PLISHELP Posted August 23, 2017 ID:1156151 Share Posted August 23, 2017 My pc will not enter safe mode, wont allow me to reset it, and wont install malwarebytes and gives me an error when i use the malwarebytes rootkit removal. Any help is greatly appreciated. Here is my FRST note pad information. When i try to use "fix" Any help is greatly appreciated. FRST also says no txt found and it has to be in the same place as FRST, but they are both on my desktop. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by Sebastian's PC (administrator) on DESKTOP-M5OMJK2 (23-08-2017 09:16:55) Running from C:\Users\Sebastian's PC\Desktop Loaded Profiles: Sebastian's PC (Available Profiles: Sebastian's PC) Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\Temp\msgrnfksrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe () C:\Windows\Temp\WS\mediatek_86.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Program Files (x86)\Climatologists\steepest.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Highresolution Enterprises) D:\Mouse Buttons\XMouseButtonControl.exe () C:\Users\Default\WindowsUpdate\WindowsUpdate.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Program Files (x86)\Climatologists\steepest.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (Valve Corporation) C:\Steam\Steam.exe (Valve Corporation) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Program Files (x86)\failures\lure.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.4.1001.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XMouseButtonControl] => D:\Mouse Buttons\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises) HKLM\...\Run: [WindowsUpdate23] => "C:\ProgramData\WindowsUpdate\WindowsUpdate.exe" HKLM\...\Run: [WindowsUpdate40] => C:\Users\Default\WindowsUpdate\WindowsUpdate.exe [28160 2017-06-23] () HKLM-x32\...\Run: [unipjvd.exe] => "C:\Users\Sebastian's PC\AppData\Local\ntuserlitelist\unipjvd.exe\unipjvd.exe.exe" -starup HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2015-01-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [Steam] => C:\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [lure] => C:\Program Files (x86)\failures\lure.exe [66364 2017-08-21] () HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [tellers] => "C:\Program Files (x86)\Kleck\steepest.exe" HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\RunOnce: [AwRWNQQxQn] => C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe [747520 2017-08-23] () Startup: C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pontification.lnk [2017-08-23] ShortcutTarget: pontification.lnk -> C:\Program Files (x86)\Kleck\steepest.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{1609ec68-577c-4628-b3e5-bd69274202a4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] Chrome: ======= CHR Profile: C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default [2017-08-23] CHR Extension: (Google Slides) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23] CHR Extension: (Google Docs) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23] CHR Extension: (Google Drive) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23] CHR Extension: (YouTube) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23] CHR Extension: (Google Sheets) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23] CHR Extension: (Google Docs Offline) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] CHR Extension: (Gmail) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23] CHR Extension: (Chrome Media Router) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 d03e216eb47866367aa50ea5e730a806; C:\Program Files\d03e216eb47866367aa50ea5e730a806\e29d67827086a265d655099c36b841bc.exe [1611776 2017-08-22] () [File not signed] <==== ATTENTION R2 mediatek_86; C:\Windows\TEMP\WS\mediatek_86.exe [52224 2017-08-23] () [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-21] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-21] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-09] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 86aa752c55f57b9a6f0cfd229745c7f7; C:\Windows\system32\drivers\86aa752c55f57b9a6f0cfd229745c7f7.sys [77184 2017-08-22] (36IHD8) <==== ATTENTION R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc) R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-13] (Advanced Micro Devices, Inc) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. ) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. ) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-08-23] (Malwarebytes) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys [15610296 2017-08-10] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-06-21] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-06-21] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-06-21] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [984032 2017-06-29] (Realtek ) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-23 09:16 - 2017-08-23 09:17 - 000012136 _____ C:\Users\Sebastian's PC\Desktop\FRST.txt 2017-08-23 09:16 - 2017-08-23 09:16 - 000000000 ____D C:\FRST 2017-08-23 09:16 - 2017-08-23 09:15 - 002395648 _____ (Farbar) C:\Users\Sebastian's PC\Desktop\FRST64.exe 2017-08-23 09:15 - 2017-08-23 09:15 - 002395648 _____ (Farbar) C:\Users\Sebastian's PC\Downloads\FRST64.exe 2017-08-23 09:12 - 2017-08-23 09:12 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-23 09:12 - 2017-08-23 09:12 - 000000000 ____D C:\Users\Sebastian's PC\Desktop\mbar 2017-08-23 09:11 - 2017-08-23 09:11 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.4.1001.exe 2017-08-23 08:58 - 2017-08-23 08:58 - 005659788 _____ (Swearware) C:\Users\Sebastian's PC\Downloads\ComboFix.exe 2017-08-23 08:53 - 2017-08-23 08:53 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.3.1001.exe 2017-08-23 08:40 - 2017-08-23 08:40 - 000004727 _____ C:\Windows\diagwrn.xml 2017-08-23 08:40 - 2017-08-23 08:40 - 000001908 _____ C:\Windows\diagerr.xml 2017-08-23 08:27 - 2017-08-23 08:47 - 000000000 ____D C:\ESD 2017-08-23 08:26 - 2017-08-23 08:26 - 000000000 ___HD C:\$Windows.~WS 2017-08-23 08:26 - 2017-08-23 08:26 - 000000000 ____D C:\$WINDOWS.~BT 2017-08-23 08:03 - 2017-08-23 08:03 - 065942208 _____ (Malwarebytes ) C:\Users\Sebastian's PC\Desktop\mb3-setup-consumer-3.2.2.2018.exe 2017-08-23 08:01 - 2017-08-23 08:01 - 000002888 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-08-23 08:01 - 2017-08-23 08:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-08-23 08:01 - 2017-08-23 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-08-23 08:01 - 2017-08-23 08:01 - 000000000 ____D C:\Program Files\CCleaner 2017-08-23 07:43 - 2017-08-23 07:43 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-23 07:43 - 2017-08-23 07:43 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-23 07:42 - 2017-08-23 07:42 - 007649280 _____ C:\Program Files (x86)\GUT8FE3.tmp 2017-08-23 07:42 - 2017-08-23 07:42 - 000000000 ____D C:\Program Files (x86)\GUM8FE2.tmp 2017-08-23 07:41 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2017-08-23 07:41 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2017-08-23 07:41 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2017-08-23 07:41 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2017-08-23 07:41 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2017-08-23 07:41 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2017-08-23 07:41 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2017-08-23 07:41 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2017-08-23 07:41 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2017-08-23 07:41 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2017-08-23 07:41 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2017-08-23 07:41 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2017-08-23 07:41 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2017-08-23 07:41 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2017-08-23 07:41 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2017-08-23 07:41 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2017-08-23 07:41 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2017-08-23 07:41 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2017-08-23 07:41 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2017-08-23 07:41 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2017-08-23 07:41 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2017-08-23 07:41 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2017-08-23 07:41 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2017-08-23 07:41 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2017-08-23 07:41 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2017-08-23 07:41 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2017-08-23 07:41 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2017-08-23 07:41 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2017-08-23 07:41 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2017-08-23 07:41 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2017-08-23 07:41 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2017-08-23 07:41 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2017-08-23 07:41 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2017-08-23 07:41 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2017-08-23 07:41 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2017-08-23 07:41 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2017-08-23 07:41 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2017-08-23 07:41 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2017-08-23 07:41 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2017-08-23 07:41 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2017-08-23 07:41 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2017-08-23 07:41 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2017-08-23 07:41 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2017-08-23 07:41 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2017-08-23 07:41 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2017-08-23 07:41 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2017-08-23 07:41 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2017-08-23 07:41 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2017-08-23 07:41 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2017-08-23 07:41 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2017-08-23 07:41 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2017-08-23 07:41 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2017-08-23 07:41 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2017-08-23 07:41 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2017-08-23 07:41 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2017-08-23 07:41 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2017-08-23 07:41 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2017-08-23 07:41 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2017-08-23 07:41 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2017-08-23 07:41 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2017-08-23 07:41 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2017-08-23 07:41 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2017-08-23 07:41 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2017-08-23 07:41 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2017-08-23 07:41 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2017-08-23 07:41 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2017-08-23 07:41 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2017-08-23 07:41 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2017-08-23 07:41 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2017-08-23 07:41 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2017-08-23 07:41 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2017-08-23 07:41 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2017-08-23 07:41 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2017-08-23 07:41 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2017-08-23 07:41 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2017-08-23 07:41 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2017-08-23 07:41 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2017-08-23 07:41 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2017-08-23 07:41 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2017-08-23 07:41 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2017-08-23 07:41 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2017-08-23 07:41 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2017-08-23 07:41 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2017-08-23 07:41 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2017-08-23 07:41 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2017-08-23 07:41 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2017-08-23 07:41 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2017-08-23 07:41 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2017-08-23 07:41 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2017-08-23 07:41 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2017-08-23 07:41 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2017-08-23 07:41 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Windows\system32\appmgmt 2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Users\Default\WindowsUpdate 2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Users\Default\windiskutility 2017-08-23 05:36 - 2017-08-23 08:28 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\unipjvd 2017-08-23 05:36 - 2017-08-23 05:50 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\llssoft 2017-08-23 05:36 - 2017-08-23 05:36 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\regtool 2017-08-23 05:35 - 2017-08-23 05:38 - 000000000 ____D C:\Program Files\RunBooster 2017-08-23 05:35 - 2017-08-23 05:35 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\cypjMERAky 2017-08-23 05:32 - 2017-08-23 09:10 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\CrashDumps 2017-08-23 05:32 - 2017-08-23 05:32 - 000003396 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2524848303-2415197009-2639144431-1001 2017-08-23 05:32 - 2017-08-23 05:32 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Skype 2017-08-23 05:31 - 2017-08-23 08:02 - 000000000 ____D C:\Windows\Minidump 2017-08-23 05:29 - 2017-08-23 09:00 - 000081696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys 2017-08-23 05:29 - 2017-08-23 05:29 - 000031411 _____ C:\Windows\2bbe70eac594491e4f3b5f612220586b.ps1 2017-08-23 05:29 - 2017-08-23 05:29 - 000003866 _____ C:\Windows\System32\Tasks\89192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003866 _____ C:\Windows\System32\Tasks\56633843 2017-08-23 05:29 - 2017-08-23 05:29 - 000003860 _____ C:\Windows\System32\Tasks\k89192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003842 _____ C:\Windows\System32\Tasks\1444488 2017-08-23 05:29 - 2017-08-23 05:29 - 000003756 _____ C:\Windows\System32\Tasks\ba8919295489192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003756 _____ C:\Windows\System32\Tasks\ba5663384356633843 2017-08-23 05:29 - 2017-08-23 05:29 - 000003752 _____ C:\Windows\System32\Tasks\bak89192954k89192954 2017-08-23 05:29 - 2017-08-23 05:29 - 000003730 _____ C:\Windows\System32\Tasks\ba14444881444488 2017-08-23 05:29 - 2017-08-23 05:29 - 000003476 _____ C:\Windows\System32\Tasks\2bbe70eac594491e4f3b5f612220586b 2017-08-23 05:29 - 2017-08-23 05:29 - 000003300 _____ C:\Windows\System32\Tasks\d03e216eb47866367aa50ea5e730a806 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ___HD C:\Program Files (x86)\failures 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ___HD C:\Program Files (x86)\Climatologists 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\SysWOW64\vganshl 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\SysWOW64\SSL 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\system32\vganshl 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\et 2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Program Files\d03e216eb47866367aa50ea5e730a806 2017-08-23 05:25 - 2017-08-23 05:25 - 000000000 ____D C:\Users\Sebastian's PC\AppData\LocalLow\Temp 2017-08-23 05:24 - 2017-08-23 05:24 - 000000002 _____ C:\END 2017-08-23 05:23 - 2017-08-23 05:24 - 001854627 _____ C:\HEADERS 2017-08-23 05:23 - 2017-08-23 05:23 - 000003072 _____ C:\Users\Sebastian's PC\AppData\Local\uninstallce.exe 2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\NVIDIA 2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget 2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Downloaded Installations 2017-08-23 05:21 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\AGData 2017-08-23 05:20 - 2017-08-23 05:42 - 000003598 _____ C:\Windows\System32\Tasks\SVC Update 2017-08-23 05:17 - 2017-08-23 05:17 - 000000199 _____ C:\Users\Sebastian's PC\Desktop\Counter-Strike Global Offensive.url 2017-08-23 04:59 - 2017-08-23 04:59 - 000000202 _____ C:\Users\Sebastian's PC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url 2017-08-23 04:58 - 2017-08-23 04:58 - 000000202 _____ C:\Users\Sebastian's PC\Desktop\Rocket League.url 2017-08-23 04:57 - 2017-08-23 04:57 - 000004154 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{658645F3-750F-4634-9214-B854F6E41FBE} 2017-08-23 04:57 - 2017-08-23 04:57 - 000000695 _____ C:\Users\Sebastian's PC\Desktop\X-Mouse Button Control.lnk 2017-08-23 04:57 - 2017-08-23 04:57 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Highresolution Enterprises 2017-08-23 04:57 - 2017-08-23 04:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises 2017-08-23 04:52 - 2017-08-23 04:52 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Steam 2017-08-23 04:51 - 2017-08-23 04:51 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk 2017-08-23 04:51 - 2017-08-23 04:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-08-23 04:50 - 2017-08-23 09:10 - 000000000 ____D C:\Steam 2017-08-23 04:45 - 2017-08-23 05:34 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\NVIDIA Corporation 2017-08-23 04:45 - 2017-08-23 04:45 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-08-23 04:45 - 2017-08-23 04:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\NVIDIA 2017-08-23 04:45 - 2017-08-23 04:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\CEF 2017-08-23 04:41 - 2017-08-23 04:41 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-08-23 04:41 - 2017-08-23 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-08-23 04:41 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-08-23 04:41 - 2017-08-09 17:34 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-08-23 04:41 - 2017-08-09 15:21 - 000135616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-08-23 04:41 - 2017-06-21 00:04 - 001903040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001489344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2017-08-23 04:41 - 2017-03-10 14:17 - 000536864 _____ C:\Windows\system32\vulkan-1.dll 2017-08-23 04:41 - 2017-03-10 14:17 - 000525600 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-08-23 04:41 - 2017-03-10 14:17 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe 2017-08-23 04:41 - 2017-03-10 14:17 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-08-23 04:41 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2017-08-23 04:41 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2017-08-23 04:39 - 2017-08-10 10:49 - 000045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 040239552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 035846080 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 035314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 028961912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 023074832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 018805160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 013649808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 012133296 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 011585736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 009982968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 004164032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 003711328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 003596224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438528.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001598072 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438528.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001278712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001276992 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001067968 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000996760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000995408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000972736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000924096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000781728 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000724928 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000689808 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000617416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000584128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-08-23 04:39 - 2017-08-09 17:34 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-08-23 04:39 - 2017-06-21 00:04 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-08-23 04:39 - 2017-06-21 00:04 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-08-23 04:39 - 2017-06-21 00:04 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-08-23 04:39 - 2017-06-21 00:04 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-08-23 04:37 - 2017-08-23 04:37 - 460319480 _____ (NVIDIA Corporation) C:\Users\Sebastian's PC\Downloads\385.28-desktop-win10-64bit-international-whql.exe 2017-08-23 04:30 - 2017-08-23 04:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2017-08-23 04:30 - 2017-08-23 04:30 - 000000000 ____D C:\Program Files\Common Files\EPSON 2017-08-23 04:29 - 2017-08-23 06:05 - 000000000 ____D C:\ProgramData\EPSON 2017-08-23 04:29 - 2015-01-06 08:19 - 000120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMIUE.DLL 2017-08-23 04:29 - 2015-01-06 08:19 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BIUE.DLL 2017-08-23 04:29 - 2015-01-06 08:19 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2017-08-23 04:27 - 2017-08-23 04:27 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Google 2017-08-23 04:26 - 2017-08-23 09:10 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-23 04:26 - 2017-08-23 04:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-08-23 04:26 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-08-23 04:26 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-08-23 04:26 - 2017-08-09 15:53 - 006463608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 001762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000549496 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-08-23 04:26 - 2017-08-09 15:53 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-08-23 04:26 - 2017-08-08 02:39 - 008112721 _____ C:\Windows\system32\nvcoproc.bin 2017-08-23 04:26 - 2017-06-07 13:51 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2017-08-23 04:26 - 2017-05-19 18:07 - 000521816 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2017-08-23 04:25 - 2017-08-23 07:44 - 000000000 ____D C:\Program Files (x86)\Google 2017-08-23 04:25 - 2017-08-23 07:42 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-08-23 04:25 - 2017-08-23 07:42 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-08-23 04:25 - 2017-08-23 04:35 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Google 2017-08-23 04:21 - 2017-08-23 04:21 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Macromedia 2017-08-23 04:19 - 2017-08-23 04:19 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-23 04:19 - 2017-08-23 04:19 - 000000000 ____D C:\Program Files (x86)\Realtek 2017-08-23 04:19 - 2017-06-29 14:57 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2017-08-23 03:53 - 2017-08-23 03:53 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\PeerDistRepub 2017-08-23 03:20 - 2017-08-23 03:21 - 000007597 _____ C:\Users\Sebastian's PC\AppData\Local\resmon.resmoncfg 2017-08-23 02:45 - 2017-08-23 02:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\ElevatedDiagnostics 2017-08-23 02:12 - 2017-08-23 02:12 - 000000000 ____D C:\Windows\tbaseregistry 2017-08-23 02:12 - 2017-03-18 13:56 - 000407552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEShims.dll 2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf 2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____D C:\Program Files (x86)\AMD 2017-08-23 02:09 - 2017-08-23 02:09 - 000000000 ____D C:\Program Files\AMD 2017-08-23 01:32 - 2017-08-23 08:40 - 000000000 ____D C:\Windows\Panther 2017-08-23 01:17 - 2017-08-23 01:17 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\DBG 2017-08-23 01:03 - 2017-08-23 04:21 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\MicrosoftEdge 2017-08-23 01:00 - 2017-08-23 01:01 - 000000000 ____D C:\Users\Sebastian's PC\Documents\Sound recordings 2017-08-23 00:53 - 2017-08-23 00:53 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Comms 2017-08-23 00:51 - 2017-08-23 00:51 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-2524848303-2415197009-2639144431-1001 2017-08-23 00:44 - 2017-08-23 00:44 - 000000000 ____D C:\ProgramData\USOShared 2017-08-23 00:39 - 2017-08-23 09:05 - 001184332 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-23 00:38 - 2017-08-23 05:32 - 000002394 _____ C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-08-23 00:38 - 2017-08-23 05:32 - 000000000 ___RD C:\Users\Sebastian's PC\OneDrive 2017-08-23 00:38 - 2017-08-23 00:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-08-23 00:37 - 2017-08-23 05:36 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Packages 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Adobe 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\VirtualStore 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\TileDataLayer 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Publishers 2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\ConnectedDevicesPlatform 2017-08-23 00:36 - 2017-08-23 08:23 - 000000000 ____D C:\Users\Sebastian's PC 2017-08-23 00:36 - 2017-08-23 00:36 - 000000020 ___SH C:\Users\Sebastian's PC\ntuser.ini 2017-08-23 00:36 - 2017-08-23 00:36 - 000000000 ____D C:\Windows\CSC 2017-08-23 00:36 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2017-08-23 00:34 - 2017-08-23 00:34 - 000000000 _SHDL C:\Documents and Settings 2017-08-23 00:33 - 2017-08-23 09:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-23 00:33 - 2017-08-23 00:33 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-08-23 00:32 - 2017-08-23 02:09 - 000000000 ____D C:\Windows\system32\SleepStudy 2017-08-23 00:32 - 2017-08-23 00:32 - 000217000 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-23 00:32 - 2017-08-23 00:32 - 000000000 ____D C:\Windows\ServiceProfiles 2017-08-22 06:16 - 2017-08-22 06:16 - 001565184 _____ C:\Windows\bb8d1bafa3db34aee94035c5aae349a0.exe 2017-08-22 06:16 - 2017-08-22 06:16 - 000077184 _____ (36IHD8) C:\Windows\system32\Drivers\86aa752c55f57b9a6f0cfd229745c7f7.sys 2017-08-22 06:16 - 2017-08-22 06:16 - 000051618 _____ C:\Windows\uninstaller.dat 2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Windows\workweeks.exe 2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe 2017-08-03 16:07 - 2017-08-03 16:07 - 001996920 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438494.dll 2017-08-03 16:07 - 2017-08-03 16:07 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438494.dll 2017-08-03 11:44 - 2017-08-03 11:44 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-08-03 11:44 - 2017-08-03 11:44 - 000000669 _____ C:\Windows\system32\nv-vk64.json ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-23 09:00 - 2017-03-18 04:40 - 012058624 _____ C:\Windows\system32\config\HARDWARE 2017-08-23 09:00 - 2017-03-18 04:40 - 000524288 _____ C:\Windows\system32\config\BBI 2017-08-23 08:02 - 2017-03-18 14:01 - 000000000 ____D C:\Windows\INF 2017-08-23 06:00 - 2017-03-18 13:51 - 000000000 ____D C:\Windows\CbsTemp 2017-08-23 05:45 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\AppReadiness 2017-08-23 05:22 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-23 04:26 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\Help 2017-08-23 04:20 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\NDF 2017-08-23 03:54 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\LiveKernelReports 2017-08-23 03:31 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\appcompat 2017-08-23 01:32 - 2017-03-18 14:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2017-08-23 00:44 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\USOPrivate 2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\spool 2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\FxsTmp 2017-08-23 00:34 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-08-23 00:33 - 2017-03-18 19:31 - 000000000 ____D C:\Windows\HoloShell 2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\PrintDialog 2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\MiracastView 2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2017-08-23 00:33 - 2017-03-18 04:40 - 000032768 _____ C:\Windows\system32\config\ELAM 2017-08-23 00:33 - 2017-03-18 04:40 - 000000000 ____D C:\Windows\system32\Sysprep 2017-08-10 10:49 - 2017-05-19 18:03 - 001615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2017-08-10 10:49 - 2017-05-19 18:03 - 000218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2017-08-09 17:34 - 2017-05-19 17:47 - 004209520 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-08-09 17:34 - 2017-05-19 14:22 - 000046463 _____ C:\Windows\system32\nvinfo.pb 2017-07-31 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-07-31 08:15 - 2017-03-18 14:06 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2017-08-23 07:42 - 2017-08-23 07:42 - 007649280 _____ () C:\Program Files (x86)\GUT8FE3.tmp 2017-08-23 03:20 - 2017-08-23 03:21 - 000007597 _____ () C:\Users\Sebastian's PC\AppData\Local\resmon.resmoncfg 2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe 2017-08-23 05:23 - 2017-08-23 05:23 - 000003072 _____ () C:\Users\Sebastian's PC\AppData\Local\uninstallce.exe Some files in TEMP: ==================== 2017-08-23 05:24 - 2017-08-23 05:24 - 001854627 _____ () C:\Users\Sebastian's PC\AppData\Local\Temp\FullVersion.exe 2017-08-23 05:35 - 2017-08-23 05:35 - 001234704 _____ ( ) C:\Users\Sebastian's PC\AppData\Local\Temp\ICReinstall_Registry_Activation.exe 2017-08-23 05:23 - 2017-08-23 05:23 - 002424747 _____ () C:\Users\Sebastian's PC\AppData\Local\Temp\MaxPlayer.exe 2017-08-23 04:39 - 2017-07-18 15:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\Sebastian's PC\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-23 00:32 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by Sebastian's PC (23-08-2017 09:17:20) Running from C:\Users\Sebastian's PC\Desktop Windows 10 Pro Version 1703 (X64) (2017-08-23 07:34:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2524848303-2415197009-2639144431-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2524848303-2415197009-2639144431-503 - Limited - Disabled) Guest (S-1-5-21-2524848303-2415197009-2639144431-501 - Limited - Disabled) Sebastian's PC (S-1-5-21-2524848303-2415197009-2639144431-1001 - Administrator - Enabled) => C:\Users\Sebastian's PC ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.28 - NVIDIA Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DragonBoost (HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\119) (Version: - ) <==== ATTENTION EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Microsoft OneDrive (HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.28 - NVIDIA Corporation) NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation) NVIDIA Graphics Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.28 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek) Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix, Inc.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-09] (NVIDIA Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07DD544A-2C1B-4132-B778-EC4597083D51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {11406F35-28C0-4F5D-BB86-9A7A0E67F7B0} - System32\Tasks\56633843 => C:\Users\Sebastian's PC\AppData\Local\steepest.exe [2017-08-21] (Steepest) <==== ATTENTION Task: {21910460-BEEB-4545-AD96-E029BAF95260} - System32\Tasks\89192954 => C:\Program Files (x86)\Climatologists\steepest.exe [2017-08-21] (Steepest) <==== ATTENTION Task: {240A87DA-5CFE-46AB-AEC4-E359459FC5A9} - System32\Tasks\S-1-5-21-2524848303-2415197009-2639144431-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation) Task: {5013F4B7-05C3-4374-853F-B875FE1BB5DE} - System32\Tasks\ba5663384356633843 => C:\Users\Sebastian's PC\AppData\Local\steepest.exe [2017-08-21] (Steepest) Task: {595A5BD2-D287-42EE-90A9-48F25144F572} - System32\Tasks\ba8919295489192954 => C:\Program Files (x86)\Climatologists\steepest.exe [2017-08-21] (Steepest) Task: {5C0F5D00-F090-46A7-95D4-95690C70ABF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation) Task: {6CD73023-6C5D-45BE-94F8-AC72DCD473F8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation) Task: {7DE1AC5B-C883-4C38-A009-3AA873740E1E} - System32\Tasks\k89192954 => C:\Program Files (x86)\pitchmen\pitchmen.exe Task: {8C36FFE9-1472-4886-A344-9E0A5E1B59F8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation) Task: {93B02490-8ACF-4B8A-BA80-B6113487FB03} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxp://sh.st/AeotZ" <==== ATTENTION Task: {9DD718B1-6423-436D-A7F9-E02ED7B7E3A0} - System32\Tasks\ba14444881444488 => C:\Program Files (x86)\Kleck\steepest.exe Task: {A10DCDEB-2BFB-4EF3-AB00-941107FFE315} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation) Task: {AF0A25DE-9A8B-4249-9EDF-E81ED1D6AE00} - System32\Tasks\bak89192954k89192954 => C:\Program Files (x86)\pitchmen\pitchmen.exe Task: {BCDFB8E2-E6CE-4485-A699-DD2085B3E0B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {BCFDAF6D-7F6A-4F45-96C6-1CCA73D5CEA5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation) Task: {CD839955-03A2-4F64-9C5B-2F6E95D225B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd) Task: {DA6DFDD4-3B31-47BC-8DBA-119E66C49D09} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation) Task: {F0C72FB7-9AB2-48DE-94D1-C47A3BEAEFFF} - System32\Tasks\2bbe70eac594491e4f3b5f612220586b => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\2bbe70eac594491e4f3b5f612220586b.ps1" <==== ATTENTION Task: {F0E9DB8E-4AFF-45F5-AD00-AA2BDE7A92A0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation) Task: {F10BE4F6-264F-4FB5-BC01-B087B0B83C1E} - System32\Tasks\1444488 => C:\Program Files (x86)\Kleck\steepest.exe <==== ATTENTION Task: {F342CB61-1BA9-4F98-956E-E54483BBA632} - System32\Tasks\d03e216eb47866367aa50ea5e730a806 => sc start d03e216eb47866367aa50ea5e730a806 <==== ATTENTION Task: {FE1AAB6A-DD01-409E-BA29-8CCF0E9CAD5A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-08-23 05:24 - 2017-08-23 05:24 - 000052224 _____ () C:\Windows\TEMP\WS\mediatek_86.exe 2017-08-23 04:41 - 2017-06-21 00:04 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-23 07:43 - 2017-08-11 00:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll 2017-08-23 07:43 - 2017-08-11 00:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll 2017-08-23 05:40 - 2017-06-23 02:18 - 000028160 _____ () C:\Users\Default\WindowsUpdate\WindowsUpdate.exe 2017-08-21 21:50 - 2017-08-21 21:50 - 000066364 _____ () C:\Program Files (x86)\failures\lure.exe 2017-04-07 00:41 - 2017-04-07 00:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll 2017-08-23 04:41 - 2017-06-21 00:04 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-08-23 04:41 - 2017-06-21 00:03 - 066836928 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-08-23 04:51 - 2017-05-16 18:54 - 000678176 _____ () C:\Steam\SDL2.dll 2017-08-23 04:51 - 2016-08-31 18:02 - 004969248 _____ () C:\Steam\v8.dll 2017-08-23 04:51 - 2017-07-17 17:33 - 002497824 _____ () C:\Steam\video.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000332800 _____ () C:\Steam\libavresample-2.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000491008 _____ () C:\Steam\libavformat-56.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 002549760 _____ () C:\Steam\libavcodec-56.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000485888 _____ () C:\Steam\libswscale-3.dll 2017-08-23 04:51 - 2016-01-27 00:49 - 000442880 _____ () C:\Steam\libavutil-54.dll 2017-08-23 04:51 - 2016-08-31 18:02 - 001195296 _____ () C:\Steam\icuuc.dll 2017-08-23 04:51 - 2016-08-31 18:02 - 001563936 _____ () C:\Steam\icui18n.dll 2017-08-23 04:51 - 2017-07-17 17:33 - 000884512 _____ () C:\Steam\bin\chromehtml.DLL 2017-08-23 04:51 - 2016-07-04 15:17 - 000266560 _____ () C:\Steam\openvr_api.dll 2017-08-23 04:52 - 2017-05-16 18:54 - 000678176 _____ () C:\Steam\bin\cef\cef.win7\SDL2.dll 2017-08-23 04:52 - 2017-07-06 10:58 - 073088800 _____ () C:\Steam\bin\cef\cef.win7\libcef.dll 2017-08-23 04:51 - 2017-07-17 17:33 - 000384288 _____ () C:\Steam\steam.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-08-23 05:35 - 000001353 _____ C:\Windows\system32\Drivers\etc\hosts 162.222.193.86 aoaomo.tremorhub.com 188.95.50.62 bobomo.tremorhub.com 162.222.193.86 www.howcast.com 162.222.193.86 howcast.com 162.222.193.86 www.ustream.tv 162.222.193.86 ustream.tv 162.222.193.86 www.livestream.com 162.222.193.86 livestream.com 162.222.193.86 www.dailymotion.com 162.222.193.86 dailymotion.com 192.192.3.8 www.virustotal.com 192.192.3.8 virustotal.com 37.139.50.192 www.gstatic.com 37.139.50.192 www.google-analytics.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E2571722-8C1F-4C9F-8C2D-326DBCBF0AC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{A1FA5621-CDF7-4020-826B-1D44360502B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{21008F87-AFCA-4F2C-8083-F3F6CDDC7212}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{681AFCF2-758B-40F8-8E63-633699B7085F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7DCAB042-5E8B-43C2-A367-43B8C8C7B231}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4200734D-2EEC-4A2B-8C23-A7471C6416E9}] => (Allow) C:\Steam\Steam.exe FirewallRules: [{AA91A042-646C-4BDB-A1E9-235A46488C89}] => (Allow) C:\Steam\Steam.exe FirewallRules: [{56EADDFC-083E-41D8-9E1E-914555FF8A73}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{410889E8-5A6D-481C-8C2F-13B0D2B5EF17}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{8A3B97BD-ACB9-4016-BBBC-A757BBBA2137}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{CCA11977-10BD-4DF6-9392-8A04B88B3882}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{BEAAE8EC-3413-4328-A9D0-15EC7840DF51}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{F8E58A5F-C3E8-4C81-8A64-3C648D141B19}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{DCE6B92F-44B1-418B-B26F-813531F869CB}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{26937B38-FEA8-4DFB-AC3D-CA5F805505BD}] => (Allow) C:\Program Files (x86)\Kleck\steepest.exe FirewallRules: [{CF025E0A-DD1A-4BE1-8D2D-090B2079BBA1}] => (Allow) C:\Program Files (x86)\Climatologists\steepest.exe FirewallRules: [{8AFA1306-D905-48B0-9DF0-7E5C12184808}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2017 09:10:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x028028f8 Faulting process id: 0x2758 Faulting application start time: 0x01d31c2a5dd14b46 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 9c7164eb-f97a-4d5a-aeed-d9c08e275f00 Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 09:10:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc00001a5 Fault offset: 0x02806010 Faulting process id: 0x2758 Faulting application start time: 0x01d31c2a5dd14b46 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 79a4b985-e861-4158-8227-37a68ef165c8 Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 09:10:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/23/2017 09:00:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/23/2017 08:24:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x02a228f8 Faulting process id: 0x27d0 Faulting application start time: 0x01d31c23e21724d0 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 84dfebb3-7404-415c-b843-2272e23ae3cb Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 08:24:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc00001a5 Fault offset: 0x02a26010 Faulting process id: 0x27d0 Faulting application start time: 0x01d31c23e21724d0 Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe Faulting module path: unknown Report Id: 73e998c0-eb8d-4891-af48-24e4a3bb521b Faulting package full name: Faulting package-relative application ID: Error: (08/23/2017 08:24:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (08/23/2017 08:23:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (08/23/2017 08:02:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/23/2017 07:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-M5OMJK2) Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00031401-0079-0000-11d0-000000000000} was terminated because it took too long to suspend. System errors: ============= Error: (08/23/2017 09:12:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMSwissArmy service failed to start due to the following error: Access is denied. Error: (08/23/2017 09:02:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/23/2017 09:00:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. Error: (08/23/2017 09:00:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. Error: (08/23/2017 09:00:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (08/23/2017 09:00:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M5OMJK2) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (08/23/2017 09:00:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M5OMJK2) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (08/23/2017 08:25:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/23/2017 08:23:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. Error: (08/23/2017 08:23:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: The requested resource is in use. ==================== Memory info =========================== Processor: AMD Ryzen 3 1200 Quad-Core Processor Percentage of memory in use: 31% Total physical RAM: 8125.09 MB Available physical RAM: 5560.25 MB Total Virtual: 10045.09 MB Available Virtual: 7143.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:118.75 GB) (Free:93.44 GB) NTFS Drive d: (MY GAMES BOIIIII) (Fixed) (Total:1862.89 GB) (Free:1834.55 GB) NTFS Drive e: (MY PC USB) (Removable) (Total:14.57 GB) (Free:14.55 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8E4C974F) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: C987D167) Partition 1: (Active) - (Size=14.6 GB) - (Type=0C) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted August 23, 2017 ID:1156236 Share Posted August 23, 2017 Hi PLSHELP My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Do you have a USB Flash Drive? If so, how big is it? Also, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
Aura Posted August 26, 2017 ID:1157287 Share Posted August 26, 2017 Hi PLSHELP, Are you still with me? Link to post Share on other sites More sharing options...
Aura Posted August 28, 2017 ID:1157854 Share Posted August 28, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts