Author Topic: Just a check up  (Read 536 times)

0 Members and 1 Guest are viewing this topic.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1577
    • View Profile
Just a check up
« on: January 26, 2019, 01:36:54 PM »
Hello.  :)

My nephew is trying to play his new FIFA 19 game, but he can't, due to a DirectX error. Before posting about his actual problem in another section of the Forum, I would like to provide the FRST's logs here, just to be sure that the computer is clean. It's a good opportunity to have a check on him.


FRST.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019
Ran by MIYIAGI (administrator) on DESKTOP-GG3ORKN (26-01-2019 17:08:20)
Running from C:\Users\MIYIAGI\Desktop
Loaded Profiles: MIYIAGI &  (Available Profiles: MIYIAGI)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United Kingdom)
Default browser: "C:\Program Files (x86)\Pale Moon\palemoon.exe" -osint -url "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-12-15] (ESET)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170539442\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170539754\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2019-01-26] (Electronic Arts)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2019-01-26] (Electronic Arts)
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [1456128 2018-12-29] (Adobe Systems Incorporated)
Startup: C:\Users\MIYIAGI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-04-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.140.213.226 213.140.208.226
Tcpip\..\Interfaces\{24effb65-330c-45c3-be1c-9570c29c3551}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{bb99b8d1-6c09-47e5-9f88-44d3455ad943}: [DhcpNameServer] 213.140.213.226 213.140.208.226

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9rryux65.default
FF ProfilePath: C:\Users\MIYIAGI\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\9rryux65.default [2019-01-26]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\9rryux65.default -> www.google.com
FF NewTab: Moonchild Productions\Pale Moon\Profiles\9rryux65.default -> www.google.com
FF Extension: (Adblock Latitude) - C:\Users\MIYIAGI\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\9rryux65.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2018-04-12] [Legacy] [not signed]
FF Extension: (Lazarus: Form Recovery) - C:\Users\MIYIAGI\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\9rryux65.default\Extensions\lazarus@interclue.com.xpi [2017-12-16] [Legacy]
FF Extension: (Youtube MP3 Podcaster) - C:\Users\MIYIAGI\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\9rryux65.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2018-01-21] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-29] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-15] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677904 2018-12-28] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-12-15] (ESET)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787336 2018-12-06] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-01-26] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-01-26] (Electronic Arts)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [124928 2017-03-09] (ASUS Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-10-28] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107896 2018-10-28] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-19] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-28] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-10-28] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-10-28] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-28] (ESET)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2019-01-04] (Malwarebytes)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31112 2017-05-03] (ASUS)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-26] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-26 17:08 - 2019-01-26 17:09 - 000015178 _____ C:\Users\MIYIAGI\Desktop\FRST.txt
2019-01-26 16:38 - 2019-01-26 16:38 - 002428416 _____ (Farbar) C:\Users\MIYIAGI\Desktop\FRST64.exe
2019-01-26 16:26 - 2019-01-26 16:53 - 000663820 _____ C:\WINDOWS\Minidump\012619-40640-01.dmp
2019-01-26 16:26 - 2019-01-26 16:26 - 535635198 _____ C:\WINDOWS\MEMORY.DMP
2019-01-25 20:39 - 2019-01-25 20:39 - 000000000 ___HD C:\OneDriveTemp
2019-01-23 21:37 - 2019-01-23 21:38 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\GameAnalytics
2019-01-18 20:02 - 2019-01-18 20:02 - 000002563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype για επιχειρήσεις.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-01-18 20:02 - 2019-01-18 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Εργαλεία του Microsoft Office
2019-01-12 21:36 - 2019-01-26 17:04 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-12 21:36 - 2019-01-26 16:30 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-12 21:36 - 2019-01-13 10:00 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-12 21:36 - 2019-01-13 10:00 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-08 21:45 - 2019-01-01 09:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-08 21:45 - 2019-01-01 09:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-08 21:45 - 2019-01-01 08:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-08 21:45 - 2019-01-01 08:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-08 21:45 - 2019-01-01 08:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-08 21:45 - 2019-01-01 08:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-08 21:45 - 2019-01-01 08:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-08 21:45 - 2019-01-01 08:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-08 21:45 - 2019-01-01 08:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-08 21:45 - 2019-01-01 08:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-08 21:44 - 2019-01-01 15:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-08 21:44 - 2019-01-01 15:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-08 21:44 - 2019-01-01 15:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-08 21:44 - 2019-01-01 15:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-08 21:44 - 2019-01-01 15:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-08 21:44 - 2019-01-01 15:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-08 21:44 - 2019-01-01 15:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-08 21:44 - 2019-01-01 15:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-08 21:44 - 2019-01-01 15:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-08 21:44 - 2019-01-01 15:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-08 21:44 - 2019-01-01 09:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-08 21:44 - 2019-01-01 09:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-08 21:44 - 2019-01-01 09:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-08 21:44 - 2019-01-01 09:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-08 21:44 - 2019-01-01 09:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-08 21:44 - 2019-01-01 09:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-08 21:44 - 2019-01-01 09:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-08 21:44 - 2019-01-01 09:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-08 21:44 - 2019-01-01 09:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-08 21:44 - 2019-01-01 09:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-08 21:44 - 2019-01-01 09:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-08 21:44 - 2019-01-01 09:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-08 21:44 - 2019-01-01 09:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-08 21:44 - 2019-01-01 09:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-08 21:44 - 2019-01-01 09:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-08 21:44 - 2019-01-01 09:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-08 21:44 - 2019-01-01 09:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-08 21:44 - 2019-01-01 09:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-08 21:44 - 2019-01-01 08:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-08 21:44 - 2019-01-01 08:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-08 21:44 - 2019-01-01 08:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-08 21:44 - 2019-01-01 08:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-08 21:44 - 2019-01-01 08:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-08 21:44 - 2019-01-01 08:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-08 21:44 - 2019-01-01 08:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-08 21:44 - 2019-01-01 08:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-08 21:44 - 2019-01-01 08:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-08 21:44 - 2019-01-01 08:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-08 21:44 - 2019-01-01 08:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-08 21:44 - 2019-01-01 08:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-08 21:44 - 2019-01-01 08:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-08 21:44 - 2019-01-01 08:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-08 21:44 - 2019-01-01 08:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-08 21:44 - 2019-01-01 08:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-08 21:44 - 2019-01-01 08:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-08 21:44 - 2019-01-01 08:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-08 21:44 - 2019-01-01 08:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-08 21:44 - 2019-01-01 08:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-08 21:44 - 2019-01-01 08:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-08 21:44 - 2019-01-01 08:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-08 21:44 - 2019-01-01 08:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-08 21:44 - 2019-01-01 08:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-08 21:44 - 2019-01-01 08:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-08 21:44 - 2019-01-01 08:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-08 21:44 - 2019-01-01 08:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-08 21:44 - 2019-01-01 08:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-08 21:44 - 2019-01-01 08:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-08 21:44 - 2019-01-01 08:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-08 21:44 - 2019-01-01 08:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-08 21:44 - 2019-01-01 08:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-08 21:44 - 2019-01-01 08:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-08 21:44 - 2019-01-01 08:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-08 21:44 - 2019-01-01 08:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-08 21:44 - 2019-01-01 08:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-08 21:44 - 2019-01-01 08:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-08 21:44 - 2019-01-01 08:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-08 21:44 - 2019-01-01 08:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-08 21:44 - 2019-01-01 08:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-08 21:44 - 2019-01-01 08:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-08 21:44 - 2019-01-01 08:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-08 21:44 - 2019-01-01 08:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-08 21:44 - 2019-01-01 08:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-08 21:44 - 2019-01-01 08:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-08 21:44 - 2019-01-01 08:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-08 21:44 - 2019-01-01 08:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-08 21:44 - 2019-01-01 07:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-08 21:44 - 2018-12-19 06:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-04 19:45 - 2019-01-04 19:45 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-03 21:22 - 2019-01-03 21:22 - 000000000 ____D C:\Users\MIYIAGI\ansel
2019-01-03 18:03 - 2019-01-03 18:03 - 000000000 ____D C:\steam
2019-01-03 18:00 - 2019-01-03 18:00 - 000000000 ____D C:\Users\MIYIAGI\Documents\AFS-a320f3-FSX-Steam-1
2019-01-02 20:25 - 2019-01-02 20:25 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-01-02 20:25 - 2017-09-14 01:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-01-02 20:25 - 2017-09-14 01:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-01-02 20:25 - 2017-09-14 01:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-01-02 20:25 - 2017-09-14 01:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-01-02 19:09 - 2017-12-04 21:19 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-12-31 19:38 - 2019-01-26 17:04 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-12-31 19:38 - 2018-12-31 19:38 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-12-31 19:35 - 2017-12-04 20:32 - 005964688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-12-31 19:35 - 2017-12-04 20:32 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-12-31 19:35 - 2017-12-04 20:32 - 001767408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-12-31 19:35 - 2017-12-04 20:32 - 000609312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-12-31 19:35 - 2017-12-04 20:32 - 000450352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-12-31 19:35 - 2017-12-04 20:32 - 000123888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-12-31 19:35 - 2017-12-04 20:32 - 000082736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-12-31 19:35 - 2017-11-27 14:52 - 007874971 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-12-31 19:34 - 2017-12-12 20:34 - 000541456 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-12-31 19:34 - 2017-12-12 20:34 - 000447248 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-12-30 17:05 - 2018-09-05 00:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-12-30 16:27 - 2019-01-26 16:35 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\CrashDumps
2018-12-30 14:47 - 2018-12-30 16:11 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\NVIDIA Corporation
2018-12-30 14:47 - 2018-12-30 14:47 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-12-30 14:47 - 2018-12-30 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-12-30 14:47 - 2018-12-06 12:11 - 002865032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-12-30 14:47 - 2018-12-06 12:11 - 002264968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-12-30 14:47 - 2018-12-06 12:11 - 001323400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-12-30 14:47 - 2018-12-06 11:20 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-12-30 14:47 - 2018-10-04 14:33 - 000203760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-12-30 14:47 - 2018-10-04 14:33 - 000179696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-12-30 14:46 - 2018-10-01 20:47 - 000070024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-12-30 14:46 - 2018-10-01 17:47 - 000074576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-12-30 14:05 - 2018-12-31 19:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-12-30 12:59 - 2018-12-31 18:20 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\D3DSCache
2018-12-30 12:57 - 2018-12-30 12:57 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\mbam
2018-12-30 12:53 - 2019-01-04 19:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-30 12:53 - 2018-12-30 12:53 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\mbamtray
2018-12-30 12:53 - 2018-12-30 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-30 12:52 - 2018-12-30 12:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-30 12:49 - 2018-12-30 12:48 - 000000031 _____ C:\ProgramData\mb-licenseinfo.txt
2018-12-30 12:08 - 2019-01-26 17:08 - 000000000 ____D C:\FRST
2018-12-30 11:46 - 2019-01-11 16:52 - 000000000 ____D C:\Users\MIYIAGI\Desktop\power points
2018-12-30 11:46 - 2018-12-30 11:46 - 000000000 ____D C:\Users\MIYIAGI\Desktop\fifa
2018-12-30 11:45 - 2018-12-30 11:46 - 000000000 ____D C:\Users\MIYIAGI\Desktop\gsx
2018-12-29 16:19 - 2018-12-29 16:19 - 000000000 ____D C:\Users\MIYIAGI\Documents\FIFA 19
2018-12-28 22:48 - 2018-12-28 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 19

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-26 17:07 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-26 17:07 - 2017-12-16 11:10 - 000000000 ___RD C:\Users\MIYIAGI\OneDrive
2019-01-26 17:06 - 2017-12-16 13:41 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-26 17:06 - 2017-12-16 11:26 - 000000000 ____D C:\ProgramData\MCShield
2019-01-26 17:05 - 2017-12-16 13:43 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2019-01-26 17:04 - 2018-06-14 10:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-26 17:04 - 2018-06-14 09:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-26 17:04 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-26 17:04 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-26 17:04 - 2017-12-16 12:00 - 000000000 __SHD C:\Users\MIYIAGI\IntelGraphicsProfiles
2019-01-26 16:53 - 2017-12-27 18:40 - 000000000 ____D C:\Users\MIYIAGI\AppData\Roaming\Origin
2019-01-26 16:52 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-26 16:40 - 2017-12-27 18:42 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-01-26 16:40 - 2017-12-27 18:34 - 000000000 ____D C:\ProgramData\Origin
2019-01-26 16:39 - 2017-12-27 18:40 - 000000000 ____D C:\Program Files (x86)\Origin
2019-01-26 16:26 - 2018-06-23 13:58 - 000000000 ____D C:\WINDOWS\Minidump
2019-01-25 20:52 - 2018-03-14 10:15 - 000000000 ____D C:\Users\MIYIAGI\Documents\Flight Simulator X Files
2019-01-25 20:43 - 2017-12-16 14:53 - 000000000 ____D C:\Program Files (x86)\Steam
2019-01-25 20:39 - 2018-03-04 13:41 - 000000000 ____D C:\Users\MIYIAGI\Documents\Euro Truck Simulator 2
2019-01-25 20:38 - 2018-06-14 10:08 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2248044027-1193708394-682536330-1001
2019-01-25 20:38 - 2018-06-14 09:45 - 000002369 _____ C:\Users\MIYIAGI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-23 21:39 - 2017-12-17 10:53 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\Fernbus
2019-01-23 21:37 - 2017-12-17 10:53 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\UnrealEngine
2019-01-23 21:36 - 2017-12-17 10:50 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-20 17:38 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-19 12:32 - 2017-12-16 15:03 - 000000000 ____D C:\Users\MIYIAGI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-01-18 20:00 - 2017-12-16 12:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-18 19:31 - 2018-11-17 19:48 - 000000000 ____D C:\Program Files\rempl
2019-01-13 10:00 - 2018-06-14 09:45 - 000000000 ____D C:\Users\MIYIAGI
2019-01-12 21:34 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-11 16:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-11 16:40 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-10 19:26 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-09 21:08 - 2017-12-16 12:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 21:04 - 2017-12-16 12:04 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-05 10:31 - 2017-12-16 11:27 - 000000000 ____D C:\Users\MIYIAGI\AppData\Roaming\vlc
2019-01-02 21:41 - 2018-07-12 21:11 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 21:41 - 2018-07-12 21:11 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-02 20:25 - 2017-12-16 11:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-01-02 19:09 - 2017-12-16 11:23 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-01-02 19:05 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-31 19:38 - 2017-12-16 12:00 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-12-31 19:35 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Help
2018-12-31 19:23 - 2017-12-16 11:23 - 000000000 ____D C:\Program Files (x86)\Intel
2018-12-31 18:03 - 2018-06-14 12:20 - 000519726 _____ C:\WINDOWS\system32\perfh008.dat
2018-12-31 18:03 - 2018-06-14 12:20 - 000085604 _____ C:\WINDOWS\system32\perfc008.dat
2018-12-31 18:03 - 2018-06-14 09:59 - 001372554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-30 17:03 - 2017-12-16 14:01 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\ElevatedDiagnostics
2018-12-30 16:27 - 2017-12-16 11:07 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\Packages
2018-12-30 14:49 - 2017-12-16 13:43 - 000000000 ____D C:\Users\MIYIAGI\AppData\Local\NVIDIA
2018-12-30 12:48 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-29 16:53 - 2018-06-14 10:08 - 000004592 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-29 16:53 - 2018-06-14 10:08 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-12-29 16:53 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-29 16:53 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-28 22:48 - 2017-12-27 20:14 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-12-28 21:09 - 2017-12-27 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-12-27 18:28 - 2018-10-01 21:03 - 000000000 ____D C:\Users\MIYIAGI\AppData\Roaming\Virtuali

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-14 09:38

==================== End of FRST.txt ============================

Keep on keeping on!

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1577
    • View Profile
Re: Just a check up
« Reply #1 on: January 26, 2019, 01:37:32 PM »
ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019
Ran by MIYIAGI (26-01-2019 17:10:52)
Running from C:\Users\MIYIAGI\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-06-14 08:09:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2248044027-1193708394-682536330-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2248044027-1193708394-682536330-503 - Limited - Disabled)
DR_WH (S-1-5-21-2248044027-1193708394-682536330-1003 - Limited - Disabled)
Guest (S-1-5-21-2248044027-1193708394-682536330-501 - Limited - Disabled)
miyia (S-1-5-21-2248044027-1193708394-682536330-1002 - Limited - Disabled)
MIYIAGI (S-1-5-21-2248044027-1193708394-682536330-1001 - Administrator - Enabled) => C:\Users\MIYIAGI
WDAGUtilityAccount (S-1-5-21-2248044027-1193708394-682536330-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 beta (HKLM-x32\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
aerosoft's - Larnaca X (HKLM-x32\...\{EB55D6FB-C343-42F3-8242-440AE900D1FA}) (Version: 1.00 - aerosoft)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
FIFA 17 DEMO (HKLM-x32\...\{39C00B2C-EA3C-4A6B-AECF-DADA0F09C2AE}) (Version: 1.0.45.26330 - Electronic Arts)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.59.24135 - Electronic Arts)
FSDreamTeam GSX version 2.5.0.9 (HKLM-x32\...\FSDreamTeam GSX_is1) (Version: 2.5.0.9 - VIRTUALI Sagl)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - el-gr (HKLM\...\O365ProPlusRetail - el-gr) (Version: 16.0.10730.20264 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.3.0.6912 - Mozilla)
Mozilla Thunderbird 60.3.3 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.3.3 (x86 en-US)) (Version: 60.3.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.34.21025 - Electronic Arts, Inc.)
Pale Moon 28.2.2 (x86 en-US) (HKLM-x32\...\Pale Moon 28.2.2 (x86 en-US)) (Version: 28.2.2 - Moonchild Productions)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
SimObject Display Engine (HKLM-x32\...\{D8051A82-3D00-44E0-995D-C5E79837E26F}) (Version: 1.6.3 - 12bPilot)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-12-15] (ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-12-15] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-12-15] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00130759-230D-4AE4-9BDF-7F904F3ED392} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
Task: {139FAD9E-E96A-46B9-929F-80D53D323D97} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-29] (Adobe Systems Incorporated)
Task: {194D2AF7-4459-4952-B546-92105D686184} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-12-06] (NVIDIA Corporation)
Task: {19795931-7671-468B-96DC-88EC2CCA2313} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-28] (Microsoft Corporation)
Task: {23C13BE4-EB2C-4B5D-954B-5D00D7127E67} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {2B833B9E-7FFD-4AFE-AC00-72B62EA67535} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-12-06] (NVIDIA Corporation)
Task: {434BBCF7-C05F-46AA-AF29-92E48125BF7B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-28] (Microsoft Corporation)
Task: {43D151BB-9443-4968-B065-43BE04AA444B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2019-01-18] (Microsoft Corporation)
Task: {459DC4DE-3EFD-4C12-A2E5-17875622ACFF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation)
Task: {4AB94F1C-0B36-4925-99EE-4498259DE5AE} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
Task: {6154A5BD-9023-4A4C-B5D9-639EAA46D96F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2019-01-18] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7FCF2E97-3B2D-4E48-AB6A-FAB064162DCF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
Task: {83D607D7-2C5C-436C-88D7-44CCCE29F8EB} - System32\Tasks\SUPERAntiSpyware Scheduled Task 40bd801c-e771-46df-8ddc-6dc36d6b0b18 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {97285672-DD35-405C-A976-0064A8754273} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-06] (NVIDIA Corporation)
Task: {A3CD501E-160F-4AFB-A6B5-454213BE72FC} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {A60C13C2-F650-448D-BDF0-721AC478080A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-12-06] (NVIDIA Corporation)
Task: {AD3F5191-CE94-4E88-A909-D5D254BC632D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
Task: {AF8216BB-27B1-4C1B-A710-85540494902F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-12-06] (NVIDIA Corporation)
Task: {C005AF5E-19AB-430C-BED2-8BD9A49F172F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {CFCE8AB7-D76C-4AE2-B77E-8E96276EF982} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2019-01-18] (Microsoft Corporation)
Task: {D05DBD5B-4934-4FCB-9542-ADA751C6FCDA} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {D1A84BE2-1D3B-443D-92EA-4C09326099B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2019-01-18] (Microsoft Corporation)
Task: {D6CAEA52-6A42-4A3C-855F-A41A8CCFC0A8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-18] (Microsoft Corporation)
Task: {D7930D38-2678-4775-96F0-BA28178C7F6D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation)
Task: {D7C04E97-E0F4-4EAA-8E23-01A7735A5AC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-29] (Adobe Systems Incorporated)
Task: {DEC994FA-9B34-43C3-A201-CFACE9208DD7} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-12-06] (NVIDIA Corporation)
Task: {E3CB73F0-A41B-46FC-935F-7B8C6AFC4DAB} - System32\Tasks\SUPERAntiSpyware Scheduled Task dfc3118c-7c34-43bb-bc3b-3964f3cf705c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 40bd801c-e771-46df-8ddc-6dc36d6b0b18.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dfc3118c-7c34-43bb-bc3b-3964f3cf705c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-30 14:47 - 2018-12-06 12:11 - 001315208 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-12-30 12:53 - 2019-01-04 19:44 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-12-30 12:53 - 2019-01-04 19:44 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-11-30 21:57 - 2016-11-30 21:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-15 13:50 - 2018-11-09 04:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-08 21:44 - 2019-01-01 08:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-06 15:52 - 2018-11-06 15:53 - 000070144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-10-09 20:48 - 2018-10-09 20:49 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2019-01-23 20:53 - 2019-01-23 20:58 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-07-11 07:39 - 2018-07-11 07:39 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-04 16:16 - 2018-10-04 16:22 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-23 20:53 - 2019-01-23 20:58 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-06-15 08:55 - 2018-06-08 11:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-15 08:55 - 2018-06-08 11:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2017-09-29 15:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2018-01-14 10:47 - 2018-01-14 10:47 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170539442\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170539754\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MIYIAGI\Pictures\Keep_calm.jpg
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\Control Panel\Desktop\\Wallpaper -> C:\Users\MIYIAGI\Pictures\Keep_calm.jpg
DNS Servers: 213.140.213.226 - 213.140.208.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "NvBackend"
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2248044027-1193708394-682536330-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2248044027-1193708394-682536330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262019170540051\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A1ECFB3D-184D-4BA7-AEAF-A35DF780DF63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Airport Madness 3D 2\Airport Madness 3D 2.exe ()
FirewallRules: [{07C34415-3797-47AC-BEBA-C2630D2B764A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Airport Madness 3D 2\Airport Madness 3D 2.exe ()
FirewallRules: [{6D463132-B024-4B5A-9036-E9AC00560F58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Subways 2 – Berlin Line 7\WoS.exe (TML-Edition)
FirewallRules: [{4DBAD3A2-4722-48D2-AD24-0D48F4023420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Subways 2 – Berlin Line 7\WoS.exe (TML-Edition)
FirewallRules: [{C633ABB0-1132-450D-87A4-BE72107E496D}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 17 DEMO\FIFASetup\fifaconfig.exe (Electronic Arts)
FirewallRules: [{32654378-5297-40A1-B444-883700DB9A41}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 17 DEMO\FIFASetup\fifaconfig.exe (Electronic Arts)
FirewallRules: [{DC04AC69-DA06-43CB-A7A3-4B4CE1184F5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Subways 3 – London Underground Circle Line\Bin\WOS3.exe ()
FirewallRules: [{2E98D75D-C0F7-46D5-980B-26A55F61FCA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Subways 3 – London Underground Circle Line\Bin\WOS3.exe ()
FirewallRules: [{DA3F84A6-469A-494E-A274-867D325CBA01}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Corporation)
FirewallRules: [{84CC1A57-E919-4368-81A7-B7E325B533F0}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Corporation)
FirewallRules: [{50841541-28C0-45F0-BDA0-8D0456F24CBE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Corporation)
FirewallRules: [{E096456A-8319-4718-86AF-F433AC2320C8}] => (Allow) E:\SteamLibrary\steamapps\common\FSX\fsx.exe No File
FirewallRules: [{970C8760-CDED-45B0-9658-931B04A13ABB}] => (Allow) E:\SteamLibrary\steamapps\common\FSX\fsx.exe No File
FirewallRules: [{4EA5D9F8-7475-4A04-91D6-4D5FEC03AE57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tower 3D Pro\tower3d.exe ()
FirewallRules: [{63A6ECDC-96DD-419F-AA4C-07F08620885F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tower 3D Pro\tower3d.exe ()
FirewallRules: [{93A44989-D7F2-4B89-ADDF-58109C80CA7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OMSI 2\Omsi.exe (MR-Software)
FirewallRules: [{320DAA77-275A-4612-AB74-DCA661AFE3C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OMSI 2\Omsi.exe (MR-Software)
FirewallRules: [{21035607-D33D-450A-A139-732847F773AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{0F45164F-CFCA-43A2-AAA4-F8F8AF88C700}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{26DFD4EF-337A-4DAC-ACD0-4155CEA46E0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{90E47CBD-6F3F-4335-A56D-49833C916E6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{9CAE8C17-27E5-42BF-ACB1-D2FE542ACA72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments)
FirewallRules: [{ECF3BA31-76AD-4116-ACAB-EABDD0DDC18E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments)
FirewallRules: [{DF57BBEC-F6D1-4FF8-8E71-4B0E51E8F62F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe ()
FirewallRules: [{8AA6722E-87DF-46F4-9E07-A95B5B016735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe ()
FirewallRules: [{54A70455-C60E-44A3-B5CA-A0BEA95429D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bus Simulator 16\BusSimulator16.exe ()
FirewallRules: [{922870D3-38A5-4821-8550-E903072A8B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bus Simulator 16\BusSimulator16.exe ()
FirewallRules: [{EC947E6E-3516-4DEC-B1D2-E204A0F18123}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{EE6CC1B7-75AA-49F4-ABA6-E7232BC57229}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{DAD7663E-F6DA-4729-8056-0B7AF8A0C084}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{31CD97AA-9861-4737-96C1-505E1E6FEE7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{D264AC08-628E-4831-A73B-BCEB06CA9ED4}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe (Electronic Arts Canada)
FirewallRules: [{4292E8F9-3B27-49B3-B22F-0E6F84692E7C}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe (Electronic Arts Canada)
FirewallRules: [{AAFC4351-3C76-4C9F-BA6E-A57B3689EE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\European Ship Simulator\ess.exe ()
FirewallRules: [{C8580DC3-432A-4FB7-A3A1-E091DAF0C805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\European Ship Simulator\ess.exe ()
FirewallRules: [{969CC4B7-374F-40C7-81B1-35F32C19008E}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Moonchild Productions)
FirewallRules: [{49BAA691-82BC-4C31-A5CA-BBBA4D723F94}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Moonchild Productions)
FirewallRules: [{50E24699-497B-4728-97C2-8E5E45ECC937}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe (Microsoft Corp.)
FirewallRules: [{522B2D9B-2AB0-4188-B0A1-18A8F5A66500}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe (Microsoft Corp.)
FirewallRules: [{9EC0451D-73B3-483A-B339-DC0931027654}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{47346979-DE8A-4FA3-BA53-73663474FA69}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{68496B8A-2FF4-4F35-9F97-D5F3C9D6BCC5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{3F9E6830-89AB-4A23-A35D-BCAB362B7587}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{82FBFCF3-20B7-4DAD-BB14-971C9EB8DBEC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{DF9EE03E-FDA4-4F82-9B29-5914D32DFAF8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{A2F1A044-4C72-4E9A-9DF9-543FB0535EC8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{39A7BE52-F642-4544-A8F2-52C005BEBBFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe ()
FirewallRules: [{AB1A9006-A189-4CEA-ABCF-C5B3230B6038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe ()
FirewallRules: [{175E8F82-29AF-42D2-A740-747A62EFB159}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{DC98987E-FC62-4D5C-BD3F-94ECD38A9028}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{E184E3DD-F3DC-4779-872E-8DA8AA5DA4AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{7A67623E-90B5-4949-BA6B-4C96859DE0EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{35C6FCD7-A257-44CE-B898-6276B9D92CBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{8ACD76DD-CDB9-47B0-A8AF-BCBB2398939F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{F4BABDA7-424E-4F82-8DBF-E0F734BC755F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{91ADA151-4F64-49A0-BC0B-BCF52AE4456A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify Ltd)
FirewallRules: [{1F0F946F-97BE-4C66-9083-F0F4D857CACF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready for Take off\rfto.exe ()
FirewallRules: [{AA3CC271-4C47-4DB5-B3E7-CD4057784D3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready for Take off\rfto.exe ()
FirewallRules: [{D44EF0D6-B9DC-4DC7-B54D-F15CC5D9F7C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{CC82FDF9-FC21-4D32-8DB6-A3F4F412B2D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{A9624146-57C5-4FEA-8D3E-B3DCB65DCA8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{04608615-48B1-4750-B167-CF7B2B2C515C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
FirewallRules: [{F2F74F8A-DF72-4474-9A61-02202486271F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{0DE77549-C80D-4EFA-AE97-59DFC524FAB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation)
FirewallRules: [{6AAACF2D-A3E9-49E9-A888-8F9197986E58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{2E405B27-6F34-4C80-8304-4DDCC756A341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{923AA809-D38A-487D-B388-59D7A5B78AB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{ED46A2F7-9316-43CB-A1ED-6B73A604B7C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{B4125CB2-DBBD-4C7C-938D-762B4DD1FBA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fernbus Simulator\Fernbus\Binaries\Win64\Fernbus-Win64-Shipping.exe ()
FirewallRules: [{6BDB0089-AAFD-4189-AAFE-93AF4282249F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fernbus Simulator\Fernbus\Binaries\Win64\Fernbus-Win64-Shipping.exe ()
FirewallRules: [{B388701F-E360-4AFF-BF65-4D9A348987AC}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 19\FIFASetup\fifaconfig.exe (Electronic Arts)
FirewallRules: [{2F9F1BC1-72B7-46C5-B67C-104A4E849BD3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 19\FIFASetup\fifaconfig.exe (Electronic Arts)

==================== Restore Points =========================

18-01-2019 19:26:53 Windows Update
23-01-2019 21:35:03 UE4 Prerequisites (x64)
26-01-2019 16:50:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2019 04:59:16 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   Insufficient quota to complete the requested service.  (HRESULT : 0x800705ad) (0x800705ad)

Error: (01/26/2019 04:52:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/26/2019 04:50:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/26/2019 04:34:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.17134.1, time stamp: 0x5ace103a
Faulting module name: Windows.UI.Shell.SharedUtilities.dll, version: 10.0.17134.1, time stamp: 0x5acd896e
Exception code: 0xc0000005
Fault offset: 0x0000000000001eb6
Faulting process ID: 0x1db0
Faulting application start time: 0x01d4b5834b7b31fe
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
Report ID: 48e103d2-4129-4bdb-8ab6-714204dd3366
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (01/26/2019 04:32:48 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/25/2019 08:45:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 8.37.0.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 14c4

Start Time: 01d4b3eab3a83ba1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: 5e340833-b03b-4003-95af-47ca82abbdcf

Faulting package full name: Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (01/24/2019 03:50:37 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/23/2019 09:37:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet


System errors:
=============
Error: (01/26/2019 05:10:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2019 05:07:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GG3ORKN)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user DESKTOP-GG3ORKN\MIYIAGI SID (S-1-5-21-2248044027-1193708394-682536330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2019 05:07:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GG3ORKN)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user DESKTOP-GG3ORKN\MIYIAGI SID (S-1-5-21-2248044027-1193708394-682536330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2019 05:07:39 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GG3ORKN)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user DESKTOP-GG3ORKN\MIYIAGI SID (S-1-5-21-2248044027-1193708394-682536330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2019 05:07:38 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GG3ORKN)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user DESKTOP-GG3ORKN\MIYIAGI SID (S-1-5-21-2248044027-1193708394-682536330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2019 05:04:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/26/2019 05:04:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/26/2019 05:04:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-12-30 12:49:11.452
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-12-30 12:49:11.452
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-12-30 12:49:11.452
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-12-30 12:49:11.331
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.48.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-06-14 11:13:11.703
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-14 11:13:06.698
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-14 11:12:41.628
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-14 11:12:41.588
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-14 11:12:41.588
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-14 11:12:41.586
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 56%
Total physical RAM: 3979.4 MB
Available physical RAM: 1743.79 MB
Total Virtual: 5963.4 MB
Available Virtual: 3943.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.5 GB) (Free:234.18 GB) NTFS

\\?\Volume{bd18f017-7cde-4ab2-852f-9d272d5d9bf5}\ () (Fixed) (Total:20.01 GB) (Free:19.53 GB) NTFS
\\?\Volume{97202329-076a-44d5-ad4b-03b3dd6c355c}\ () (Fixed) (Total:0.24 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 36F244C3)

Partition: GPT.

==================== End of Addition.txt ============================
Keep on keeping on!

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Just a check up
« Reply #2 on: January 26, 2019, 05:10:39 PM »
Hi, Panos.

Your nephew's computer looks good.  There are a few outdated programs and some "no file" items but not seeing any malware. 

1.  The following programs need to be updated:
  •   Adobe Flash Player (Note:  Flash Player update is disabled in Task Manager, which we'll remove with FRST)
  •   Pale Moon
  •   Thunderbird
2.  Please double-check that the Windows Firewall is disabled.  FRST shows that he is using the ESET Firewall however "Other Areas" of the log lists "Windows Firewall is enabled."

3.  The actual issue he is facing is being unable to play his new FIFA 19 game due to a DirectX error.  This is most likely due to needing to update the nVidia driver.  To check for an update, do the following (after creating a system restore point ;) ):
  •   Open Control Panel > Device Manager and expand "Display adapters". 
  •   Right-click the nVidia driver and select "Update driver".
  •   If no driver, note the full name of the nVidia driver and locate the latest driver at https://www.nvidia.com/Download/index.aspx?lang=en-us that matches product type and OS.
4.  Finally, just a bit of cleanup with FRST.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{E096456A-8319-4718-86AF-F433AC2320C8}] => (Allow) E:\SteamLibrary\steamapps\common\FSX\fsx.exe No File
FirewallRules: [{970C8760-CDED-45B0-9658-931B04A13ABB}] => (Allow) E:\SteamLibrary\steamapps\common\FSX\fsx.exe No File
FirewallRules: [{EC947E6E-3516-4DEC-B1D2-E204A0F18123}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{EE6CC1B7-75AA-49F4-ABA6-E7232BC57229}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1577
    • View Profile
Re: Just a check up
« Reply #3 on: January 26, 2019, 05:57:17 PM »
Thank you, Corrine.  :)

1. Updates done.

2. Windows Firewall was enabled. I disabled it but now it says that the computer is vulnerable (although it shows Eset as the firewall provider).

3. No luck with the nVidia updates. Actually it says that the computer has the latest drivers.

4. The FRST fix:

Code: [Select]
Fix result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019
Ran by MIYIAGI (26-01-2019 21:33:51) Run:2
Running from C:\Users\MIYIAGI\Desktop
Loaded Profiles: MIYIAGI &  (Available Profiles: MIYIAGI)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{E096456A-8319-4718-86AF-F433AC2320C8}] => (Allow) E:\SteamLibrary\steamapps\common\FSX\fsx.exe No File
FirewallRules: [{970C8760-CDED-45B0-9658-931B04A13ABB}] => (Allow) E:\SteamLibrary\steamapps\common\FSX\fsx.exe No File
FirewallRules: [{EC947E6E-3516-4DEC-B1D2-E204A0F18123}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{EE6CC1B7-75AA-49F4-ABA6-E7232BC57229}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
ContextMenuHandlers1-x32: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6-x32: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6-x32: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E096456A-8319-4718-86AF-F433AC2320C8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{970C8760-CDED-45B0-9658-931B04A13ABB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC947E6E-3516-4DEC-B1D2-E204A0F18123}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE6CC1B7-75AA-49F4-ABA6-E7232BC57229}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18044005 B
Java, Flash, Steam htmlcache => 69599681 B
Windows/system/drivers => 17150384 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 29104 B
LocalService => 0 B
NetworkService => 3628 B
NetworkService => 0 B
MIYIAGI => 128864272 B

RecycleBin => 116606863 B
EmptyTemp: => 342.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:35:59 ====
Keep on keeping on!

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1577
    • View Profile
Re: Just a check up
« Reply #4 on: January 26, 2019, 06:15:31 PM »
I tried to modify the post, but the time passed.

I noticed this Windows notification after the game crashes:

Application FIFA19.exe has been blocked from accessing Graphics hardware.


Keep on keeping on!

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Just a check up
« Reply #5 on: January 26, 2019, 06:19:52 PM »
There is a long thread about the DirectX error here:  Solved: FIFA 19 Directx Error (DXGI_ERROR_DEVICE_REMOVED) - Answer HQ

This is what I found for the "FIFA 19 application has been blocked from accessing graphics hardware":  FIFA 19 out of memory issue - Your computer is low on memory - DX function "GetDeviceRemovedReason" - directX crash Fix all errors


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Just a check up
« Reply #6 on: January 26, 2019, 06:41:23 PM »
Follow-up:  It may be necessary to update DirectX.  To see what version of DirectX is installed on his computer, see How to install the latest version of DirectX.  It appears that FIFA 19 requires DirectX11.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1552
    • View Profile
Re: Just a check up
« Reply #7 on: January 26, 2019, 06:48:05 PM »
Corrine these files are for Microsoft flight sim

\SteamLibrary\steamapps\common\FSX\fsx.exe




Paddy 
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1577
    • View Profile
Re: Just a check up
« Reply #8 on: January 26, 2019, 06:54:50 PM »
Follow-up:  It may be necessary to update DirectX.  To see what version of DirectX is installed on his computer, see How to install the latest version of DirectX.  It appears that FIFA 19 requires DirectX11.

The computer has DirectX12. Perhaps it's the game that has the problem, based on some users' replies in the links above. I don't know. Ronaldo just appears in the screen, and then either the message appears or it just stays loading and loading.

Paddy: I think that this is not an issue, as they are in E drive.
Keep on keeping on!