Jump to content

Search the Community

Showing results for tags 'rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello, My name is Ethan and I'd like to request help with malware/rootkit/ad/etc removal. To give you some background, I recently got infected with THIS file. It changed my browser, redirected pages to "eatyellowmango. com", changed file names to ".bat", installed bitcoin miners, 100% CPU usage, and much worse. After 10+ hours of running every AV program I knew, it's mostly gone; but I'm still having issues with what I believe is "Adware.Yelloader" and rootkit(s). I've also gotten a BSOD message three times, saying "irql_not_less_or_equal", but that stopped now. So far, I've ran the following programs: Rkill, Malwarebytes, Chameleon, Zemana, AdwCleaner, HitmanPro, SUPERAntiSpyware, Webroot SecureAnywhere, AVG, Avast, ESET Online Scanner, Sophos, EmsisoftEmergencyKit, Defogger, MiniToolBox, FRST (Logs), and FixTDSS (Unsuccessful) - and I plan to run TronScript soon. (I also ran these programs in SafeMode w/ Network) Everything seems to be normal now, except that I'm having problems running TDSSkiller, JRT, ComboFix, Malwarebytes Anti-Rootkit (Missing DDA driver + "The system inaccessible seems inaccessible or encrypted. Scan cant continue"), BitDefender, and some other normal programs such as Razer Synapse. They ask for admin privileges, but they never open afterwords. While I'm not very experienced on this topic, I believe it may be a program/virus denying me access. I'm willing to simply wipe my drives (SSD w/ win10, HDD for storage), but that's the last resort. If you could help, I'd greatly appreciate it. Thank you to anyone who reads/replies to my thread! Addition.txt FRST.txt MB Scan.txt
  2. the windows 10 exploit for the creators edition. Just reinstalled windows and didn't want to restart but it did on its own. but just need help removing it and then getting it off my MacBook air which currently doesn't want to reinstall its OS X FRST.txt MBAMex.txt Addition.txt
  3. Rootkit.Fileless.MTgen, is showing up on every MBAM scan for me, one entry for the registry key, another for the value. MBAM fails to remove it every time i try, i've tried just about everything, any help is appreciated.
  4. First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
  5. After doing a scan with Malwarebytes on 9/20/17 it detected a rootkit and said I needed to restart in order to quarantine it. My computer then froze when restarting it and now my audio drivers don't work, says that my audio devices aren't installed and that it can't be loaded in the device manager. It's listed as High Definition Audio Controller in the Device manager. Updating it does nothing, says that it's already installed. I've also reinstalled the audio software. Please help. Log File.txt
  6. I have a friend who says that their PC was hacked and subsequently infected. Their firewall doesn't work, their PC is running incredibly slow, their antivirus is gone, and they can't download or install anything. They also run Windows 7 Ultimate if that helps with anything. They did tell me that, if nothing else works, they have no problem with formatting (however I'd prefer that to be a last resort if possible). Despite not being able to download anything I had them attempt to download Farbar to see if that would work at all. They were able to download FRST using a download manager so we're getting somewhere. They're still unable to install any programs, but they can at least use the download manager to download things. I also wanted to note that my friend and I can only communicate online at the moment, though we can still send files to each other just fine. I'm only mentioning this in case it's of any importance. Here are the Farbar logs: FRST.txt Addition.txt
  7. Hello, I have a problem with my computer in which there is a virus that is supported by a rootkit. This rootkit always says "requested source is in use" and this is the problem that prevents me from opening any kind of antivirus or even some other programs. The problems/virus's are: svcvmx, tprdpw64, mediatek_86, and the rootkit is ndistpr64.sys. Thank you in advance, Aleiv (A.K.A. Alex)
  8. Been dealing with this for a couple days to no avail...I first noticed a problem when I tried to run or install any AV, I got a "requested resource is in use" error across the board. I cannot open ANY version, including beta, of Malwarebytes, it shows that error. I followed this page to get anywhere, helped a little. I've tried every anti-malware and AV that I could open, so I've attached reports from Zemana, GMER, RKill, and aswMBR (tried to just burn the forest down). I cannot get Windows Defender Offline to work, I put in on a flash drive and booted it but it can't update. I DLd their update executable, ran it, still didn't work. I think I've found the main source of all this nastiness, a .sys file in my drivers folder that was created 7 days ago, has no search results on Google, and that I can't even touch. Can't modify it in any way, including permissions or killing it. ataqkjql.sys. The only progress I've made with it was that I "unloaded" it with PC Hunter, not sure what that means though and I still can't touch it after unloading it. I can't do some system things; Can't boot into diagnostic startup (when I select the radio button and hit Apply it selects the normal button), couple other things but I can't remember right now... I would REALLY like to fix it, I can't reinstall the OS because MS killed updates for my processor (bastards), and I refuse to get Win 10, and I never created any restore point unfortunately. Worst case I'll have to go with Linux. So any help at all would be really appreciated, thanks. GMER log.log aswMBR.txt Rkill.txt 2017.08.26-08.31.52-i0-t92-d1.txt 2017.08.25-23.31.11-i0-t92-d6.txt 2017.08.25-23.28.59-i0-t92-d6.txt
  9. I have the exact same problem as described on this thread. After quarantining the so called "virus", audio drivers are no longer working.
  10. My pc will not enter safe mode, wont allow me to reset it, and wont install malwarebytes and gives me an error when i use the malwarebytes rootkit removal. Any help is greatly appreciated. Here is my FRST note pad information. When i try to use "fix" Any help is greatly appreciated. FRST also says no txt found and it has to be in the same place as FRST, but they are both on my desktop. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by Sebastian's PC (administrator) on DESKTOP-M5OMJK2 (23-08-2017 09:16:55) Running from C:\Users\Sebastian's PC\Desktop Loaded Profiles: Sebastian's PC (Available Profiles: Sebastian's PC) Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\Temp\msgrnfksrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe () C:\Windows\Temp\WS\mediatek_86.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Program Files (x86)\Climatologists\steepest.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Highresolution Enterprises) D:\Mouse Buttons\XMouseButtonControl.exe () C:\Users\Default\WindowsUpdate\WindowsUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Program Files (x86)\Climatologists\steepest.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (Valve Corporation) C:\Steam\Steam.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Program Files (x86)\failures\lure.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.4.1001.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XMouseButtonControl] => D:\Mouse Buttons\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises) HKLM\...\Run: [WindowsUpdate23] => "C:\ProgramData\WindowsUpdate\WindowsUpdate.exe" HKLM\...\Run: [WindowsUpdate40] => C:\Users\Default\WindowsUpdate\WindowsUpdate.exe [28160 2017-06-23] () HKLM-x32\...\Run: [unipjvd.exe] => "C:\Users\Sebastian's PC\AppData\Local\ntuserlitelist\unipjvd.exe\unipjvd.exe.exe" -starup HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2015-01-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [Steam] => C:\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [lure] => C:\Program Files (x86)\failures\lure.exe [66364 2017-08-21] () HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [tellers] => "C:\Program Files (x86)\Kleck\steepest.exe" HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\RunOnce: [AwRWNQQxQn] => C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe [747520 2017-08-23] () Startup: C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pontification.lnk [2017-08-23] ShortcutTarget: pontification.lnk -> C:\Program Files (x86)\Kleck\steepest.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{1609ec68-577c-4628-b3e5-bd69274202a4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] Chrome: ======= CHR Profile: C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default [2017-08-23] CHR Extension: (Google Slides) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23] CHR Extension: (Google Docs) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23] CHR Extension: (Google Drive) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23] CHR Extension: (YouTube) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23] CHR Extension: (Google Sheets) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23] CHR Extension: (Google Docs Offline) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] CHR Extension: (Gmail) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23] CHR Extension: (Chrome Media Router) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 d03e216eb47866367aa50ea5e730a806; C:\Program Files\d03e216eb47866367aa50ea5e730a806\e29d67827086a265d655099c36b841bc.exe [1611776 2017-08-22] () [File not signed] <==== ATTENTION R2 mediatek_86; C:\Windows\TEMP\WS\mediatek_86.exe [52224 2017-08-23] () [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-21] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-21] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-09] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 86aa752c55f57b9a6f0cfd229745c7f7; C:\Windows\system32\drivers\86aa752c55f57b9a6f0cfd229745c7f7.sys [77184 2017-08-22] (36IHD8) <==== ATTENTION R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc) R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-13] (Advanced Micro Devices, Inc) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. ) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. ) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-08-23] (Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys [15610296 2017-08-10] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-06-21] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-06-21] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-06-21] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [984032 2017-06-29] (Realtek ) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-23 09:16 - 2017-08-23 09:17 - 000012136 _____ C:\Users\Sebastian's PC\Desktop\FRST.txt 2017-08-23 09:16 - 2017-08-23 09:16 - 000000000 ____D C:\FRST 2017-08-23 09:16 - 2017-08-23 09:15 - 002395648 _____ (Farbar) C:\Users\Sebastian's PC\Desktop\FRST64.exe 2017-08-23 09:15 - 2017-08-23 09:15 - 002395648 _____ (Farbar) C:\Users\Sebastian's PC\Downloads\FRST64.exe 2017-08-23 09:12 - 2017-08-23 09:12 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-23 09:12 - 2017-08-23 09:12 - 000000000 ____D C:\Users\Sebastian's PC\Desktop\mbar 2017-08-23 09:11 - 2017-08-23 09:11 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.4.1001.exe 2017-08-23 08:58 - 2017-08-23 08:58 - 005659788 _____ (Swearware) C:\Users\Sebastian's PC\Downloads\ComboFix.exe 2017-08-23 08:53 - 2017-08-23 08:53 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.3.1001.exe 2017-08-23 08:40 - 2017-08-23 08:40 - 000004727 _____ C:\Windows\diagwrn.xml 2017-08-23 08:40 - 2017-08-23 08:40 - 000001908 _____ C:\Windows\diagerr.xml 2017-08-23 08:27 - 2017-08-23 08:47 - 000000000 ____D C:\ESD 2017-08-23 08:26 - 2017-08-23 08:26 - 000000000 ___HD C:\$Windows.~WS 2017-08-23 08:26 - 2017-08-23 08:26 - 000000000 ____D C:\$WINDOWS.~BT 2017-08-23 08:03 - 2017-08-23 08:03 - 065942208 _____ (Malwarebytes ) C:\Users\Sebastian's PC\Desktop\mb3-setup-consumer-3.2.2.2018.exe 2017-08-23 08:01 - 2017-08-23 08:01 - 000002888 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-08-23 08:01 - 2017-08-23 08:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-08-23 08:01 - 2017-08-23 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-08-23 08:01 - 2017-08-23 08:01 - 000000000 ____D C:\Program Files\CCleaner 2017-08-23 07:43 - 2017-08-23 07:43 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-23 07:43 - 2017-08-23 07:43 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-23 07:42 - 2017-08-23 07:42 - 007649280 _____ C:\Program Files (x86)\GUT8FE3.tmp 2017-08-23 07:42 - 2017-08-23 07:42 - 000000000 ____D C:\Program Files (x86)\GUM8FE2.tmp 2017-08-23 07:41 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2017-08-23 07:41 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2017-08-23 07:41 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2017-08-23 07:41 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2017-08-23 07:41 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2017-08-23 07:41 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2017-08-23 07:41 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2017-08-23 07:41 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2017-08-23 07:41 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2017-08-23 07:41 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2017-08-23 07:41 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2017-08-23 07:41 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2017-08-23 07:41 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2017-08-23 07:41 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2017-08-23 07:41 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2017-08-23 07:41 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2017-08-23 07:41 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2017-08-23 07:41 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2017-08-23 07:41 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2017-08-23 07:41 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2017-08-23 07:41 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2017-08-23 07:41 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2017-08-23 07:41 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2017-08-23 07:41 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2017-08-23 07:41 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2017-08-23 07:41 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2017-08-23 07:41 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2017-08-23 07:41 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2017-08-23 07:41 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2017-08-23 07:41 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2017-08-23 07:41 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2017-08-23 07:41 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2017-08-23 07:41 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2017-08-23 07:41 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2017-08-23 07:41 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2017-08-23 07:41 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2017-08-23 07:41 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2017-08-23 07:41 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2017-08-23 07:41 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2017-08-23 07:41 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2017-08-23 07:41 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2017-08-23 07:41 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2017-08-23 07:41 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2017-08-23 07:41 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2017-08-23 07:41 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2017-08-23 07:41 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2017-08-23 07:41 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2017-08-23 07:41 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2017-08-23 07:41 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2017-08-23 07:41 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2017-08-23 07:41 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2017-08-23 07:41 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2017-08-23 07:41 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2017-08-23 07:41 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2017-08-23 07:41 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2017-08-23 07:41 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2017-08-23 07:41 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2017-08-23 07:41 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2017-08-23 07:41 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2017-08-23 07:41 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2017-08-23 07:41 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2017-08-23 07:41 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2017-08-23 07:41 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2017-08-23 07:41 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2017-08-23 07:41 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2017-08-23 07:41 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2017-08-23 07:41 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2017-08-23 07:41 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2017-08-23 07:41 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2017-08-23 07:41 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2017-08-23 07:41 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2017-08-23 07:41 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2017-08-23 07:41 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2017-08-23 07:41 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Windows\system32\appmgmt 2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Users\Default\WindowsUpdate 2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Users\Default\windiskutility 2017-08-23 05:36 - 2017-08-23 08:28 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\unipjvd 2017-08-23 05:36 - 2017-08-23 05:50 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\llssoft 2017-08-23 05:36 - 2017-08-23 05:36 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\regtool 2017-08-23 05:35 - 2017-08-23 05:38 - 000000000 ____D C:\Program Files\RunBooster 2017-08-23 05:35 - 2017-08-23 05:35 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\cypjMERAky 2017-08-23 05:32 - 2017-08-23 09:10 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\CrashDumps 2017-08-23 05:32 - 2017-08-23 05:32 - 000003396 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2524848303-2415197009-2639144431-1001 2017-08-23 05:32 - 2017-08-23 05:32 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Skype 2017-08-23 05:31 - 2017-08-23 08:02 - 000000000 ____D C:\Windows\Minidump 2017-08-23 05:29 - 2017-08-23 09:00 - 000081696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys 2017-08-23 05:29 - 2017-08-23 05:29 - 000031411 _____ C:\Windows\2bbe70eac594491e4f3b5f612220586b.ps1 2017-08-23 05:29 - 2017-08-23 05:29 - 000003866 _____ C:\Windows\System32\Tasks\89192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003866 _____ C:\Windows\System32\Tasks\56633843 2017-08-23 05:29 - 2017-08-23 05:29 - 000003860 _____ C:\Windows\System32\Tasks\k89192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003842 _____ C:\Windows\System32\Tasks\1444488 2017-08-23 05:29 - 2017-08-23 05:29 - 000003756 _____ C:\Windows\System32\Tasks\ba8919295489192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003756 _____ C:\Windows\System32\Tasks\ba5663384356633843 2017-08-23 05:29 - 2017-08-23 05:29 - 000003752 _____ C:\Windows\System32\Tasks\bak89192954k89192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003730 _____ C:\Windows\System32\Tasks\ba14444881444488 2017-08-23 05:29 - 2017-08-23 05:29 - 000003476 _____ C:\Windows\System32\Tasks\2bbe70eac594491e4f3b5f612220586b 2017-08-23 05:29 - 2017-08-23 05:29 - 000003300 _____ C:\Windows\System32\Tasks\d03e216eb47866367aa50ea5e730a806 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ___HD C:\Program Files (x86)\failures 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ___HD C:\Program Files (x86)\Climatologists 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\SysWOW64\vganshl 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\SysWOW64\SSL 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\system32\vganshl 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\et 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Program Files\d03e216eb47866367aa50ea5e730a806 2017-08-23 05:25 - 2017-08-23 05:25 - 000000000 ____D C:\Users\Sebastian's PC\AppData\LocalLow\Temp 2017-08-23 05:24 - 2017-08-23 05:24 - 000000002 _____ C:\END 2017-08-23 05:23 - 2017-08-23 05:24 - 001854627 _____ C:\HEADERS 2017-08-23 05:23 - 2017-08-23 05:23 - 000003072 _____ C:\Users\Sebastian's PC\AppData\Local\uninstallce.exe 2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\NVIDIA 2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget 2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Downloaded Installations 2017-08-23 05:21 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\AGData 2017-08-23 05:20 - 2017-08-23 05:42 - 000003598 _____ C:\Windows\System32\Tasks\SVC Update 2017-08-23 05:17 - 2017-08-23 05:17 - 000000199 _____ C:\Users\Sebastian's PC\Desktop\Counter-Strike Global Offensive.url 2017-08-23 04:59 - 2017-08-23 04:59 - 000000202 _____ C:\Users\Sebastian's PC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url 2017-08-23 04:58 - 2017-08-23 04:58 - 000000202 _____ C:\Users\Sebastian's PC\Desktop\Rocket League.url 2017-08-23 04:57 - 2017-08-23 04:57 - 000004154 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{658645F3-750F-4634-9214-B854F6E41FBE} 2017-08-23 04:57 - 2017-08-23 04:57 - 000000695 _____ C:\Users\Sebastian's PC\Desktop\X-Mouse Button Control.lnk 2017-08-23 04:57 - 2017-08-23 04:57 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Highresolution Enterprises 2017-08-23 04:57 - 2017-08-23 04:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises 2017-08-23 04:52 - 2017-08-23 04:52 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Steam 2017-08-23 04:51 - 2017-08-23 04:51 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk 2017-08-23 04:51 - 2017-08-23 04:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-08-23 04:50 - 2017-08-23 09:10 - 000000000 ____D C:\Steam 2017-08-23 04:45 - 2017-08-23 05:34 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\NVIDIA Corporation 2017-08-23 04:45 - 2017-08-23 04:45 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-08-23 04:45 - 2017-08-23 04:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\NVIDIA 2017-08-23 04:45 - 2017-08-23 04:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\CEF 2017-08-23 04:41 - 2017-08-23 04:41 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-08-23 04:41 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-08-23 04:41 - 2017-08-09 17:34 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-08-23 04:41 - 2017-08-09 15:21 - 000135616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-08-23 04:41 - 2017-06-21 00:04 - 001903040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001489344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2017-08-23 04:41 - 2017-03-10 14:17 - 000536864 _____ C:\Windows\system32\vulkan-1.dll 2017-08-23 04:41 - 2017-03-10 14:17 - 000525600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-08-23 04:41 - 2017-03-10 14:17 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe 2017-08-23 04:41 - 2017-03-10 14:17 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-08-23 04:41 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2017-08-23 04:39 - 2017-08-10 10:49 - 000045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 040239552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 035846080 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 035314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 028961912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 023074832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 018805160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 013649808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 012133296 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 011585736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 009982968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 004164032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 003711328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 003596224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438528.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001598072 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438528.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001278712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001276992 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001067968 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000996760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000995408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000972736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000924096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000781728 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000724928 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000689808 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000617416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000584128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-08-23 04:39 - 2017-06-21 00:04 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-08-23 04:39 - 2017-06-21 00:04 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-08-23 04:39 - 2017-06-21 00:04 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-08-23 04:39 - 2017-06-21 00:04 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-08-23 04:37 - 2017-08-23 04:37 - 460319480 _____ (NVIDIA Corporation) C:\Users\Sebastian's PC\Downloads\385.28-desktop-win10-64bit-international-whql.exe 2017-08-23 04:30 - 2017-08-23 04:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2017-08-23 04:30 - 2017-08-23 04:30 - 000000000 ____D C:\Program Files\Common Files\EPSON 2017-08-23 04:29 - 2017-08-23 06:05 - 000000000 ____D C:\ProgramData\EPSON 2017-08-23 04:29 - 2015-01-06 08:19 - 000120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMIUE.DLL 2017-08-23 04:29 - 2015-01-06 08:19 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BIUE.DLL 2017-08-23 04:29 - 2015-01-06 08:19 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2017-08-23 04:27 - 2017-08-23 04:27 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Google 2017-08-23 04:26 - 2017-08-23 09:10 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-23 04:26 - 2017-08-23 04:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-08-23 04:26 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-08-23 04:26 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-08-23 04:26 - 2017-08-09 15:53 - 006463608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 001762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000549496 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-08-23 04:26 - 2017-08-08 02:39 - 008112721 _____ C:\Windows\system32\nvcoproc.bin 2017-08-23 04:26 - 2017-06-07 13:51 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2017-08-23 04:26 - 2017-05-19 18:07 - 000521816 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2017-08-23 04:25 - 2017-08-23 07:44 - 000000000 ____D C:\Program Files (x86)\Google 2017-08-23 04:25 - 2017-08-23 07:42 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-08-23 04:25 - 2017-08-23 07:42 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-08-23 04:25 - 2017-08-23 04:35 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Google 2017-08-23 04:21 - 2017-08-23 04:21 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Macromedia 2017-08-23 04:19 - 2017-08-23 04:19 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-23 04:19 - 2017-08-23 04:19 - 000000000 ____D C:\Program Files (x86)\Realtek 2017-08-23 04:19 - 2017-06-29 14:57 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2017-08-23 03:53 - 2017-08-23 03:53 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\PeerDistRepub 2017-08-23 03:20 - 2017-08-23 03:21 - 000007597 _____ C:\Users\Sebastian's PC\AppData\Local\resmon.resmoncfg 2017-08-23 02:45 - 2017-08-23 02:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\ElevatedDiagnostics 2017-08-23 02:12 - 2017-08-23 02:12 - 000000000 ____D C:\Windows\tbaseregistry 2017-08-23 02:12 - 2017-03-18 13:56 - 000407552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEShims.dll 2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf 2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____D C:\Program Files (x86)\AMD 2017-08-23 02:09 - 2017-08-23 02:09 - 000000000 ____D C:\Program Files\AMD 2017-08-23 01:32 - 2017-08-23 08:40 - 000000000 ____D C:\Windows\Panther 2017-08-23 01:17 - 2017-08-23 01:17 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\DBG 2017-08-23 01:03 - 2017-08-23 04:21 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\MicrosoftEdge 2017-08-23 01:00 - 2017-08-23 01:01 - 000000000 ____D C:\Users\Sebastian's PC\Documents\Sound recordings 2017-08-23 00:53 - 2017-08-23 00:53 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Comms 2017-08-23 00:51 - 2017-08-23 00:51 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-2524848303-2415197009-2639144431-1001 2017-08-23 00:44 - 2017-08-23 00:44 - 000000000 ____D C:\ProgramData\USOShared 2017-08-23 00:39 - 2017-08-23 09:05 - 001184332 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-23 00:38 - 2017-08-23 05:32 - 000002394 _____ C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-08-23 00:38 - 2017-08-23 05:32 - 000000000 ___RD C:\Users\Sebastian's PC\OneDrive 2017-08-23 00:38 - 2017-08-23 00:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-08-23 00:37 - 2017-08-23 05:36 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Packages 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Adobe 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\VirtualStore 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\TileDataLayer 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Publishers 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\ConnectedDevicesPlatform 2017-08-23 00:36 - 2017-08-23 08:23 - 000000000 ____D C:\Users\Sebastian's PC 2017-08-23 00:36 - 2017-08-23 00:36 - 000000020 ___SH C:\Users\Sebastian's PC\ntuser.ini 2017-08-23 00:36 - 2017-08-23 00:36 - 000000000 ____D C:\Windows\CSC 2017-08-23 00:36 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2017-08-23 00:34 - 2017-08-23 00:34 - 000000000 _SHDL C:\Documents and Settings 2017-08-23 00:33 - 2017-08-23 09:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-23 00:33 - 2017-08-23 00:33 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-08-23 00:32 - 2017-08-23 02:09 - 000000000 ____D C:\Windows\system32\SleepStudy 2017-08-23 00:32 - 2017-08-23 00:32 - 000217000 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-23 00:32 - 2017-08-23 00:32 - 000000000 ____D C:\Windows\ServiceProfiles 2017-08-22 06:16 - 2017-08-22 06:16 - 001565184 _____ C:\Windows\bb8d1bafa3db34aee94035c5aae349a0.exe 2017-08-22 06:16 - 2017-08-22 06:16 - 000077184 _____ (36IHD8) C:\Windows\system32\Drivers\86aa752c55f57b9a6f0cfd229745c7f7.sys 2017-08-22 06:16 - 2017-08-22 06:16 - 000051618 _____ C:\Windows\uninstaller.dat 2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Windows\workweeks.exe 2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe 2017-08-03 16:07 - 2017-08-03 16:07 - 001996920 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438494.dll 2017-08-03 16:07 - 2017-08-03 16:07 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438494.dll 2017-08-03 11:44 - 2017-08-03 11:44 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-08-03 11:44 - 2017-08-03 11:44 - 000000669 _____ C:\Windows\system32\nv-vk64.json ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-23 09:00 - 2017-03-18 04:40 - 012058624 _____ C:\Windows\system32\config\HARDWARE 2017-08-23 09:00 - 2017-03-18 04:40 - 000524288 _____ C:\Windows\system32\config\BBI 2017-08-23 08:02 - 2017-03-18 14:01 - 000000000 ____D C:\Windows\INF 2017-08-23 06:00 - 2017-03-18 13:51 - 000000000 ____D C:\Windows\CbsTemp 2017-08-23 05:45 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\AppReadiness 2017-08-23 05:22 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-23 04:26 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\Help 2017-08-23 04:20 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\NDF 2017-08-23 03:54 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\LiveKernelReports 2017-08-23 03:31 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\appcompat 2017-08-23 01:32 - 2017-03-18 14:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2017-08-23 00:44 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\USOPrivate 2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\spool 2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\FxsTmp 2017-08-23 00:34 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-08-23 00:33 - 2017-03-18 19:31 - 000000000 ____D C:\Windows\HoloShell 2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\PrintDialog 2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\MiracastView 2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2017-08-23 00:33 - 2017-03-18 04:40 - 000032768 _____ C:\Windows\system32\config\ELAM 2017-08-23 00:33 - 2017-03-18 04:40 - 000000000 ____D C:\Windows\system32\Sysprep 2017-08-10 10:49 - 2017-05-19 18:03 - 001615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2017-08-10 10:49 - 2017-05-19 18:03 - 000218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2017-08-09 17:34 - 2017-05-19 17:47 - 004209520 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-08-09 17:34 - 2017-05-19 14:22 - 000046463 _____ C:\Windows\system32\nvinfo.pb 2017-07-31 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-07-31 08:15 - 2017-03-18 14:06 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2017-08-23 07:42 - 2017-08-23 07:42 - 007649280 _____ () C:\Program Files (x86)\GUT8FE3.tmp 2017-08-23 03:20 - 2017-08-23 03:21 - 000007597 _____ () C:\Users\Sebastian's PC\AppData\Local\resmon.resmoncfg 2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe 2017-08-23 05:23 - 2017-08-23 05:23 - 000003072 _____ () C:\Users\Sebastian's PC\AppData\Local\uninstallce.exe Some files in TEMP: ==================== 2017-08-23 05:24 - 2017-08-23 05:24 - 001854627 _____ () C:\Users\Sebastian's PC\AppData\Local\Temp\FullVersion.exe 2017-08-23 05:35 - 2017-08-23 05:35 - 001234704 _____ ( ) C:\Users\Sebastian's PC\AppData\Local\Temp\ICReinstall_Registry_Activation.exe 2017-08-23 05:23 - 2017-08-23 05:23 - 002424747 _____ () C:\Users\Sebastian's PC\AppData\Local\Temp\MaxPlayer.exe 2017-08-23 04:39 - 2017-07-18 15:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\Sebastian's PC\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-23 00:32 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by Sebastian's PC (23-08-2017 09:17:20) Running from C:\Users\Sebastian's PC\Desktop Windows 10 Pro Version 1703 (X64) (2017-08-23 07:34:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2524848303-2415197009-2639144431-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2524848303-2415197009-2639144431-503 - Limited - Disabled) Guest (S-1-5-21-2524848303-2415197009-2639144431-501 - Limited - Disabled) Sebastian's PC (S-1-5-21-2524848303-2415197009-2639144431-1001 - Administrator - Enabled) => C:\Users\Sebastian's PC ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.28 - NVIDIA Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DragonBoost (HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\119) (Version: - ) <==== ATTENTION EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Microsoft OneDrive (HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.28 - NVIDIA Corporation) NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation) NVIDIA Graphics Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.28 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek) Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-09] (NVIDIA Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07DD544A-2C1B-4132-B778-EC4597083D51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {11406F35-28C0-4F5D-BB86-9A7A0E67F7B0} - System32\Tasks\56633843 => C:\Users\Sebastian's PC\AppData\Local\steepest.exe [2017-08-21] (Steepest) <==== ATTENTION Task: {21910460-BEEB-4545-AD96-E029BAF95260} - System32\Tasks\89192954 => C:\Program Files (x86)\Climatologists\steepest.exe [2017-08-21] (Steepest) <==== ATTENTION Task: {240A87DA-5CFE-46AB-AEC4-E359459FC5A9} - System32\Tasks\S-1-5-21-2524848303-2415197009-2639144431-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation) Task: {5013F4B7-05C3-4374-853F-B875FE1BB5DE} - System32\Tasks\ba5663384356633843 => C:\Users\Sebastian's PC\AppData\Local\steepest.exe [2017-08-21] (Steepest) Task: {595A5BD2-D287-42EE-90A9-48F25144F572} - System32\Tasks\ba8919295489192954 => C:\Program Files (x86)\Climatologists\steepest.exe [2017-08-21] (Steepest) Task: {5C0F5D00-F090-46A7-95D4-95690C70ABF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation) Task: {6CD73023-6C5D-45BE-94F8-AC72DCD473F8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation) Task: {7DE1AC5B-C883-4C38-A009-3AA873740E1E} - System32\Tasks\k89192954 => C:\Program Files (x86)\pitchmen\pitchmen.exe Task: {8C36FFE9-1472-4886-A344-9E0A5E1B59F8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation) Task: {93B02490-8ACF-4B8A-BA80-B6113487FB03} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxp://sh.st/AeotZ" <==== ATTENTION Task: {9DD718B1-6423-436D-A7F9-E02ED7B7E3A0} - System32\Tasks\ba14444881444488 => C:\Program Files (x86)\Kleck\steepest.exe Task: {A10DCDEB-2BFB-4EF3-AB00-941107FFE315} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation) Task: {AF0A25DE-9A8B-4249-9EDF-E81ED1D6AE00} - System32\Tasks\bak89192954k89192954 => C:\Program Files (x86)\pitchmen\pitchmen.exe Task: {BCDFB8E2-E6CE-4485-A699-DD2085B3E0B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {BCFDAF6D-7F6A-4F45-96C6-1CCA73D5CEA5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation) Task: {CD839955-03A2-4F64-9C5B-2F6E95D225B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd) Task: {DA6DFDD4-3B31-47BC-8DBA-119E66C49D09} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation) Task: {F0C72FB7-9AB2-48DE-94D1-C47A3BEAEFFF} - System32\Tasks\2bbe70eac594491e4f3b5f612220586b => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\2bbe70eac594491e4f3b5f612220586b.ps1" <==== ATTENTION Task: {F0E9DB8E-4AFF-45F5-AD00-AA2BDE7A92A0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation) Task: {F10BE4F6-264F-4FB5-BC01-B087B0B83C1E} - System32\Tasks\1444488 => C:\Program Files (x86)\Kleck\steepest.exe <==== ATTENTION Task: {F342CB61-1BA9-4F98-956E-E54483BBA632} - System32\Tasks\d03e216eb47866367aa50ea5e730a806 => sc start d03e216eb47866367aa50ea5e730a806 <==== ATTENTION Task: {FE1AAB6A-DD01-409E-BA29-8CCF0E9CAD5A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-08-23 05:24 - 2017-08-23 05:24 - 000052224 _____ () C:\Windows\TEMP\WS\mediatek_86.exe 2017-08-23 04:41 - 2017-06-21 00:04 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-23 07:43 - 2017-08-11 00:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll 2017-08-23 07:43 - 2017-08-11 00:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll 2017-08-23 05:40 - 2017-06-23 02:18 - 000028160 _____ () C:\Users\Default\WindowsUpdate\WindowsUpdate.exe 2017-08-21 21:50 - 2017-08-21 21:50 - 000066364 _____ () C:\Program Files (x86)\failures\lure.exe 2017-04-07 00:41 - 2017-04-07 00:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-08-23 04:41 - 2017-06-21 00:03 - 066836928 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-08-23 04:51 - 2017-05-16 18:54 - 000678176 _____ () C:\Steam\SDL2.dll 2017-08-23 04:51 - 2016-08-31 18:02 - 004969248 _____ () C:\Steam\v8.dll 2017-08-23 04:51 - 2017-07-17 17:33 - 002497824 _____ () C:\Steam\video.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000332800 _____ () C:\Steam\libavresample-2.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000491008 _____ () C:\Steam\libavformat-56.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 002549760 _____ () C:\Steam\libavcodec-56.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000485888 _____ () C:\Steam\libswscale-3.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000442880 _____ () C:\Steam\libavutil-54.dll 2017-08-23 04:51 - 2016-08-31 18:02 - 001195296 _____ () C:\Steam\icuuc.dll 2017-08-23 04:51 - 2016-08-31 18:02 - 001563936 _____ () C:\Steam\icui18n.dll 2017-08-23 04:51 - 2017-07-17 17:33 - 000884512 _____ () C:\Steam\bin\chromehtml.DLL 2017-08-23 04:51 - 2016-07-04 15:17 - 000266560 _____ () C:\Steam\openvr_api.dll 2017-08-23 04:52 - 2017-05-16 18:54 - 000678176 _____ () C:\Steam\bin\cef\cef.win7\SDL2.dll 2017-08-23 04:52 - 2017-07-06 10:58 - 073088800 _____ () C:\Steam\bin\cef\cef.win7\libcef.dll 2017-08-23 04:51 - 2017-07-17 17:33 - 000384288 _____ () C:\Steam\steam.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-08-23 05:35 - 000001353 _____ C:\Windows\system32\Drivers\etc\hosts 162.222.193.86 aoaomo.tremorhub.com 188.95.50.62 bobomo.tremorhub.com 162.222.193.86 www.howcast.com 162.222.193.86 howcast.com 162.222.193.86 www.ustream.tv 162.222.193.86 ustream.tv 162.222.193.86 www.livestream.com 162.222.193.86 livestream.com 162.222.193.86 www.dailymotion.com 162.222.193.86 dailymotion.com 192.192.3.8 www.virustotal.com 192.192.3.8 virustotal.com 37.139.50.192 www.gstatic.com 37.139.50.192 www.google-analytics.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E2571722-8C1F-4C9F-8C2D-326DBCBF0AC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A1FA5621-CDF7-4020-826B-1D44360502B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{21008F87-AFCA-4F2C-8083-F3F6CDDC7212}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{681AFCF2-758B-40F8-8E63-633699B7085F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7DCAB042-5E8B-43C2-A367-43B8C8C7B231}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4200734D-2EEC-4A2B-8C23-A7471C6416E9}] => (Allow) C:\Steam\Steam.exe FirewallRules: [{AA91A042-646C-4BDB-A1E9-235A46488C89}] => (Allow) C:\Steam\Steam.exe FirewallRules: [{56EADDFC-083E-41D8-9E1E-914555FF8A73}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{410889E8-5A6D-481C-8C2F-13B0D2B5EF17}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{8A3B97BD-ACB9-4016-BBBC-A757BBBA2137}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{CCA11977-10BD-4DF6-9392-8A04B88B3882}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{BEAAE8EC-3413-4328-A9D0-15EC7840DF51}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{F8E58A5F-C3E8-4C81-8A64-3C648D141B19}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{DCE6B92F-44B1-418B-B26F-813531F869CB}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{26937B38-FEA8-4DFB-AC3D-CA5F805505BD}] => (Allow) C:\Program Files (x86)\Kleck\steepest.exe FirewallRules: [{CF025E0A-DD1A-4BE1-8D2D-090B2079BBA1}] => (Allow) C:\Program Files (x86)\Climatologists\steepest.exe FirewallRules: [{8AFA1306-D905-48B0-9DF0-7E5C12184808}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2017 09:10:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x028028f8 Faulting process id: 0x2758 Faulting application start time: 0x01d31c2a5dd14b46 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 9c7164eb-f97a-4d5a-aeed-d9c08e275f00 Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 09:10:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc00001a5 Fault offset: 0x02806010 Faulting process id: 0x2758 Faulting application start time: 0x01d31c2a5dd14b46 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 79a4b985-e861-4158-8227-37a68ef165c8 Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 09:10:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/23/2017 09:00:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/23/2017 08:24:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x02a228f8 Faulting process id: 0x27d0 Faulting application start time: 0x01d31c23e21724d0 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 84dfebb3-7404-415c-b843-2272e23ae3cb Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 08:24:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc00001a5 Fault offset: 0x02a26010 Faulting process id: 0x27d0 Faulting application start time: 0x01d31c23e21724d0 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 73e998c0-eb8d-4891-af48-24e4a3bb521b Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 08:24:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/23/2017 08:23:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/23/2017 08:02:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/23/2017 07:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-M5OMJK2) Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00031401-0079-0000-11d0-000000000000} was terminated because it took too long to suspend. System errors: ============= Error: (08/23/2017 09:12:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMSwissArmy service failed to start due to the following error: Access is denied. Error: (08/23/2017 09:02:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/23/2017 09:00:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. Error: (08/23/2017 09:00:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. Error: (08/23/2017 09:00:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (08/23/2017 09:00:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M5OMJK2) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (08/23/2017 09:00:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M5OMJK2) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (08/23/2017 08:25:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/23/2017 08:23:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. Error: (08/23/2017 08:23:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. ==================== Memory info =========================== Processor: AMD Ryzen 3 1200 Quad-Core Processor Percentage of memory in use: 31% Total physical RAM: 8125.09 MB Available physical RAM: 5560.25 MB Total Virtual: 10045.09 MB Available Virtual: 7143.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:118.75 GB) (Free:93.44 GB) NTFS Drive d: (MY GAMES BOIIIII) (Fixed) (Total:1862.89 GB) (Free:1834.55 GB) NTFS Drive e: (MY PC USB) (Removable) (Total:14.57 GB) (Free:14.55 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8E4C974F) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: C987D167) Partition 1: (Active) - (Size=14.6 GB) - (Type=0C) ==================== End of Addition.txt ============================
  11. Much how many people were struggling with their website protection being turned off as soon as they attempted to turn it on awhile ago, Malware protection itself will not turn on and when you attempt to it turns itself off after saying "starting" for about a third of a second. i have tried doing scans and updates and nothing works.
  12. I'm having a similar problem with my system. I don't seem to be able to access any AV programs either. Some assistance would be greatly appreciated.
  13. I am having this very same problem. I have used RKill and Zemana to no avail. I know exactly where I got this malware from too. I can post a link to it if that will help me identify and get rid of it.
  14. I'm trying to fix some of the viruses on my computer, they shouldn't be this hard. I haven't been able to open task manager because it always crashes on startup. Also, whenever I try to run RKill, Malwarebytes, the Malwayrebytes Anit-Rootkit, it pops up with "The requested resource is in use" with a directory of the executable. This would be way easier if I could start software, but anything relating to anti-virus/malware removal won't launch. Any suggestions? I've tried a lot.
  15. Hello there, Hopefully I've posted this to the right forum. Long story short: I've had a Rootkit detection scare several days ago. This happened immediately after the last Windows update (KB4034662/KB4034674). I always run Malwarebytes (free version) after running my default Anti-virus when doing Windows updates. The scan claimed it found an "unknown Rootkit": -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) *File: 1 Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\drmk.sys, Replaced, [0], [0],0.0.0 Physical Sector: 0 (No malicious items detected) (end) Not really thinking it through, I went ahead and quarantined the file, then removed it. Since this file was part of the core driver files for Windows, my PC naturally blue screened mid-process. I rebooted, then ran an sfc/scannow via Command Prompt, and was able to reinstall the damaged driver with seemingly little problems. I've since then ran some additional anti-virus scans and Rootkit cleaners (ESET online scanner, TDSS Killer; etc.), and several more Malwarebytes scans; all of which found nothing. My question here is, was this potentially a false positive? Are there any additional security steps I should proceed with, assuming this was a legit Rootkit? Cheers, -L.
  16. I had decided to run an antirootkit scan without internet access on one of my devices. On this same device when I updated the Malwarebytes antirootkit scan it detected nothing. But, when i ran it without updating it it found similar malware across two different devices, and it keeps finding the same malware after completing wiping each device and reinstalling windows. Registry Keys Detected: 6 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [6ecfb786d9a3db5b11bc9262a75c5ca4] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [2d100b324e2ea59111d5fff5a06314ec] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [f04dc974b8c445f18a7c45b27e856e92] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [ad9007369ce0e94dd4f9827222e10ff1] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [b38a9aa32b513006707638bccc37e41c] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [3a0359e46b111e1834d233c459aaff01] My assumption is either these are false positives or the antirootkit scan is being corrupted when i update it. Not sure why these would remain on the device after formating the drives and reinstalling windows. Thanks mbar-log-2017-08-01 (17-41-48).txt
  17. A few days ago I ran a scan and it found what it called Rootkit.Agent in the location C:\WINDOWS\SYSTEM32\WINDOWS and that is all that it told me. It was just a folder named Windows. My PC has not been acting strangely, and it quarantined the threat with no trouble and then I deleted it. I ran a full custom scan with rootkits turned on and it found nothing. I ran Malwarebytes anti-rootkit and it also found nothing. Is my computer safe? Here's my log: -Log Details- Scan Date: 7/31/17 Scan Time: 12:26 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2468 License: Free -System Information- OS: Windows 10 (Build 15063.483) CPU: x64 File System: NTFS User: DESKTOP\Stuart -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 376357 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 1 min, 36 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Rootkit.Agent, C:\WINDOWS\SYSTEM32\WINDOWS, Quarantined, [1273], [205059],1.0.2468 Physical Sector: 0 (No malicious items detected) (end)
  18. I have been trying to open up programs that i use on a daily basis like, Razer Synaps, discord many other programs and this error keeps on popping up ''The Requested resource is in use'' I have been trying to run scanners to scan my PC like AVG and even malwarebytes but even those programs wont open. I'm worried that it is too late and im going to have to get a new PC.
  19. Ive tried everything... I Mean everything to no avail!. There was a post about this that was closed a little while back. safemode usb+ any anti viruses = Nothing still telling me I dont have the privileges, even "run as admin" I tried weirdly enough to edit the program in notepad+ and saving it after deleting its contents. Worked for some files, but not the important ones. Im so stuck right now I dont know what to do? Do I have to get a new computer?! I was in computer repair too..
  20. Malwarebytes Anti-Rootkit is over 4 years old now, yet it's still in the BETA version, why?
  21. After doing a scan with Malwarebytes today it detected a rootkit and said I needed to restart in order to quarantine it. My laptop then froze when restarting it and now my audio drivers don't work, says that my audio devices aren't installed and that it can't be loaded in the device manager. It's listed as High Definition Audio Controller in the Device manager. Updating it does nothing, says that it's already installed. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/25/17 Scan Time: 2:47 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.2433 License: Free -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: DESKTOP-7CBE4JG\Sam -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 402456 Time Elapsed: 3 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\ks.sys, Replaced, [0], [0],0.0.0 Physical Sector: 0 (No malicious items detected) (end)
  22. This is still occuring for me. Has this been fixed?
  23. Recently I noticed that I was unable to open any application that had to do with the removal of malware as well as some other applications as well. I researched as best as I could and followed the many tutorials I found, but all of the programs they suggested were ones I could not run. The error message I received after attempting to open certain programs is,"The requested resource is in use." I did more research and found out that the cause of this is most likely a rootkit. I eventually got so tired of trying to fix this that I tried to reset my entire computer, but I am also unable to do that for some reason. Any information that may aid this problem is greatly appreciated.
  24. I’m currently analyzing an endpoint which most likely is compromised and need some help on breaking down what the malware has done. Due to possible more infected endpoints I’m out to identify the root of it – making it possible to determine if other endpoints are compromised. One day the machine (Win10) suddenly started to consume high amounts of CPU resources without any process showing this consumption in the task manager. This persisted for days and survived reboots. To look for techniques for persistence I did try Sysinternals Autoruns and ProcessExp, although there were no obvious/super-suspicious processes, task, services, reg-entries or dlls to make a next move on. Due to suspicion of rootkit-malware I did a scan with GMER. It reported on some interesting findings, listed below(only snippets of the whole list). .text C:\WINDOWS\system32\wbem\wmiprvse.exe[‘removed’] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA [‘removed’] 5 bytes JMP [‘removed’] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[‘removed’] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW [‘removed’] 5 bytes JMP [‘removed’] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[‘removed’] C:\WINDOWS\system32\USER32.dll!SetWindowsHookA [‘removed’] 5 bytes JMP [‘removed’] Although I’m quite new to such analysis my theory is that these are signs of key-logging and/or dll-injection. Next I find these entries interesting (only some examples, full report listed several functions per dll) .text C:\Program Files(x86)\Google\Chrome\Application\chrome.exe[‘removed’] @ C:\WINDOWS\system32\KERNEL32.DLL!CreateRemoteThread [‘removed’] 5 bytes JMP [‘removed’] (...) .text C:\Program Files(x86)\Google\Chrome\Application\chrome.exe[‘removed’] @ C:\WINDOWS\system32\ntdll.dll!NtCreateFile [‘removed’] 16 bytes {MOV RAX ,[‘removed’]; JMP RAX } (...) IAT C:\Program Files(x86)\Google\Chrome\Application\chrome.exe[‘removed’] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [‘removed’] Can anybody give me any clues on how to further analyze this? Any theories on whether or how threads/processes are hidden? And any thoughts on what technique can be utilized for persistence and how to identify it? Thank you!
  25. So I have this nasty virus that started out as a bitcoin miner virus because every time I open taskmgr it goes up to 99% cpu and then goes back down. I though hmm maybe its a virus so i use Malwarebytes to see if I can delete it. Malwarebytes didn't detect anything so I thought it wasn't a virus i've tried everything nothing worked I reset my laptop to factory settings 3 times nothing worked. Also this may also be a rootkit because 1 time my whole laptop went unusable when I start up windows it says error program has not started and happened for all my programs on my computer I could not open anything even malwarebytes. Now I was scared I gave up a few weeks after I got the virus cause I thought it would get worse if I tampered with it. But then apparently the virus also uses your cpu using undetectable processes. I used processor explorer and autorun to see if I could find anything I found nothing suspicious. I had 0 programs using cpu but I am using 2% cpu I do not have a lot of programs running I only have 43. This virus is apparently also a worm because it traveled to 2 of my other computers probably through emails.Now Im really desperate for help because all my computers are really slow im focusing on fixing the carrier of the virus mt toshiba satellite intel because if the carrier of the virus gets taken down so does all the others. Please help me remove this virus its very hard to remove and unsafe. Here are my specs, Thank You win 8.1 Intel Pentium CPU 2020m 2,40GHz Ram: 4.00 (3.88 usable)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.