    e2eSoft VSC 2.0 (HKLM-x32\...\VSC_is1) (Version: 2.0 - e2eSoft)
    f.lux (HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\Flux) (Version: - f.lux Software LLC)
    Free Videos To DVD V 3.2.0 (HKLM-x32\...\Free Videos To DVD_is1) (Version: 3.2.0.0 - Koyote soft)
    GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Heart of Gold (HKLM-x32\...\1571774750_is1) (Version: 1.6.2f1 - GOG.com)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
    ISO Creator 1.0 (HKLM-x32\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
    Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
    Mixxx (HKLM\...\{0AA5A4E1-A4AF-11E8-A792-C28D1B8D0FF9}) (Version: 2.1.3.6763 - The Mixxx Development Team) Hidden
    Mixxx (HKLM-x32\...\{ff2c4eae-d815-40ad-a48d-3216b328156a}) (Version: 2.1.3.6763 - The Mixxx Development Team)
    MonetaryUnit Core (64-bit) (HKU\S-1-5-21-789159303-1820053376-3002927069-1000\...\MonetaryUnit Core (64-bit)) (Version: 2.0.2 - MonetaryUnit Core project)
    Mozilla Firefox 64.0 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0 (x64 en-US)) (Version: 64.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.3.0 - Mozilla)
    Mozilla Thunderbird 60.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.3.0 (x86 en-US)) (Version: 60.3.0 - Mozilla)
    My Pet Dungeon (HKLM-x32\...\1742747067_is1) (Version: 1.6.2f1 - GOG.com)
    NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
    NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
    NVIDIA Graphics Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
    Rollcage Stage II (HKLM-x32\...\{A59C41B8-1297-4361-9ED2-2701B3A9D895}) (Version: 1.1.9 - Psygnosis)
    Shattered Paradise (HKLM-x32\...\ShatteredParadise) (Version: SP-Build-20180728-III - The Shattered Paradise authors)
    Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
    Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
    SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
    Skype version 8.36 (HKLM-x32\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
    Soundboard (HKLM-x32\...\{1169A004-0E0F-A323-07D9-82B2A720C26A}) (Version: 1.0.0 - UNKNOWN) Hidden
    Soundboard (HKLM-x32\...\Soundboard) (Version: 1.0.0 - UNKNOWN)
    Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
    Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 10.74 - Stardock Software, Inc.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Tiberium Wars 1.09 (HKLM-x32\...\Command & Conquer 3: Tiberium Wars_is1) (Version: - HWMasters.com)
    Underlord Edition Content (HKLM-x32\...\1906832216_is1) (Version: 1.6.2f1 - GOG.com)
    VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
    Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
    War For The Overworld (HKLM-x32\...\1964276929_is1) (Version: 1.6.2f1 - GOG.com)
    WinArchiver Virtual Drive (HKLM-x32\...\WinArchiver Virtual Drive) (Version: 2.8 - WinArchiver Computing, Inc.)
    WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
    WinRAR 5.60 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
    WinSCP 5.13.6 (HKLM-x32\...\winscp3_is1) (Version: 5.13.6 - Martin Prikryl)
    Worker Skin Bundle (HKLM-x32\...\1603890758_is1) (Version: 1.6.2f1 - GOG.com)
    XSplit Broadcaster (HKLM-x32\...\{0A25C2C8-6A33-47AC-97CF-2F4E53997927}) (Version: 3.4.1806.2229 - SplitmediaLabs)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-789159303-1820053376-3002927069-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0953488E-0FB5-47C5-968E-15F0BAEEF572} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-24] (Google Inc.)
    Task: {0B9619F2-330B-4D96-B6E7-AB9F4F4CAD4D} - System32\Tasks\{EB3109FE-561D-4D88-923A-9A40085E30B0} => C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\
    Task: {0E039BEB-65BD-4C3E-B54E-80A8E28270D4} - System32\Tasks\update-S-1-5-21-789159303-1820053376-3002927069-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
    Task: {284EAA27-E645-4844-8880-007DD011F097} - System32\Tasks\{6341A6E9-F6C4-4254-800E-5171A57BCB5F} => C:\Windows\system32\pcalua.exe -a F:\SC4_uninst.exe -d F:\
    Task: {546B10D2-30AF-4732-8995-AA2398E41DCA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-12-06] (NVIDIA Corporation)
    Task: {58D8F07D-FBFB-4DD5-B9C1-57D6B8DC739F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation)
    Task: {65C507D4-96DA-4D7E-A3D6-F7BE68D9F56D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
    Task: {7DD29101-A41E-4900-8CBA-7BFA8B902152} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation)
    Task: {81408F9D-9EB7-412F-89D3-C0655774778C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-12-06] (NVIDIA Corporation)
    Task: {8813B317-5A3D-4178-8C03-EFF9BC438710} - System32\Tasks\{304586A2-5A60-4FAA-8DB3-86CDEAA89F02} => C:\Windows\system32\pcalua.exe -a C:\Users\Howard\AppData\Local\Temp\Temp1_WLan_Driver_802.11n_Rel._4.80.28.7-1.zip\80211n\setup.exe <==== ATTENTION
    Task: {B79521FF-58E0-4BBC-A19B-FFDAC5CCA812} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation)
    Task: {C47776F0-0F6F-4542-B863-BE39EC70B37B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
    Task: {C52EFD00-6D04-4FA2-A816-FEA00EF03E54} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
    Task: {C9A886A3-9BAA-48A6-A56F-7E967B0EEF81} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
    Task: {CC09F2E5-7A05-4A21-B125-1D1BBA34610C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-24] (Google Inc.)
    Task: {CF7FCBAC-49F6-4627-8177-FC4B9E8939E7} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation)
    Task: {D455D0AA-E773-468B-BD77-8AF2FF1B968C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
    Task: {E0297C13-9AF3-490A-BBEB-5577B86950F3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
    Task: {E06D74A2-8613-489B-88D2-713E823A100E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {E2BB1928-DB19-4A3F-8A51-EA96D34D3BCB} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
    Task: {E8FD8118-2D98-4CCD-AF9B-D7378C6E7409} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-12-06] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\update-S-1-5-21-789159303-1820053376-3002927069-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2012-01-12 13:56 - 2012-01-12 13:56 - 000196608 _____ () C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
    2018-08-18 06:23 - 2018-12-06 10:14 - 001315312 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2018-11-21 06:39 - 2018-12-15 17:43 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-08-18 06:22 - 2018-09-06 01:18 - 000142888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2018-08-21 15:36 - 2015-06-25 01:23 - 000020288 _____ () C:\Program Files\CCleaner\branding.dll
    2018-08-18 06:23 - 2018-12-06 10:14 - 001033200 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2018-12-13 16:07 - 2018-12-11 18:46 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
    2018-12-13 16:08 - 2018-12-11 18:46 - 002413624 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
    2018-12-13 16:08 - 2018-12-11 18:46 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
    2018-12-13 16:08 - 2018-12-11 18:46 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
    2018-12-13 16:08 - 2018-12-11 18:46 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
    2018-12-13 16:07 - 2018-12-11 18:46 - 002915328 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
    2018-12-13 16:07 - 2018-12-11 18:46 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
    2018-08-23 22:48 - 2018-04-30 22:01 - 001891672 _____ () C:\Users\Howard\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
    2018-08-23 22:48 - 2018-04-30 22:01 - 001937752 _____ () C:\Users\Howard\AppData\Local\Discord\app-0.0.301\libglesv2.dll
    2018-08-23 22:48 - 2018-04-30 22:01 - 000095576 _____ () C:\Users\Howard\AppData\Local\Discord\app-0.0.301\libegl.dll
    2018-12-13 16:08 - 2018-12-11 18:46 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
    2018-12-13 16:08 - 2018-12-11 18:46 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
    2018-12-13 16:08 - 2018-12-11 18:47 - 003239984 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll
    2018-08-23 22:49 - 2018-12-18 20:20 - 011328856 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
    2018-08-23 22:49 - 2018-11-19 16:42 - 001639256 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
    2018-08-23 22:49 - 2018-08-23 22:49 - 000512856 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
    2018-08-23 22:49 - 2018-12-18 20:20 - 001658712 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
    2018-10-03 12:12 - 2018-10-10 18:05 - 009621848 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
    2018-08-23 22:49 - 2018-08-23 22:49 - 002722648 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
    2018-08-23 22:49 - 2018-11-29 20:09 - 001718104 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
    2018-08-23 22:50 - 2018-12-13 15:02 - 001261400 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
    2018-08-23 22:50 - 2018-12-11 17:38 - 021991256 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
    2018-08-23 22:50 - 2018-08-23 22:50 - 002760536 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
    2018-08-23 22:50 - 2018-08-23 22:50 - 001249112 _____ () \\?\C:\Users\Howard\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-789159303-1820053376-3002927069-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.15.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: ShMonitor => 2
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{EC342817-BB21-401C-9D73-08E926D07197}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{F1E2828E-3467-47D0-AC16-708E5C7954A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [TCP Query User{93BE9A96-ECFB-4B6F-B324-D8A5AA9E49F5}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team)
    FirewallRules: [UDP Query User{F5D7D49B-F096-4339-B5B0-7E728AE6C695}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team)
    FirewallRules: [{14F1C6C3-501E-4B4D-BD95-FC2B87D162EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{06DF8563-920F-43ED-886B-A0DDA2B46F52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [TCP Query User{5428AC96-B689-4E0A-B72F-D100D40DD423}C:\gog games\war for the overworld\wftogame.exe] => (Block) C:\gog games\war for the overworld\wftogame.exe ()
    FirewallRules: [UDP Query User{EE4D00E2-041B-4D14-BDAF-351123E49FEA}C:\gog games\war for the overworld\wftogame.exe] => (Block) C:\gog games\war for the overworld\wftogame.exe ()
    FirewallRules: [TCP Query User{61367B61-3A65-4A3E-8ECA-FD162D51BBBA}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Node.js)
    FirewallRules: [UDP Query User{CE064383-8A27-4EAE-AB8B-849027810032}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Node.js)
    FirewallRules: [{8BAA0B39-9A1D-4645-8E8C-7C304886B0E1}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.Core.exe (SplitMediaLabs)
    FirewallRules: [{F7FB63D3-727D-450D-8CBA-0780A820BD35}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.cam.exe (SplitmediaLabs Limited)
    FirewallRules: [{4272123F-D6BA-4753-BC23-3C6171E9DDA9}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.Core.exe (SplitMediaLabs)
    FirewallRules: [{35051F63-159C-489C-8BC8-47205946D356}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\x64\XSplit.cam.exe (SplitmediaLabs Limited)
    FirewallRules: [{BAE5C106-3AFF-4150-9D70-5CBEA6161FE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{34DCBF97-AED7-40E0-A6CA-DF009C5EA7C9}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
    FirewallRules: [{41863361-AFF3-46DA-A9AC-7F00537CD3D3}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\SimCity\SimCity\SimCity.exe (Electronic Arts Inc.)
    FirewallRules: [{56BA1124-8C0C-4D49-BEF9-3F74D30B5977}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe (Firaxis Games)
    FirewallRules: [{8712C718-0982-48B4-B6BA-1AE5AA45E5F7}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe (Firaxis Games)
    FirewallRules: [{A37AFED8-9E14-4305-8512-0B92BF2D6905}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe (Firaxis Games)
    FirewallRules: [{C13C0D4C-E242-4DD8-ACF4-A0DFD6CB823F}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe (Firaxis Games)
    FirewallRules: [{839C87BD-7A94-4819-9BD0-4DF8219AFACD}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games)
    FirewallRules: [{F2594A10-EB35-43DD-A6CF-842ED84D11AA}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games)
    FirewallRules: [{25DDA2E0-2372-42FA-A154-D11C42881975}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe (Firaxis Games)
    FirewallRules: [{15C6A5E0-C7CD-4072-8DDF-76794F7CC66B}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe (Firaxis Games)
    FirewallRules: [TCP Query User{3B052E22-61C4-4E8D-93FE-854775A53453}C:\program files\monetaryunit\monetaryunit-qt.exe] => (Allow) C:\program files\monetaryunit\monetaryunit-qt.exe ()
    FirewallRules: [UDP Query User{E6A81D7A-57DB-46AE-B8F3-CA8B45B69100}C:\program files\monetaryunit\monetaryunit-qt.exe] => (Allow) C:\program files\monetaryunit\monetaryunit-qt.exe ()
    FirewallRules: [TCP Query User{DF0A692B-9D85-4F59-A8A1-6FF39F28C219}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Technologies S.A.)
    FirewallRules: [UDP Query User{5D22DB92-AE5D-41FB-922A-05D0EC0069E5}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Technologies S.A.)
    FirewallRules: [TCP Query User{1E244AFD-3433-45B3-97E0-40F0EA76DC35}C:\games\cncnet\tiberiandawn_online\cnc95.exe] => (Allow) C:\games\cncnet\tiberiandawn_online\cnc95.exe (Westwood Studios)
    FirewallRules: [UDP Query User{FC218CF4-30FE-4E20-AE12-C3D44D370CEA}C:\games\cncnet\tiberiandawn_online\cnc95.exe] => (Allow) C:\games\cncnet\tiberiandawn_online\cnc95.exe (Westwood Studios)
    FirewallRules: [{3719CC94-5E15-4055-9618-E7730ADB3D25}] => (Allow) C:\Program Files (x86)\CnC3 Tiberium Wars\RetailExe\1.9\cnc3game.dat (Electronic Arts Inc.)
    FirewallRules: [{4970F75F-9A22-4943-84A0-D91CCC7E7055}] => (Allow) C:\Program Files (x86)\CnC3 Tiberium Wars\CNC3.exe (Electronic Arts Inc.)
    FirewallRules: [{DAEAAD4B-69B3-4B6B-928B-B65DBD8A26B1}] => (Allow) C:\Program Files (x86)\CnC3 Tiberium Wars\CNC3.exe (Electronic Arts Inc.)
    FirewallRules: [{1B3D2C79-9C87-496A-B8F6-6CAA213C0082}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{02B39CA7-528D-4AA5-9DE5-0AE9EA24F4B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{27C8671C-871B-4C5D-8BD5-B987C0D56A1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
    FirewallRules: [{793882FF-9A4A-4D83-9645-DEDF4235DF88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
    FirewallRules: [TCP Query User{2D2A764B-388C-4FE1-B477-8E59F1656615}C:\program files (x86)\dvdfab 11\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 11\dvdfab.exe No File
    FirewallRules: [UDP Query User{0F18C377-AEED-4030-90AF-EA8732D059E4}C:\program files (x86)\dvdfab 11\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 11\dvdfab.exe No File
    FirewallRules: [{35435DA3-434D-4F16-AF70-35C8302C5102}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
    FirewallRules: [{00C93827-6296-4527-8044-55D789E4D60A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
    FirewallRules: [TCP Query User{50B61744-BB45-4290-A345-721AE1DBBF53}C:\program files (x86)\shattered paradise\shatteredparadise.exe] => (Block) C:\program files (x86)\shattered paradise\shatteredparadise.exe ( )
    FirewallRules: [UDP Query User{466F71C6-C04D-4FE2-9D67-7FAC180DE370}C:\program files (x86)\shattered paradise\shatteredparadise.exe] => (Block) C:\program files (x86)\shattered paradise\shatteredparadise.exe ( )
    FirewallRules: [TCP Query User{A8D79094-C724-477B-9C17-94F97B9125C6}C:\users\howard\documents\twisted insurrection 0.7\game.exe] => (Allow) C:\users\howard\documents\twisted insurrection 0.7\game.exe (Westwood Studios)
    FirewallRules: [UDP Query User{C96B1FED-3D43-41C3-82BB-04B103FEE7FE}C:\users\howard\documents\twisted insurrection 0.7\game.exe] => (Allow) C:\users\howard\documents\twisted insurrection 0.7\game.exe (Westwood Studios)
    FirewallRules: [TCP Query User{0F645464-62E4-4B76-A599-325AF43F55F3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
    FirewallRules: [UDP Query User{1F5B44B2-DED7-46AA-8F3F-D671E66EDA4D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)

    ==================== Restore Points =========================

    18-12-2018 07:16:02 Scheduled Checkpoint
    19-12-2018 18:20:01 Windows Update
    21-12-2018 03:01:05 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Ethernet Controller
    Description: Ethernet Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Universal Serial Bus (USB) Controller
    Description: Universal Serial Bus (USB) Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/24/2018 04:54:51 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (12/24/2018 03:54:51 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (12/24/2018 03:28:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

    Error: (12/23/2018 06:39:33 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (12/22/2018 07:38:08 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (12/22/2018 02:59:57 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (12/22/2018 02:55:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

    Error: (12/21/2018 05:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Game.exe, version: 1.0.0.1, time stamp: 0x393c1b12
    Faulting module name: Game.exe, version: 1.0.0.1, time stamp: 0x393c1b12
    Exception code: 0xc0000005
    Fault offset: 0x001ff7d0
    Faulting process id: 0x9e8
    Faulting application start time: 0x01d4995045f0ff01
    Faulting application path: C:\Users\Howard\Documents\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe
    Faulting module path: C:\Users\Howard\Documents\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe
    Report Id: 0ee73c05-0547-11e9-8b4d-abf3d0aaaa7d


    System errors:
    =============
    Error: (12/23/2018 06:39:33 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (12/22/2018 06:55:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (12/21/2018 01:11:09 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (12/21/2018 03:09:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (12/21/2018 03:09:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

    Error: (12/21/2018 03:07:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SpyHunter 5 Kernel service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (12/20/2018 12:16:19 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding

    Error: (12/19/2018 11:34:19 AM) (Source: DCOM) (EventID: 10001) (User: )
    Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
    "5"
    Happened while starting this command:
    C:\Windows\System32\slui.exe -Embedding


    Windows Defender:
    ===================================
    Date: 2018-11-21 05:02:46.396
    Description:
    Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted:Current
    Error Code:0x80070002
    Error description:The system cannot find the file specified.
    Signature version:0.0.0.0
    Engine version:0.0.0.0

    Date: 2018-11-21 04:12:55.115
    Description:
    Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted:Current
    Error Code:0x80070002
    Error description:The system cannot find the file specified.
    Signature version:0.0.0.0
    Engine version:0.0.0.0

    CodeIntegrity:
    ===================================

    Date: 2018-09-11 21:09:16.623
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2018-09-11 21:09:16.600
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
    Percentage of memory in use: 52%
    Total physical RAM: 10110.62 MB
    Available physical RAM: 4788.1 MB
    Total Virtual: 20219.38 MB
    Available Virtual: 13032.74 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:287.56 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:78.32 GB) NTFS
    Drive f: (Éabha's First Year) (CDROM) (Total:1.05 GB) (Free:0 GB) UDF

    \\?\Volume{649706e3-a22c-11e8-acbd-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: A298A298)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4D39E741)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    SystemLook

    SystemLook 04.09.10 by jpshortstuff
    Log created at 05:32 on 24/12/2018 by Howard
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*spyhunter*"
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk --a---- 1028 bytes [05:42 21/11/2018] [05:42 21/11/2018] B56CEBE59B0C87C01F59F0FA3BFCB66D
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk --a---- 1028 bytes [05:42 21/11/2018] [05:42 21/11/2018] B56CEBE59B0C87C01F59F0FA3BFCB66D

    Searching for "*enigma*"
    C:\Windows\System32\drivers\EnigmaFileMonDriver.sys --a---- 71352 bytes [06:54 21/11/2018] [10:46 19/12/2018] 25F683E2A6B0000B1F181E0FC1BD58C3

    ========== folderfind ==========

    Searching for "*spyhunter*"
    C:\Program Files\EnigmaSoft\SpyHunter d------ [05:41 21/11/2018]

    Searching for "*enigma*"
    C:\Program Files\EnigmaSoft d------ [05:41 21/11/2018]
    C:\ProgramData\EnigmaSoft Limited d------ [05:42 21/11/2018]
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft d------ [05:42 21/11/2018]
    C:\Users\All Users\EnigmaSoft Limited d------ [05:42 21/11/2018]
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\EnigmaSoft d------ [05:42 21/11/2018]

    ========== regfind ==========

    Searching for "spyhunter"
    [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoft\SpyHunter]
    [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoft\SpyHunter\SpyHunterConfig]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver]
    "Description"="SpyHunter Guard"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EsgShKernel]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EsgShKernel]
    "DisplayName"="SpyHunter 5 Kernel"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EsgShKernel]
    "Description"="SpyHunter 5 Kernel"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShMonitor]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShMonitor]
    "DisplayName"="SpyHunter 5 Kernel Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShMonitor]
    "Description"="SpyHunter 5 Kernel Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EnigmaFileMonDriver]
    "Description"="SpyHunter Guard"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EsgShKernel]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EsgShKernel]
    "DisplayName"="SpyHunter 5 Kernel"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EsgShKernel]
    "Description"="SpyHunter 5 Kernel"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ShMonitor]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ShMonitor]
    "DisplayName"="SpyHunter 5 Kernel Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ShMonitor]
    "Description"="SpyHunter 5 Kernel Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver]
    "Description"="SpyHunter Guard"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EsgShKernel]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EsgShKernel]
    "DisplayName"="SpyHunter 5 Kernel"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EsgShKernel]
    "Description"="SpyHunter 5 Kernel"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShMonitor]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShMonitor]
    "DisplayName"="SpyHunter 5 Kernel Monitor"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShMonitor]
    "Description"="SpyHunter 5 Kernel Monitor"

    Searching for "enigma"
    [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoft]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER\0000]
    "Service"="EnigmaFileMonDriver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER\0000]
    "DeviceDesc"="EnigmaFileMonDriver Mini-Filter Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver]
    "ImagePath"="\??\C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver]
    "DisplayName"="EnigmaFileMonDriver Mini-Filter Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver\Instances]
    "DefaultInstance"="EnigmaFileMonDriver Instance"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver\Instances\EnigmaFileMonDriver Instance]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EnigmaFileMonDriver\Enum]
    "0"="Root\LEGACY_ENIGMAFILEMONDRIVER\0000"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EsgShKernel]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShMonitor]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER\0000]
    "Service"="EnigmaFileMonDriver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER\0000]
    "DeviceDesc"="EnigmaFileMonDriver Mini-Filter Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EnigmaFileMonDriver]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EnigmaFileMonDriver]
    "ImagePath"="\??\C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EnigmaFileMonDriver]
    "DisplayName"="EnigmaFileMonDriver Mini-Filter Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EnigmaFileMonDriver\Instances]
    "DefaultInstance"="EnigmaFileMonDriver Instance"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EnigmaFileMonDriver\Instances\EnigmaFileMonDriver Instance]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EsgShKernel]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ShMonitor]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER\0000]
    "Service"="EnigmaFileMonDriver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ENIGMAFILEMONDRIVER\0000]
    "DeviceDesc"="EnigmaFileMonDriver Mini-Filter Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver]
    "ImagePath"="\??\C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver]
    "DisplayName"="EnigmaFileMonDriver Mini-Filter Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver\Instances]
    "DefaultInstance"="EnigmaFileMonDriver Instance"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver\Instances\EnigmaFileMonDriver Instance]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EnigmaFileMonDriver\Enum]
    "0"="Root\LEGACY_ENIGMAFILEMONDRIVER\0000"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EsgShKernel]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShMonitor]
    "ImagePath"=""C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe""

    -= EOF =-
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    BlackFrancis,
    This should take care of it.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached Fixlist.txt file and save it to your Downloads Folder
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder, like in Downloads, elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop and/or your Downloads folder(Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  7. BlackFrancis

    BlackFrancis Thread Starter

    Joined:
    Oct 21, 2006
    Messages:
    223
    After the fix completed, the system rebooted, and no report afterward. Here's the file
     

    Attached Files:

  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Are you satisfied with how it works now?
    Notice it got rid of 10Gb worth of temp files as well.
    You can mark the thread Complete if we are done.
     
  9. BlackFrancis

    BlackFrancis Thread Starter

    Joined:
    Oct 21, 2006
    Messages:
    223
    The computer is running very well. Thank you
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1220635

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice