Results 1 to 10 of 10

Thread: May have installed malware by accident.

  1. #1
    Junior Member
    Join Date
    Jan 2019
    Posts
    5

    Default May have installed malware by accident.

    I tried to install what I now know to be an illegitimate copy of Microsoft Office, during installation I got a notification that "TAP VPN" was being installed.

    I've uninstalled the software but my PC is running slowly and I can't seem to find the location of this "TAP VPN" malware that installed itself.

    Any help would be greatly appreciated.

    Here is my FRST log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2019 01
    Ran by Mark (administrator) on MARK-PC (15-01-2019 15:57:32)
    Running from C:\Users\Mark\Desktop
    Loaded Profiles: Mark (Available Profiles: Mark & Work)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
    (GOG.com) G:\GOG Galaxy\GalaxyClient.exe
    (Audient) C:\Program Files\Audient\USBAudioDriver\W7W8_x64\iD.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
    (GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
    (GOG.com) G:\GOG Galaxy\GalaxyClient Helper.exe
    (GOG.com) G:\GOG Galaxy\GalaxyClient Helper.exe
    (GOG.com) G:\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
    (GOG.com) G:\GOG Galaxy\GalaxyClient Helper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\Temp\ose00000.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
    HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [173416 2018-11-26] (BullGuard Ltd.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3133216 2019-01-04] (Valve Corporation)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805376 2018-10-26] (Skype Technologies S.A.)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Run: [Spotify] => C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe [25972968 2018-12-21] (Spotify Ltd)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-10-23] (Piriform Ltd)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2135904 2018-08-28] (Sony)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Run: [GalaxyClient] => G:\GOG Galaxy\GalaxyClient.exe [7381576 2018-11-29] (GOG.com)
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\RunOnce: [Uninstall C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\RunOnce: [Uninstall C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\MountPoints2: {4082f4d6-9c8a-11e8-aafd-74d435d74a2b} - K:\setup.exe
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\MountPoints2: {87857605-9707-11e8-bbfc-806e6f6e6963} - H:\setup.exe
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\MountPoints2: {c250293d-aa9e-11e8-afd9-74d435d74a2b} - L:\startme.exe
    HKLM\Software\...\AppCompatFlags\Custom\game.exe: [{9381f2c8-55ab-4208-80ad-7a747ab1f43f}.sdb] -> GOG.com The Longest Journey
    HKLM\Software\...\AppCompatFlags\InstalledSDB\{9381f2c8-55ab-4208-80ad-7a747ab1f43f}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{9381f2c8-55ab-4208-80ad-7a747ab1f43f}.sdb [2018-11-10]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2018-08-07]
    ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\W7W8_x64\iD.exe (Audient)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{50FA14DD-5A53-4F3D-A2F3-CBB77018EAAB}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-06] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-06] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2250887051-2314894825-2524768795-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\Mark\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi.dll [2018-10-19] (Microsoft Corporation)
    FF Plugin HKU\S-1-5-21-2250887051-2314894825-2524768795-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\Mark\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi-x64.dll [2018-10-19] (Microsoft Corporation)

    Chrome:
    =======
    CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2019-01-15]
    CHR Extension: (Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-07]
    CHR Extension: (Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-07]
    CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-07]
    CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-07]
    CHR Extension: (Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
    CHR Extension: (AdBlock) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-07]
    CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-07]
    CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-17]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe [1609576 2018-12-13] (BullGuard Ltd.)
    R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe [630120 2018-12-13] (BullGuard Ltd.)
    S3 BsHelper; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardHelper.exe [272368 2018-11-07] (BullGuard Ltd.)
    R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe [5857640 2018-12-13] (BullGuard Ltd.)
    R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe [1097064 2018-12-13] (BullGuard Ltd.)
    R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe [809320 2018-12-13] (BullGuard Ltd.)
    R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [315752 2018-12-10] (BullGuard Ltd.)
    R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe [483688 2018-12-13] (BullGuard Ltd.)
    R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [493928 2018-12-19] (BullGuard Ltd.)
    S3 GalaxyClientService; G:\GOG Galaxy\GalaxyClientService.exe [707144 2018-11-29] (GOG.com)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-11-29] (GOG.com)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-30] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764456 2018-07-30] (NVIDIA Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2198016 2018-08-28] (Sony) [File not signed]
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 audientusbaudio; C:\Windows\System32\DRIVERS\audientusbaudio.sys [361904 2018-06-28] ()
    R3 audientusbaudioks; C:\Windows\System32\DRIVERS\audientusbaudioks.sys [53168 2018-06-28] ()
    R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2018-03-02] (BullGuard Ltd.)
    R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152664 2018-03-02] (BullGuard Ltd.)
    R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [85800 2018-11-07] (BullGuard Ltd.)
    R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2018-03-02] (BullGuard Ltd.)
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-08-10] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-08-10] (Disc Soft Ltd)
    R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-08-07] (REALiX(tm))
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-08-24] ()
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30656 2018-07-30] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-07-30] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-07-30] (NVIDIA Corporation)
    S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
    S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [439928 2018-10-22] (BitDefender S.R.L.)
    R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
    R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies)
    R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
    R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54168 2017-04-18] (Intel Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (Created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-15 15:57 - 2019-01-15 15:57 - 000018918 _____ C:\Users\Mark\Desktop\FRST.txt
    2019-01-15 15:57 - 2019-01-15 15:57 - 000000000 ____D C:\Users\Mark\Desktop\Cleanup
    2019-01-15 15:51 - 2019-01-15 15:57 - 000000000 ____D C:\FRST
    2019-01-15 15:51 - 2019-01-15 15:52 - 000056543 _____ C:\Users\Mark\Downloads\FRST.txt
    2019-01-15 15:51 - 2019-01-15 15:52 - 000039912 _____ C:\Users\Mark\Downloads\Addition.txt
    2019-01-15 15:49 - 2019-01-15 15:49 - 002427904 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
    2019-01-15 15:29 - 2019-01-15 15:34 - 000000000 ____D C:\ProgramData\KMSAuto
    2019-01-15 15:29 - 2014-08-08 16:31 - 000027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\ptun0901.sys
    2019-01-15 15:27 - 2019-01-15 15:34 - 000000000 ____D C:\Users\Mark\AppData\Local\MSfree Inc
    2019-01-15 15:27 - 2019-01-15 15:27 - 000000000 ___RD C:\Users\Mark\OneDrive
    2019-01-15 15:27 - 2019-01-15 15:27 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2019-01-15 15:27 - 2019-01-15 15:27 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
    2019-01-15 15:23 - 2019-01-15 15:23 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2019-01-15 15:22 - 2019-01-15 15:22 - 005567302 _____ C:\Users\Mark\Downloads\kmsauto+net.zip
    2019-01-15 15:21 - 2019-01-15 15:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-01-15 15:21 - 2019-01-15 15:21 - 021543568 _____ C:\WindowsMSYH.tt2
    2019-01-15 15:21 - 2019-01-15 15:21 - 021302624 _____ C:\WindowsMSJH.tt2
    2019-01-15 15:21 - 2019-01-15 15:21 - 014381616 _____ C:\WindowsMSYHBD.tt2
    2019-01-15 15:21 - 2019-01-15 15:21 - 014343024 _____ C:\WindowsMSJHBD.tt2
    2019-01-15 15:21 - 2019-01-15 15:21 - 000222632 _____ C:\WindowsMSUIGHUR.tt2
    2019-01-15 15:21 - 2019-01-15 15:21 - 000094064 _____ C:\WindowsLEELAWAD.tt2
    2019-01-15 15:21 - 2019-01-15 15:21 - 000093836 _____ C:\WindowsLEELAWDB.tt2
    2019-01-15 15:19 - 2019-01-15 15:19 - 000000000 ____D C:\Users\Mark\Downloads\MS office
    2019-01-15 15:13 - 2019-01-15 15:14 - 2371042051 _____ C:\Users\Mark\Downloads\MS office.rar
    2019-01-15 15:09 - 2019-01-15 15:09 - 001851053 _____ C:\Users\Mark\Downloads\Unconfirmed 336291.crdownload
    2019-01-09 12:53 - 2018-12-28 23:42 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2019-01-09 12:53 - 2018-12-28 22:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2019-01-09 12:53 - 2018-12-28 20:03 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2019-01-09 12:53 - 2018-12-28 20:02 - 005552360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2019-01-09 12:53 - 2018-12-28 20:02 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2019-01-09 12:53 - 2018-12-28 20:02 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2019-01-09 12:53 - 2018-12-28 20:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2019-01-09 12:53 - 2018-12-28 20:02 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2019-01-09 12:53 - 2018-12-28 20:02 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2019-01-09 12:53 - 2018-12-28 20:01 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2019-01-09 12:53 - 2018-12-28 19:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2019-01-09 12:53 - 2018-12-28 19:50 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:34 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2019-01-09 12:53 - 2018-12-28 19:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2019-01-09 12:53 - 2018-12-28 19:34 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2019-01-09 12:53 - 2018-12-28 19:34 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2019-01-09 12:53 - 2018-12-28 19:31 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2019-01-09 12:53 - 2018-12-28 19:31 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2019-01-09 12:53 - 2018-12-28 19:31 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2019-01-09 12:53 - 2018-12-28 19:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2019-01-09 12:53 - 2018-12-28 19:28 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2019-01-09 12:53 - 2018-12-28 19:28 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2019-01-09 12:53 - 2018-12-28 19:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2019-01-09 12:53 - 2018-12-28 19:27 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2019-01-09 12:53 - 2018-12-28 19:27 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
    2019-01-09 12:53 - 2018-12-28 19:27 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
    2019-01-09 12:53 - 2018-12-28 19:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
    2019-01-09 12:53 - 2018-12-28 19:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
    2019-01-09 12:53 - 2018-12-28 19:27 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2019-01-09 12:53 - 2018-12-28 19:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2019-01-09 12:53 - 2018-12-28 19:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2019-01-09 12:53 - 2018-12-28 19:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2019-01-09 12:53 - 2018-12-28 19:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2019-01-09 12:53 - 2018-12-28 19:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2019-01-09 12:53 - 2018-12-28 19:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 19:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2019-01-09 12:53 - 2018-12-28 18:09 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
    2019-01-09 12:53 - 2018-12-28 18:09 - 000419608 _____ C:\Windows\system32\locale.nls
    2019-01-09 12:53 - 2018-12-28 00:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2019-01-09 12:53 - 2018-12-27 23:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2019-01-09 12:53 - 2018-12-27 23:50 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2019-01-09 12:53 - 2018-12-27 23:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2019-01-09 12:53 - 2018-12-27 23:37 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2019-01-09 12:53 - 2018-12-27 23:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2019-01-09 12:53 - 2018-12-27 23:36 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2019-01-09 12:53 - 2018-12-27 23:36 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2019-01-09 12:53 - 2018-12-27 23:36 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2019-01-09 12:53 - 2018-12-27 23:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2019-01-09 12:53 - 2018-12-27 23:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2019-01-09 12:53 - 2018-12-27 23:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2019-01-09 12:53 - 2018-12-27 23:26 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2019-01-09 12:53 - 2018-12-27 23:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2019-01-09 12:53 - 2018-12-27 23:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2019-01-09 12:53 - 2018-12-27 23:25 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2019-01-09 12:53 - 2018-12-27 23:25 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2019-01-09 12:53 - 2018-12-27 23:24 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2019-01-09 12:53 - 2018-12-27 23:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2019-01-09 12:53 - 2018-12-27 23:17 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2019-01-09 12:53 - 2018-12-27 23:14 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2019-01-09 12:53 - 2018-12-27 23:07 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2019-01-09 12:53 - 2018-12-27 23:07 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2019-01-09 12:53 - 2018-12-27 23:06 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2019-01-09 12:53 - 2018-12-27 23:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2019-01-09 12:53 - 2018-12-27 23:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2019-01-09 12:53 - 2018-12-27 23:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2019-01-09 12:53 - 2018-12-27 23:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2019-01-09 12:53 - 2018-12-27 23:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2019-01-09 12:53 - 2018-12-27 23:03 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2019-01-09 12:53 - 2018-12-27 23:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2019-01-09 12:53 - 2018-12-27 23:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2019-01-09 12:53 - 2018-12-27 23:01 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2019-01-09 12:53 - 2018-12-27 22:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2019-01-09 12:53 - 2018-12-27 22:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2019-01-09 12:53 - 2018-12-27 22:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2019-01-09 12:53 - 2018-12-27 22:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2019-01-09 12:53 - 2018-12-27 22:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2019-01-09 12:53 - 2018-12-27 22:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2019-01-09 12:53 - 2018-12-27 22:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2019-01-09 12:53 - 2018-12-27 22:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2019-01-09 12:53 - 2018-12-27 22:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2019-01-09 12:53 - 2018-12-27 22:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2019-01-09 12:53 - 2018-12-27 22:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2019-01-09 12:53 - 2018-12-27 22:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2019-01-09 12:53 - 2018-12-27 22:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2019-01-09 12:53 - 2018-12-27 22:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2019-01-09 12:53 - 2018-12-27 22:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2019-01-09 12:53 - 2018-12-27 22:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2019-01-09 12:53 - 2018-12-27 22:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2019-01-09 12:53 - 2018-12-27 22:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2019-01-09 12:53 - 2018-12-27 22:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2019-01-09 12:53 - 2018-12-27 22:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2019-01-09 12:53 - 2018-12-27 22:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2019-01-09 12:53 - 2018-12-27 22:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2019-01-09 12:53 - 2018-12-27 22:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2019-01-09 12:53 - 2018-12-27 22:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2019-01-09 12:53 - 2018-12-27 22:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2019-01-09 12:53 - 2018-12-27 22:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2019-01-09 12:53 - 2018-12-27 22:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2019-01-09 12:53 - 2018-12-27 22:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2019-01-09 12:53 - 2018-12-27 22:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2019-01-09 12:53 - 2018-12-27 22:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2019-01-09 12:53 - 2018-12-27 22:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2019-01-09 12:53 - 2018-12-27 22:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2019-01-09 12:53 - 2018-12-27 22:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2019-01-09 12:53 - 2018-12-08 03:08 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
    2019-01-09 12:53 - 2018-12-08 03:08 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
    2019-01-09 12:53 - 2018-12-08 03:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
    2019-01-09 12:53 - 2018-12-08 03:08 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
    2019-01-09 12:53 - 2018-12-08 03:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
    2019-01-09 12:53 - 2018-12-08 03:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
    2019-01-09 12:53 - 2018-12-08 02:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
    2019-01-09 12:53 - 2018-12-08 02:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
    2019-01-09 12:53 - 2018-12-08 02:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
    2019-01-09 12:53 - 2018-12-08 02:47 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2019-01-09 12:53 - 2018-12-08 02:47 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2019-01-09 12:53 - 2018-12-08 02:47 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
    2019-01-09 12:53 - 2018-12-08 02:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
    2019-01-09 12:53 - 2018-12-08 02:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
    2019-01-09 12:53 - 2018-12-08 02:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
    2019-01-09 12:53 - 2018-12-07 15:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2019-01-07 01:37 - 2019-01-07 01:37 - 000019741 _____ C:\Users\Mark\AppData\Local\recently-used.xbel
    2019-01-03 16:04 - 2019-01-03 16:04 - 000000000 ____D C:\Users\Work\AppData\Roaming\Audient
    2019-01-03 15:02 - 2019-01-03 15:02 - 000059632 _____ C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT
    2019-01-03 15:01 - 2019-01-03 15:01 - 000000000 ____D C:\Users\Work\AppData\Local\CEF
    2019-01-03 15:00 - 2019-01-03 15:03 - 000000000 ____D C:\Users\Work\AppData\Roaming\BullGuard
    2019-01-03 15:00 - 2019-01-03 15:02 - 000000000 ____D C:\Users\Work\AppData\Local\NVIDIA Corporation
    2019-01-03 15:00 - 2019-01-03 15:00 - 000001417 _____ C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000020 ___SH C:\Users\Work\ntuser.ini
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 __SHD C:\Users\Work\IntelGraphicsProfiles
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 ____D C:\Users\Work\AppData\Roaming\Adobe
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 ____D C:\Users\Work\AppData\Local\VirtualStore
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 ____D C:\Users\Work\AppData\Local\NVIDIA
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 ____D C:\Users\Work\AppData\Local\Google
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 ____D C:\Users\Work\ansel
    2019-01-03 15:00 - 2019-01-03 15:00 - 000000000 ____D C:\Users\Work
    2019-01-03 15:00 - 2011-04-12 08:28 - 000000000 ____D C:\Users\Work\AppData\Roaming\Media Center Programs
    2019-01-02 21:45 - 2019-01-02 21:45 - 000000588 _____ C:\Users\Mark\Documents\Admin Notes.txt
    2018-12-24 12:58 - 2018-12-24 12:58 - 000000000 ____D C:\Users\Mark\Documents\REAPER Media
    2018-12-24 12:17 - 2018-12-24 12:17 - 000000000 ____D C:\Users\Mark\Documents\Toontrack
    2018-12-24 12:13 - 2019-01-03 13:39 - 000000000 ____D C:\Users\Mark\AppData\Roaming\REAPER
    2018-12-24 12:13 - 2018-12-24 12:13 - 011865560 _____ C:\Users\Mark\Downloads\reaper5965_x64-install.exe
    2018-12-24 12:13 - 2018-12-24 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
    2018-12-24 12:13 - 2018-12-24 12:13 - 000000000 ____D C:\Program Files\REAPER (x64)
    2018-12-21 13:59 - 2018-12-21 13:59 - 000000139 _____ C:\Users\Mark\Documents\CxI.txt
    2018-12-20 19:36 - 2018-12-20 22:58 - 000000197 _____ C:\Users\Mark\Documents\DxVxO.txt
    2018-12-19 17:09 - 2018-12-20 22:58 - 000000671 _____ C:\Users\Mark\Documents\BxU.txt
    2018-12-18 17:33 - 2018-12-18 17:33 - 000000000 __HDC C:\ProgramData\{47094A79-73AA-41BF-BEB3-757A1003C902}
    2018-12-18 17:33 - 2018-12-18 17:33 - 000000000 ___HD C:\.native-instruments.suht.tmp

    ==================== One month (Modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-15 15:39 - 2018-08-07 15:23 - 000000000 ____D C:\ProgramData\BullGuard
    2019-01-15 15:38 - 2009-07-14 04:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2019-01-15 15:38 - 2009-07-14 04:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2019-01-15 15:36 - 2009-07-14 03:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2019-01-15 15:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
    2019-01-15 15:27 - 2018-08-07 11:42 - 000111792 _____ C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
    2019-01-15 15:27 - 2018-08-03 10:27 - 000000000 ____D C:\Users\Mark
    2019-01-15 13:25 - 2018-08-11 18:06 - 000000000 ____D C:\Program Files (x86)\Steam
    2019-01-15 13:19 - 2018-08-03 11:50 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-01-15 13:15 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-01-15 13:09 - 2018-10-25 20:22 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Spotify
    2019-01-15 13:09 - 2018-10-25 20:22 - 000000000 ____D C:\Users\Mark\AppData\Local\Spotify
    2019-01-15 13:09 - 2018-08-03 13:55 - 000000000 __SHD C:\Users\Mark\IntelGraphicsProfiles
    2019-01-15 13:09 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-01-10 19:21 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
    2019-01-09 23:45 - 2018-08-07 12:42 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2019-01-09 23:44 - 2018-08-03 11:29 - 000000000 ____D C:\Windows\system32\MRT
    2019-01-09 23:43 - 2018-08-03 11:28 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2019-01-08 17:16 - 2018-08-12 16:31 - 000000000 ____D C:\Users\Mark\AppData\Roaming\audacity
    2019-01-07 01:37 - 2018-09-06 15:01 - 000000000 ____D C:\Users\Mark\AppData\Local\gtk-2.0
    2019-01-07 01:37 - 2018-09-06 11:58 - 000000000 ____D C:\Users\Mark\AppData\Local\babl-0.1
    2018-12-24 20:15 - 2018-08-10 12:16 - 000000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
    2018-12-24 12:17 - 2018-10-03 14:11 - 000000000 _____ C:\Users\Mark\Documents\MainAppLog.txt
    2018-12-24 12:17 - 2018-08-03 10:27 - 000000000 ____D C:\Users\Mark\AppData\Local\VirtualStore
    2018-12-19 15:48 - 2018-08-07 11:42 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-12-19 15:48 - 2018-08-07 11:42 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2018-11-06 01:16 - 2018-11-06 01:16 - 050451808 _____ (Sony) C:\Users\Mark\AppData\Local\pcc.exe
    2019-01-07 01:37 - 2019-01-07 01:37 - 000019741 _____ () C:\Users\Mark\AppData\Local\recently-used.xbel

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2019-01-13 00:02

    ==================== End of FRST.txt ============================

    The addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 01
    Ran by Mark (15-01-2019 15:57:51)
    Running from C:\Users\Mark\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2018-08-03 10:27:36)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2250887051-2314894825-2524768795-500 - Administrator - Disabled)
    FB11B3AF6E254C5A808B (S-1-5-21-2250887051-2314894825-2524768795-1001 - Limited - Enabled)
    Guest (S-1-5-21-2250887051-2314894825-2524768795-501 - Limited - Disabled)
    Mark (S-1-5-21-2250887051-2314894825-2524768795-1000 - Administrator - Enabled) => C:\Users\Mark
    Work (S-1-5-21-2250887051-2314894825-2524768795-1002 - Limited - Enabled) => C:\Users\Work

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: BullGuard Antispyware (Disabled - Out of date) {B73BE81F-4345-B6C3-E5AB-80F647E9AA59}
    FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
    ARIA Engine v1.9.1.6 (HKLM\...\ARIA Engine_is1) (Version: v1.9.1.6 - Plogue Art et Technologie, Inc)
    Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
    Audient USB Audio Driver v4.0.1 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 4.0.1 - Audient)
    Beneath a Steel Sky (HKLM-x32\...\1207658695_is1) (Version: 1.0 - GOG.com)
    BullGuard Internet Security (HKLM\...\BullGuard) (Version: 19.0 - BullGuard Ltd.)
    Canon MP540 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
    Connect version 3.2.4 (HKLM-x32\...\{D8B98D6D-FEF3-4245-8BF5-598F28C28517}_is1) (Version: 3.2.4 - Continuata Ltd)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
    E-License Manager (HKLM\...\{6C169D27-4A5B-41AB-815B-3B5CADD10D6F}) (Version: 1.4.0.0 - Magix) Hidden
    E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
    Engine 2 (HKLM\...\{86772CCF-4EAD-4C5D-8C1C-E68CAB0FF0B3}) (Version: 2.5.0.183 - Best Service) Hidden
    Engine 2 (HKLM-x32\...\Engine 2) (Version: 2.5.0.183 - Best Service)
    FabFilter Pro-Q VST RTAS v1.0.1.6 (HKLM-x32\...\FabFilter Pro-Q VST RTAS_is1) (Version: - TEAM AiR)
    Forsaken (HKLM-x32\...\1624591191_is1) (Version: 1.4.1 - GOG.com)
    GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
    GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
    GOG.com The Longest Journey (HKLM\...\{9381f2c8-55ab-4208-80ad-7a747ab1f43f}.sdb) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    HWiNFO64 Version 5.86 (HKLM\...\HWiNFO64_is1) (Version: 5.86 - Martin Malík - REALiX)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
    JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
    Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
    MusicLab RealEight (32-bit) (HKLM-x32\...\{3042FDC5-4F33-4FB6-9031-562EDB952972}) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
    MusicLab RealEight (64-bit) (HKLM\...\{4B9D32BC-76E6-4E27-8E7F-1EC5510E4A7C}) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
    MusicLab RealEight (HKLM-x32\...\{550309f3-2bc9-43a7-8091-faaf92edb69f}) (Version: 1.0.0.7183 - MusicLab, Inc.)
    MusicLab RealEight Sound Bank (HKLM-x32\...\{ECE7A222-3A89-48A7-818D-20127025D4BE}) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
    Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
    Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
    Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
    Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
    Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.0.2.50 - Native Instruments)
    Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.8.1.43 - Native Instruments)
    Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.1.1 - Native Instruments)
    Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
    Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.7.5.96 - Native Instruments)
    Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.2.5 - Native Instruments)
    Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
    NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
    NVIDIA Graphics Driver 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
    Plogue AlterEgo v1.516 (HKLM\...\__ARIA_1019___is1) (Version: v1.516 - Plogue)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
    REAPER (x64) (HKLM\...\REAPER) (Version: - )
    Skype Meetings App (HKLM-x32\...\{56FC471B-6B4E-4CEF-AA29-D3F5D9387731}) (Version: 16.2.0.282 - Microsoft Corporation)
    Skype version 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Longest Journey (HKLM-x32\...\1207658794_is1) (Version: 142 lang update - GOG.com)
    Thimbleweed Park (HKLM-x32\...\1325604411_is1) (Version: 1.0.958 - GOG.com)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.30 - NCH Software)
    VideoProc (HKLM-x32\...\VideoProc) (Version: 3.1 - Digiarty, Inc.)
    Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
    WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
    Xperia Companion (HKLM-x32\...\{234b8fcc-726f-4746-b00f-f987f4290cb9}) (Version: 2.2.5.0 - Sony)
    Xperia Companion (HKLM-x32\...\{36B6CE92-327C-485C-A0D3-4460BE30AB7A}) (Version: 2.2.5.0 - Sony) Hidden
    Xperia Companion Service (HKLM\...\{C530A679-C5D7-48E5-8958-E09E4207AE8B}) (Version: 2.2.5.0 - Sony) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\ChromeHTML: -> <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-2250887051-2314894825-2524768795-1000_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Mark\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\GatewayActiveX-x64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2250887051-2314894825-2524768795-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2250887051-2314894825-2524768795-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath
    ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-30] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-30] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-10-30] (BullGuard Ltd.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
    ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-11-07] (BullGuard Ltd.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A699282-8668-434A-B0E1-9519F9A258C9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-30] (NVIDIA Corporation)
    Task: {1280F3FA-F098-4A00-983D-3A7A8FEBF46D} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
    Task: {198A5C36-255E-45E8-BF9D-3D5F3EB27390} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-30] (NVIDIA Corporation)
    Task: {2260F1D9-475B-4D9A-9716-84562E0403ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-10-23] (Piriform Ltd)
    Task: {31D0548A-1020-4F22-9227-39343960F37A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-30] (NVIDIA Corporation)
    Task: {37A64D68-645F-4302-AD70-17CDD7FD1993} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
    Task: {63A503E6-0D6F-4C21-9162-D2F2BA0DC982} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-30] (NVIDIA Corporation)
    Task: {702F14E8-2CB1-44B7-B2A2-3896695DE9E1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-10-23] (Piriform Ltd)
    Task: {721A3EA0-E4BB-48AE-8E88-F1C91F1E9EBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-07] (Google Inc.)
    Task: {8A95DD4B-2CD7-4704-A3AB-4A0F50D9A118} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-07] (Google Inc.)
    Task: {9C19256E-542F-4C1F-8E6C-5BDFB7F69211} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
    Task: {B16C6CC2-4233-441F-A335-174C0C16845E} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-30] (NVIDIA Corporation)
    Task: {C650E2CE-0A2B-4470-B5BA-80610BDC2075} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-30] (NVIDIA Corporation)
    Task: {D07CA73C-31B7-43E9-88EC-72D10C901227} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-30] (NVIDIA Corporation)
    Task: {F65918EC-CF1E-4DA6-8BFA-A6C1EADF4BAF} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2018-11-07] (BullGuard Ltd.)
    Task: {FB546BF8-4832-4943-B01D-2FC220E311AB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-30] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter":
    WMI:subscription\__EventFilter->BVTFilter:
    WMI:subscription\CommandLineEventConsumer->BVTConsumer:

    ==================== Loaded Modules (Whitelisted) ==============

    2018-10-30 13:59 - 2018-10-30 13:59 - 000724840 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
    2018-10-30 13:59 - 2018-10-30 13:59 - 000088936 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
    2018-10-30 13:59 - 2018-10-30 13:59 - 000527208 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
    2018-10-30 13:59 - 2018-10-30 13:59 - 000073064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
    2018-08-07 12:58 - 2018-07-30 19:08 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2015-08-09 03:50 - 2015-08-09 03:50 - 000404376 _____ () C:\Windows\system32\igfxTray.exe
    2018-08-30 13:55 - 2018-08-30 13:55 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
    2018-12-14 14:24 - 2018-12-12 05:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
    2018-12-14 14:24 - 2018-12-12 05:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 067919944 _____ () G:\GOG Galaxy\libcef.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000503368 _____ () G:\GOG Galaxy\PocoUtil.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000513608 _____ () G:\GOG Galaxy\PocoXML.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000152648 _____ () G:\GOG Galaxy\expat.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 001656392 _____ () G:\GOG Galaxy\PocoFoundation.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000426568 _____ () G:\GOG Galaxy\pcre.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000107592 _____ () G:\GOG Galaxy\zlib.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000327752 _____ () G:\GOG Galaxy\PocoJSON.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 001071176 _____ () G:\GOG Galaxy\PocoNet.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 001856072 _____ () G:\GOG Galaxy\PocoData.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000387656 _____ () G:\GOG Galaxy\PocoDataSQLite.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000681032 _____ () G:\GOG Galaxy\sqlite.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000306248 _____ () G:\GOG Galaxy\PocoNetSSL.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000157256 _____ () G:\GOG Galaxy\PocoCrypto.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000130120 _____ () G:\GOG Galaxy\xdelta3.dll
    2018-11-10 15:15 - 2018-11-29 16:20 - 000270920 _____ () G:\GOG Galaxy\PocoZip.dll
    2018-08-07 15:01 - 2018-06-18 05:56 - 000236544 _____ () C:\Program Files\Audient\USBAudioDriver\W7W8_x64\audientusbaudioapi.dll
    2018-08-07 12:58 - 2018-07-30 19:08 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2018-11-10 15:15 - 2018-10-22 18:35 - 003176448 _____ () G:\GOG Galaxy\libglesv2.dll
    2018-11-10 15:15 - 2018-10-22 18:35 - 000079872 _____ () G:\GOG Galaxy\libegl.dll
    2018-08-06 12:01 - 2013-09-16 11:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{DF382911-04CE-44BB-9176-0A8560A6C9A2}C:\users\mark\desktop\sdio_1.4.0.671\sdio_x64_r671.exe] => (Allow) C:\users\mark\desktop\sdio_1.4.0.671\sdio_x64_r671.exe No File
    FirewallRules: [UDP Query User{3485D8B2-6ED9-4494-B9B2-4E0D6E15316C}C:\users\mark\desktop\sdio_1.4.0.671\sdio_x64_r671.exe] => (Allow) C:\users\mark\desktop\sdio_1.4.0.671\sdio_x64_r671.exe No File
    FirewallRules: [{6E57D04B-BA5E-4A78-AB1B-B9C9263179C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{61906CD3-468D-4349-A5CB-DA431174FDCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{C93A34D4-78D7-4CE8-BA39-8B99E19B43A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{97FDBA09-6B78-4AAA-AE04-B56F381319A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
    FirewallRules: [{7B8068CB-03E1-4353-BFDC-A480736D9772}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
    FirewallRules: [{72A329AB-5BED-430F-8DA6-69E15F059002}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
    FirewallRules: [{2DE8F31A-8A0A-44DC-9C03-A3D9FD49BB97}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    FirewallRules: [{EF82B89A-639A-496C-9836-549C216DFC86}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    FirewallRules: [{53368875-5B9E-4B93-BE6A-0E39C1D85338}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{CA3B9464-682E-4958-AD6C-E4A5A5EA729E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{86A38C90-4E0C-4D04-804C-474B0FC07091}] => (Allow) G:\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe (id Software)
    FirewallRules: [{47C94DC0-C3A6-443D-9760-E4E3D410D78B}] => (Allow) G:\SteamLibrary\steamapps\common\DOOM\DOOMx64.exe (id Software)
    FirewallRules: [{6E921F92-D536-4098-BCF9-7DE6BA8E50F4}] => (Allow) G:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM U.S.A, INC.)
    FirewallRules: [{2B0268C7-8FB9-4BA5-B8A6-3C8B6A12F549}] => (Allow) G:\SteamLibrary\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM U.S.A, INC.)
    FirewallRules: [{5CDE2197-C47D-4B53-9DF9-9B0236352B00}] => (Allow) G:\SteamLibrary\steamapps\common\Friday the 13th Killer Puzzle\F13.exe ()
    FirewallRules: [{ADF59DF1-9626-41D6-A916-A604CF37F16C}] => (Allow) G:\SteamLibrary\steamapps\common\Friday the 13th Killer Puzzle\F13.exe ()
    FirewallRules: [TCP Query User{2F6B7508-6EFF-49A7-A861-6BD80D143A8E}G:\steamlibrary\steamapps\common\doom\doomx64vk.exe] => (Allow) G:\steamlibrary\steamapps\common\doom\doomx64vk.exe (id Software)
    FirewallRules: [UDP Query User{F5D9E6F6-1564-4135-B6B6-F59965F2C1F6}G:\steamlibrary\steamapps\common\doom\doomx64vk.exe] => (Allow) G:\steamlibrary\steamapps\common\doom\doomx64vk.exe (id Software)
    FirewallRules: [{6ACA105F-1805-40B6-9C50-8E9DE5247926}] => (Allow) G:\SteamLibrary\steamapps\common\Zero Escape The Nonary Games\Launcher.exe (Spike Chunsoft Co.,Ltd.)
    FirewallRules: [{BEB19EBD-4809-4947-9121-496008460CFE}] => (Allow) G:\SteamLibrary\steamapps\common\Zero Escape The Nonary Games\Launcher.exe (Spike Chunsoft Co.,Ltd.)
    FirewallRules: [{6DB6104E-7B6E-494A-9F7B-F7CD3B356FFC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
    FirewallRules: [{F75236BA-2771-4981-AD49-42B60237F78B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
    FirewallRules: [{77E522D5-FCBC-43B7-A079-1BC2A3C340D5}] => (Allow) G:\SteamLibrary\steamapps\common\Saints Row the Third\game_launcher.exe (THQ Inc.)
    FirewallRules: [{88D1ADB4-5510-4339-A8C3-9B88659F70C5}] => (Allow) G:\SteamLibrary\steamapps\common\Saints Row the Third\game_launcher.exe (THQ Inc.)
    FirewallRules: [{E287077B-1BD5-42E7-8D13-B3AA28B3D731}] => (Allow) G:\SteamLibrary\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (THQ Inc.)
    FirewallRules: [{B95C4D72-71B6-412C-8470-37BF2228AE05}] => (Allow) G:\SteamLibrary\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (THQ Inc.)
    FirewallRules: [{F66E4B3B-3B0E-4FC5-A035-54BA1B9A0F85}] => (Allow) G:\SteamLibrary\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (THQ Inc.)
    FirewallRules: [{1AA4FD20-5BA6-4D99-9232-AA61F7B92F31}] => (Allow) G:\SteamLibrary\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (THQ Inc.)
    FirewallRules: [{ED1CB30F-79CF-4D79-9941-AD2FA38BA951}] => (Allow) G:\SteamLibrary\steamapps\common\Aliens vs Predator\AvP_Launcher.exe (Sega Europe Limited)
    FirewallRules: [{3F5277F5-197D-40A9-9A09-074896E31DD7}] => (Allow) G:\SteamLibrary\steamapps\common\Aliens vs Predator\AvP_Launcher.exe (Sega Europe Limited)
    FirewallRules: [{9F8F51EE-5520-4C33-9145-EFCF43B4426F}] => (Allow) G:\SteamLibrary\steamapps\common\Aliens vs Predator\AvP_DX11.exe (Sega Europe Limited)
    FirewallRules: [{559CB11D-E818-4ED3-97DB-C408C95EC6A8}] => (Allow) G:\SteamLibrary\steamapps\common\Aliens vs Predator\AvP_DX11.exe (Sega Europe Limited)
    FirewallRules: [{67BB7BC5-077A-4F25-820E-797CEF4E0087}] => (Allow) G:\SteamLibrary\steamapps\common\Aliens vs Predator\AvP.exe (Sega Europe Limited)
    FirewallRules: [{1AD3C7C4-B33A-4B3C-8F2E-6DF0F93A8D47}] => (Allow) G:\SteamLibrary\steamapps\common\Aliens vs Predator\AvP.exe (Sega Europe Limited)
    FirewallRules: [{A7841B01-15DF-47C8-A965-FD86C1A81E00}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
    FirewallRules: [{AE428147-750D-4E79-92C0-B0E02DCD04E6}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
    FirewallRules: [TCP Query User{8F4AC5DF-0ED2-4947-A3C8-C4D90B763294}C:\users\mark\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mark\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
    FirewallRules: [UDP Query User{EC510757-AD08-4609-8F08-22047671A418}C:\users\mark\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mark\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
    FirewallRules: [{2AA49DEB-E962-43E3-8744-E1B888D46F1C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
    FirewallRules: [{7AC55255-E15E-4D14-9196-989B8EDD8771}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
    FirewallRules: [{0FCC186B-FD36-4AA5-BC4F-E6B6099F19F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{AD6AD711-A22E-4557-B0E3-A0B77AC115C3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{0F48C886-B6AA-4A83-A71C-55FC25FB2442}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony)
    FirewallRules: [TCP Query User{2D4B689A-84D8-4DD9-A78E-609E2425E0EA}C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe] => (Allow) C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe (Microsoft Corporation)
    FirewallRules: [UDP Query User{CBAB24FD-78FA-4ABF-A5AF-D89E2BD9BCCC}C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe] => (Allow) C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe (Microsoft Corporation)
    FirewallRules: [{54D0983C-82FF-4784-945B-644BB38F4786}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{94243A4C-9E99-44FF-B2B2-0B4FB005F697}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
    FirewallRules: [{E34AACE8-017C-4707-BCCC-96B44F1BD04C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
    FirewallRules: [{0433B339-74E9-4A3C-BF92-AE877C326FE5}] => (Allow) LPort=1688

    ==================== Restore Points =========================

    15-01-2019 13:13:28 Windows Update
    15-01-2019 15:30:07 Device Driver Package Install: TAP Provider V9 for Private Tunnel Network adapters

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/15/2019 03:27:15 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/15/2019 03:27:15 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/15/2019 03:24:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/15/2019 01:09:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/12/2019 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/11/2019 03:44:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (01/11/2019 12:33:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Ableton Live 9 Suite.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 23c4

    Start Time: 01d4a9417f92a785

    Termination Time: 47

    Application Path: C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe

    Report Id: 74aea7f6-1538-11e9-b015-74d435d74a2b

    Error: (01/10/2019 04:30:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    System errors:
    =============
    Error: (01/15/2019 03:33:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The KMSEmulator service terminated with the following error:
    Not enough resources are available to complete this operation.

    Error: (01/15/2019 03:33:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The KMSEmulator service terminated with the following error:
    Not enough resources are available to complete this operation.

    Error: (01/15/2019 03:33:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The KMSEmulator service terminated with the following error:
    Not enough resources are available to complete this operation.

    Error: (01/15/2019 03:30:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The KMSEmulator service terminated with the following error:
    Not enough resources are available to complete this operation.

    Error: (01/15/2019 03:29:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The KMSEmulator service terminated with the following error:
    Not enough resources are available to complete this operation.

    Error: (01/15/2019 03:29:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The KMSEmulator service terminated with the following error:
    Not enough resources are available to complete this operation.

    Error: (01/15/2019 01:09:15 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 01:04:51 on ‎13/‎01/‎2019 was unexpected.

    Error: (01/12/2019 09:46:18 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 23:27:00 on ‎11/‎01/‎2019 was unexpected.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
    Percentage of memory in use: 60%
    Total physical RAM: 8053.92 MB
    Available physical RAM: 3198.8 MB
    Total Virtual: 16105.98 MB
    Available Virtual: 10118 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:13.93 GB) NTFS
    Drive e: (System) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (OSDisk) (Fixed) (Total:931.02 GB) (Free:297.24 GB) NTFS
    Drive g: (STORAGE) (Fixed) (Total:931.51 GB) (Free:739.96 GB) NTFS
    Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1183.91 GB) NTFS
    Drive k: () (Removable) (Total:3.69 GB) (Free:0.35 GB) FAT32

    \\?\Volume{878575ea-9707-11e8-bbfc-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: EF326E67)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BF4817BF)
    Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: 779C21B9)

    Partition: GPT.

    ========================================================
    Disk: 3 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 09A39BF8)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    aswMBR LOG:

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2019-01-15 15:59:48
    -----------------------------
    15:59:48.428 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:59:48.428 Number of processors: 4 586 0x3C03
    15:59:48.429 ComputerName: MARK-PC UserName: Mark
    15:59:48.588 Initialize success
    15:59:48.600 VM: initialized successfully
    15:59:48.600 VM: Intel CPU supported
    15:59:56.988 VM: disk I/O atapi.sys
    16:01:03.067 AVAST engine defs: 17030301
    16:07:16.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:07:16.375 Disk 0 Vendor: KINGSTON_SA400S37120G SBFK71E0 Size: 114473MB BusType: 11
    16:07:16.377 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
    16:07:16.378 Disk 1 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953869MB BusType: 11
    16:07:16.380 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
    16:07:16.381 Disk 2 Vendor: WDC_WD10EZEX-60M2NA0 01.01A01 Size: 953869MB BusType: 11
    16:07:16.390 Disk 0 MBR read successfully
    16:07:16.392 Disk 0 MBR scan
    16:07:16.396 Disk 0 Windows 7 default MBR code
    16:07:16.399 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:07:16.404 Disk 0 default boot code
    16:07:16.408 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    16:07:16.419 Disk 0 scanning C:\Windows\system32\drivers
    16:07:19.109 Service scanning
    16:07:26.852 Modules scanning
    16:07:26.855 Disk 0 trace - called modules:
    16:07:26.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    16:07:26.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007339060]
    16:07:26.864 3 CLASSPNP.SYS[fffff8800180243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800711b060]
    16:07:27.024 AVAST engine scan C:\Windows
    16:07:27.360 AVAST engine scan C:\Windows\system32
    16:08:35.741 AVAST engine scan C:\Windows\system32\drivers
    16:08:38.826 AVAST engine scan C:\Users\Mark
    16:09:15.616 AVAST engine scan C:\ProgramData
    16:11:47.939 Disk 0 statistics 5527992/0/0 @ 18.02 MB/s
    16:11:47.943 Scan finished successfully
    16:18:09.529 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
    16:18:09.531 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software. This is a must.

    Is this what your talking about?
    S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
    we can remove this but I believe it to be legit.

    ~~
    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\ChromeHTML: -> <==== ATTENTION
    FirewallRules: [{A7841B01-15DF-47C8-A965-FD86C1A81E00}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
    FirewallRules: [{AE428147-750D-4E79-92C0-B0E02DCD04E6}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~~~~~~~~~~~~~~~~
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply
    created by Aura

    ~~~
    Please post these 3 logs when finished.
    Last edited by Juliet; 2019-01-16 at 00:57. Reason: typo
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2019
    Posts
    5

    Default

    Hello, thank you for your reply.

    Just to confirm I have removed every trace of the offending software to the best of my ability.

    As I did not intend to install that VPN I would be interested in removing all trace of it, yes.

    Here is the Farbar fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019
    Ran by Mark (16-01-2019 19:47:38) Run:1
    Running from C:\Users\Mark\Desktop
    Loaded Profiles: Mark (Available Profiles: Mark & Work)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-2250887051-2314894825-2524768795-1000\...\ChromeHTML: -> <==== ATTENTION
    FirewallRules: [{A7841B01-15DF-47C8-A965-FD86C1A81E00}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
    FirewallRules: [{AE428147-750D-4E79-92C0-B0E02DCD04E6}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.

    The ADW Cleaner log:

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.6.0
    # -------------------------------
    # Build: 12-18-2018
    # Database: 2019-01-10.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 01-16-2019
    # Duration: 00:00:00
    # OS: Windows 7 Home Premium
    # Cleaned: 1
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\csastats

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1275 octets] - [16/01/2019 19:50:14]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    And finally the RogueKiller fixlog:

    RogueKiller Anti-Malware V13.0.22.0 (x64) [Jan 14 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
    Started in : Normal mode
    User : Mark [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Standard Scan, Scan -- Date : 2019/01/16 19:55:18 (Duration : 00:09:01)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    >>>>>> O101 - Clsid
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B} -- (Microsoft Corporation) C:\Users\Mark\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\GatewayActiveX-x64.dll -> Found
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_CLASSES_ROOT\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1} -- (Microsoft Corporation) C:\Users\Mark\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\GatewayVersion-x64.exe -> Found
    >>>>>> O87 - Firewall
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2D4B689A-84D8-4DD9-A78E-609E2425E0EA}C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe -- (Microsoft Corporation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| (C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe) -> Found
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CBAB24FD-78FA-4ABF-A5AF-D89E2BD9BCCC}C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe -- (Microsoft Corporation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| (C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe) -> Found
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2D4B689A-84D8-4DD9-A78E-609E2425E0EA}C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe -- (Microsoft Corporation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| (C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe) -> Found
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CBAB24FD-78FA-4ABF-A5AF-D89E2BD9BCCC}C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe -- (Microsoft Corporation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe|Name=pluginhost.exe|Desc=pluginhost.exe|Defer=User| (C:\users\mark\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.282\pluginhost.exe) -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Gen1 (Potentially Malicious)] (folder) PackageAware -- C:\Users\Mark\AppData\Local\PackageAware -> Found
    [PUP.HackTool (Potentially Malicious)] (folder) KMSAuto -- C:\ProgramData\KMSAuto -> Found
    [PUP.Gen1 (Potentially Malicious)] (folder) PackageAware -- C:\Users\Mark\AppData\Local\PackageAware -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you allow RogueKiller to remove what it found?

    ~~~~~~~~~~~~~~

    Not sure why but the entire Fixlog from Farbar Recovery Scan Tool did not post.

    ~~~

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys
    C:\Windows\System32\DRIVERS\ptun0901.sys
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Let's check for remnants

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here
    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    • Then click on POST
    • Exit Malwarebytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 3 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Jan 2019
    Posts
    5

    Default

    Hello again, hopefully we have more luck with Farbar this time:

    Restore point was successfully created.
    HKLM\System\CurrentControlSet\Services\ptun0901 => removed successfully
    ptun0901 => service removed successfully
    C:\Windows\System32\DRIVERS\ptun0901.sys => moved successfully

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 85748748 B
    Java, Flash, Steam htmlcache => 157804769 B
    Windows/system/drivers => 347912 B
    Edge => 0 B
    Chrome => 539618451 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 58558278 B
    systemprofile32 => 68964 B
    LocalService => 0 B
    NetworkService => 293322 B
    Mark => 765486909 B
    Work => 23373 B

    RecycleBin => 1207929 B
    EmptyTemp: => 1.5 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 22:10:02 ====

    I couldn't find any apply action option on Malwarebytes but there was a "quarantine selected" option, not sure if that helps:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/17/19
    Scan Time: 10:14 PM
    Log File: 3d11d888-1aa5-11e9-b00a-74d435d74a2b.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.519
    Update Package Version: 1.0.8840
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Mark-PC\Mark

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 341533
    Threats Detected: 1
    Threats Quarantined: 1
    Time Elapsed: 3 min, 31 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 1
    Generic.Malware/Suspicious, C:\USERS\MARK\DOWNLOADS\KMSAUTO+NET.ZIP, Quarantined, [0], [392686],1.0.8840

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    I couldn't find a "Quarantine Log" section but under logs there was an "export" option, this is what I got from it:

    Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
    OS: Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)

    Forensics log

    Date Component Action Details
    17/01/2019 22:29:08 Scanner Scan finished Scanned 77035 objects and found nothing.
    17/01/2019 22:27:50 User MARK-PC\Mark Scan started Malware Scan
    17/01/2019 22:27:50 User MARK-PC\Mark Setting modified "Detect PUPs" has been changed to "Enabled".
    17/01/2019 22:27:02 User Update Downloaded and installed 64 files (34458 kb) (15 sec.) Application restart notification.
    17/01/2019 22:26:45 User Update Failed with error "Server returned error" (0 sec.).

    Computer is actually running a little smoother now.

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    All sounds good.
    Are the notifications gone?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Jan 2019
    Posts
    5

    Default

    Yes, haven't seen any.

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think your good to go

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *********


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Jan 2019
    Posts
    5

    Thumbs up

    I've run the tool, thanks for all your help!

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.
    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •