Jump to content

Anti Rootkit wont run


Recommended Posts

My pc will not enter safe mode, wont allow me to reset it, and wont install malwarebytes and gives me an error when i use the malwarebytes rootkit removal. Any help is greatly appreciated. Here  is my FRST note pad information. When i try to use "fix"  Any help is greatly appreciated. FRST also says no txt found and it has to be in the same place as FRST, but they are both on my desktop.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Sebastian's PC (administrator) on DESKTOP-M5OMJK2 (23-08-2017 09:16:55)
Running from C:\Users\Sebastian's PC\Desktop
Loaded Profiles: Sebastian's PC (Available Profiles: Sebastian's PC)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\Temp\msgrnfksrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\Temp\WS\mediatek_86.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Steepest) C:\Program Files (x86)\Climatologists\steepest.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Highresolution Enterprises) D:\Mouse Buttons\XMouseButtonControl.exe
() C:\Users\Default\WindowsUpdate\WindowsUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Steepest) C:\Program Files (x86)\Climatologists\steepest.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Valve Corporation) C:\Steam\Steam.exe
(Valve Corporation) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\failures\lure.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.4.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XMouseButtonControl] => D:\Mouse Buttons\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises)
HKLM\...\Run: [WindowsUpdate23] => "C:\ProgramData\WindowsUpdate\WindowsUpdate.exe"
HKLM\...\Run: [WindowsUpdate40] => C:\Users\Default\WindowsUpdate\WindowsUpdate.exe [28160 2017-06-23] ()
HKLM-x32\...\Run: [unipjvd.exe] => "C:\Users\Sebastian's PC\AppData\Local\ntuserlitelist\unipjvd.exe\unipjvd.exe.exe" -starup
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2015-01-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [Steam] => C:\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation)
HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [lure] => C:\Program Files (x86)\failures\lure.exe [66364 2017-08-21] ()
HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [tellers] => "C:\Program Files (x86)\Kleck\steepest.exe"
HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\RunOnce: [AwRWNQQxQn] => C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe [747520 2017-08-23] ()
Startup: C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pontification.lnk [2017-08-23]
ShortcutTarget: pontification.lnk -> C:\Program Files (x86)\Kleck\steepest.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1609ec68-577c-4628-b3e5-bd69274202a4}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR Profile: C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Slides) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23]
CHR Extension: (Google Docs) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23]
CHR Extension: (Google Drive) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23]
CHR Extension: (YouTube) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23]
CHR Extension: (Google Sheets) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Sebastian's PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 d03e216eb47866367aa50ea5e730a806; C:\Program Files\d03e216eb47866367aa50ea5e730a806\e29d67827086a265d655099c36b841bc.exe [1611776 2017-08-22] () [File not signed] <==== ATTENTION
R2 mediatek_86; C:\Windows\TEMP\WS\mediatek_86.exe [52224 2017-08-23] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-09] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 86aa752c55f57b9a6f0cfd229745c7f7; C:\Windows\system32\drivers\86aa752c55f57b9a6f0cfd229745c7f7.sys [77184 2017-08-22] (36IHD8) <==== ATTENTION
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-13] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-08-23] (Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys [15610296 2017-08-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-06-21] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [984032 2017-06-29] (Realtek )
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 09:16 - 2017-08-23 09:17 - 000012136 _____ C:\Users\Sebastian's PC\Desktop\FRST.txt
2017-08-23 09:16 - 2017-08-23 09:16 - 000000000 ____D C:\FRST
2017-08-23 09:16 - 2017-08-23 09:15 - 002395648 _____ (Farbar) C:\Users\Sebastian's PC\Desktop\FRST64.exe
2017-08-23 09:15 - 2017-08-23 09:15 - 002395648 _____ (Farbar) C:\Users\Sebastian's PC\Downloads\FRST64.exe
2017-08-23 09:12 - 2017-08-23 09:12 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-23 09:12 - 2017-08-23 09:12 - 000000000 ____D C:\Users\Sebastian's PC\Desktop\mbar
2017-08-23 09:11 - 2017-08-23 09:11 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.4.1001.exe
2017-08-23 08:58 - 2017-08-23 08:58 - 005659788 _____ (Swearware) C:\Users\Sebastian's PC\Downloads\ComboFix.exe
2017-08-23 08:53 - 2017-08-23 08:53 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Sebastian's PC\Downloads\mbar-1.09.3.1001.exe
2017-08-23 08:40 - 2017-08-23 08:40 - 000004727 _____ C:\Windows\diagwrn.xml
2017-08-23 08:40 - 2017-08-23 08:40 - 000001908 _____ C:\Windows\diagerr.xml
2017-08-23 08:27 - 2017-08-23 08:47 - 000000000 ____D C:\ESD
2017-08-23 08:26 - 2017-08-23 08:26 - 000000000 ___HD C:\$Windows.~WS
2017-08-23 08:26 - 2017-08-23 08:26 - 000000000 ____D C:\$WINDOWS.~BT
2017-08-23 08:03 - 2017-08-23 08:03 - 065942208 _____ (Malwarebytes ) C:\Users\Sebastian's PC\Desktop\mb3-setup-consumer-3.2.2.2018.exe
2017-08-23 08:01 - 2017-08-23 08:01 - 000002888 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-08-23 08:01 - 2017-08-23 08:01 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-23 08:01 - 2017-08-23 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-23 08:01 - 2017-08-23 08:01 - 000000000 ____D C:\Program Files\CCleaner
2017-08-23 07:43 - 2017-08-23 07:43 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 07:43 - 2017-08-23 07:43 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 07:42 - 2017-08-23 07:42 - 007649280 _____ C:\Program Files (x86)\GUT8FE3.tmp
2017-08-23 07:42 - 2017-08-23 07:42 - 000000000 ____D C:\Program Files (x86)\GUM8FE2.tmp
2017-08-23 07:41 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-08-23 07:41 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-08-23 07:41 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-08-23 07:41 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-08-23 07:41 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-08-23 07:41 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-08-23 07:41 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-08-23 07:41 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-08-23 07:41 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-08-23 07:41 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-08-23 07:41 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-08-23 07:41 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-08-23 07:41 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-08-23 07:41 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-08-23 07:41 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-08-23 07:41 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-08-23 07:41 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-08-23 07:41 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-08-23 07:41 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-08-23 07:41 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-08-23 07:41 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-08-23 07:41 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-08-23 07:41 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-08-23 07:41 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-08-23 07:41 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-08-23 07:41 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-08-23 07:41 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-08-23 07:41 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-08-23 07:41 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-08-23 07:41 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-08-23 07:41 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-08-23 07:41 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-08-23 07:41 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-08-23 07:41 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-08-23 07:41 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-08-23 07:41 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-08-23 07:41 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-08-23 07:41 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-08-23 07:41 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-08-23 07:41 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-08-23 07:41 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-08-23 07:41 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-08-23 07:41 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-08-23 07:41 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-08-23 07:41 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-08-23 07:41 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-08-23 07:41 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-08-23 07:41 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-08-23 07:41 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-08-23 07:41 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-08-23 07:41 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-08-23 07:41 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-08-23 07:41 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-08-23 07:41 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-08-23 07:41 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-08-23 07:41 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-08-23 07:41 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-08-23 07:41 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-08-23 07:41 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-08-23 07:41 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-08-23 07:41 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-08-23 07:41 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-08-23 07:41 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-08-23 07:41 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-08-23 07:41 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-08-23 07:41 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-08-23 07:41 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-08-23 07:41 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-08-23 07:41 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-08-23 07:41 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-08-23 07:41 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-08-23 07:41 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-08-23 07:41 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-08-23 07:41 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-08-23 07:41 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-08-23 07:41 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-08-23 07:41 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-08-23 07:41 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-08-23 07:41 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-08-23 07:41 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-08-23 07:41 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-08-23 07:41 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-08-23 07:41 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-08-23 07:41 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-08-23 07:41 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-08-23 07:41 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-08-23 07:41 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-08-23 07:41 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-08-23 07:41 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-08-23 07:41 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-08-23 07:41 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-08-23 07:41 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-08-23 07:41 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-08-23 07:41 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-08-23 07:41 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-08-23 07:41 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-08-23 07:41 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-08-23 07:41 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-08-23 07:41 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-08-23 07:41 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-08-23 07:41 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-08-23 07:41 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-08-23 07:41 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-08-23 07:41 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-08-23 07:41 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-08-23 07:41 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-08-23 07:41 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-08-23 07:41 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-08-23 07:41 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-08-23 07:41 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-08-23 07:41 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-08-23 07:41 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-08-23 07:41 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-08-23 07:41 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-08-23 07:41 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-08-23 07:41 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-08-23 07:41 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-08-23 07:41 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-08-23 07:41 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-08-23 07:41 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-08-23 07:41 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-08-23 07:41 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-08-23 07:41 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-08-23 07:41 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-08-23 07:41 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-08-23 07:41 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-08-23 07:41 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-08-23 07:41 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-08-23 07:41 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-08-23 07:41 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-08-23 07:41 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-08-23 07:41 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-08-23 07:41 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-08-23 07:41 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-08-23 07:41 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-08-23 07:41 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-08-23 07:41 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-08-23 07:41 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-08-23 07:41 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-08-23 07:41 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-08-23 07:41 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-08-23 07:41 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-08-23 07:41 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-08-23 07:41 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-08-23 07:41 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-08-23 07:41 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-08-23 07:41 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-08-23 07:41 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-08-23 07:41 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-08-23 07:41 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-08-23 07:41 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-08-23 07:41 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-08-23 07:41 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Users\Default\WindowsUpdate
2017-08-23 05:40 - 2017-08-23 05:40 - 000000000 ____D C:\Users\Default\windiskutility
2017-08-23 05:36 - 2017-08-23 08:28 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\unipjvd
2017-08-23 05:36 - 2017-08-23 05:50 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\llssoft
2017-08-23 05:36 - 2017-08-23 05:36 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\regtool
2017-08-23 05:35 - 2017-08-23 05:38 - 000000000 ____D C:\Program Files\RunBooster
2017-08-23 05:35 - 2017-08-23 05:35 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\cypjMERAky
2017-08-23 05:32 - 2017-08-23 09:10 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\CrashDumps
2017-08-23 05:32 - 2017-08-23 05:32 - 000003396 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2524848303-2415197009-2639144431-1001
2017-08-23 05:32 - 2017-08-23 05:32 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Skype
2017-08-23 05:31 - 2017-08-23 08:02 - 000000000 ____D C:\Windows\Minidump
2017-08-23 05:29 - 2017-08-23 09:00 - 000081696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys
2017-08-23 05:29 - 2017-08-23 05:29 - 000031411 _____ C:\Windows\2bbe70eac594491e4f3b5f612220586b.ps1
2017-08-23 05:29 - 2017-08-23 05:29 - 000003866 _____ C:\Windows\System32\Tasks\89192954
2017-08-23 05:29 - 2017-08-23 05:29 - 000003866 _____ C:\Windows\System32\Tasks\56633843
2017-08-23 05:29 - 2017-08-23 05:29 - 000003860 _____ C:\Windows\System32\Tasks\k89192954
2017-08-23 05:29 - 2017-08-23 05:29 - 000003842 _____ C:\Windows\System32\Tasks\1444488
2017-08-23 05:29 - 2017-08-23 05:29 - 000003756 _____ C:\Windows\System32\Tasks\ba8919295489192954
2017-08-23 05:29 - 2017-08-23 05:29 - 000003756 _____ C:\Windows\System32\Tasks\ba5663384356633843
2017-08-23 05:29 - 2017-08-23 05:29 - 000003752 _____ C:\Windows\System32\Tasks\bak89192954k89192954
2017-08-23 05:29 - 2017-08-23 05:29 - 000003730 _____ C:\Windows\System32\Tasks\ba14444881444488
2017-08-23 05:29 - 2017-08-23 05:29 - 000003476 _____ C:\Windows\System32\Tasks\2bbe70eac594491e4f3b5f612220586b
2017-08-23 05:29 - 2017-08-23 05:29 - 000003300 _____ C:\Windows\System32\Tasks\d03e216eb47866367aa50ea5e730a806
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ___HD C:\Program Files (x86)\failures
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ___HD C:\Program Files (x86)\Climatologists
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\SysWOW64\vganshl
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Windows\system32\vganshl
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\et
2017-08-23 05:29 - 2017-08-23 05:29 - 000000000 ____D C:\Program Files\d03e216eb47866367aa50ea5e730a806
2017-08-23 05:25 - 2017-08-23 05:25 - 000000000 ____D C:\Users\Sebastian's PC\AppData\LocalLow\Temp
2017-08-23 05:24 - 2017-08-23 05:24 - 000000002 _____ C:\END
2017-08-23 05:23 - 2017-08-23 05:24 - 001854627 _____ C:\HEADERS
2017-08-23 05:23 - 2017-08-23 05:23 - 000003072 _____ C:\Users\Sebastian's PC\AppData\Local\uninstallce.exe
2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\NVIDIA
2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-08-23 05:23 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Downloaded Installations
2017-08-23 05:21 - 2017-08-23 05:23 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\AGData
2017-08-23 05:20 - 2017-08-23 05:42 - 000003598 _____ C:\Windows\System32\Tasks\SVC Update
2017-08-23 05:17 - 2017-08-23 05:17 - 000000199 _____ C:\Users\Sebastian's PC\Desktop\Counter-Strike Global Offensive.url
2017-08-23 04:59 - 2017-08-23 04:59 - 000000202 _____ C:\Users\Sebastian's PC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
2017-08-23 04:58 - 2017-08-23 04:58 - 000000202 _____ C:\Users\Sebastian's PC\Desktop\Rocket League.url
2017-08-23 04:57 - 2017-08-23 04:57 - 000004154 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{658645F3-750F-4634-9214-B854F6E41FBE}
2017-08-23 04:57 - 2017-08-23 04:57 - 000000695 _____ C:\Users\Sebastian's PC\Desktop\X-Mouse Button Control.lnk
2017-08-23 04:57 - 2017-08-23 04:57 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Highresolution Enterprises
2017-08-23 04:57 - 2017-08-23 04:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2017-08-23 04:52 - 2017-08-23 04:52 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Steam
2017-08-23 04:51 - 2017-08-23 04:51 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk
2017-08-23 04:51 - 2017-08-23 04:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-23 04:50 - 2017-08-23 09:10 - 000000000 ____D C:\Steam
2017-08-23 04:45 - 2017-08-23 05:34 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\NVIDIA Corporation
2017-08-23 04:45 - 2017-08-23 04:45 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-23 04:45 - 2017-08-23 04:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\NVIDIA
2017-08-23 04:45 - 2017-08-23 04:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\CEF
2017-08-23 04:41 - 2017-08-23 04:41 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-23 04:41 - 2017-08-23 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-23 04:41 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-23 04:41 - 2017-08-09 17:34 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-08-23 04:41 - 2017-08-09 15:21 - 000135616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-08-23 04:41 - 2017-06-21 00:04 - 001903040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-08-23 04:41 - 2017-06-21 00:04 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-08-23 04:41 - 2017-06-21 00:04 - 001489344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-08-23 04:41 - 2017-06-21 00:04 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-08-23 04:41 - 2017-06-21 00:04 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-08-23 04:41 - 2017-03-10 14:17 - 000536864 _____ C:\Windows\system32\vulkan-1.dll
2017-08-23 04:41 - 2017-03-10 14:17 - 000525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-08-23 04:41 - 2017-03-10 14:17 - 000254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-08-23 04:41 - 2017-03-10 14:17 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-08-23 04:41 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-08-23 04:41 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-08-23 04:41 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-08-23 04:41 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-08-23 04:41 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-08-23 04:41 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-08-23 04:39 - 2017-08-10 10:49 - 000045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 040239552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 035846080 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 035314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 028961912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 023074832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 018805160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 013649808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 012133296 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 011585736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 009982968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 004164032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 003711328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 003596224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438528.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 001598072 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438528.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 001278712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 001276992 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 001067968 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000996760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000995408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000972736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000924096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000781728 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000724928 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000689808 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000617416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000584128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-08-23 04:39 - 2017-08-09 17:34 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-08-23 04:39 - 2017-06-21 00:04 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-08-23 04:39 - 2017-06-21 00:04 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-08-23 04:39 - 2017-06-21 00:04 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-08-23 04:39 - 2017-06-21 00:04 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-08-23 04:37 - 2017-08-23 04:37 - 460319480 _____ (NVIDIA Corporation) C:\Users\Sebastian's PC\Downloads\385.28-desktop-win10-64bit-international-whql.exe
2017-08-23 04:30 - 2017-08-23 04:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-08-23 04:30 - 2017-08-23 04:30 - 000000000 ____D C:\Program Files\Common Files\EPSON
2017-08-23 04:29 - 2017-08-23 06:05 - 000000000 ____D C:\ProgramData\EPSON
2017-08-23 04:29 - 2015-01-06 08:19 - 000120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMIUE.DLL
2017-08-23 04:29 - 2015-01-06 08:19 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BIUE.DLL
2017-08-23 04:29 - 2015-01-06 08:19 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2017-08-23 04:27 - 2017-08-23 04:27 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Google
2017-08-23 04:26 - 2017-08-23 09:10 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-23 04:26 - 2017-08-23 04:46 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-23 04:26 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-23 04:26 - 2017-08-23 04:41 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-23 04:26 - 2017-08-09 15:53 - 006463608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-08-23 04:26 - 2017-08-09 15:53 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-08-23 04:26 - 2017-08-09 15:53 - 001762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-08-23 04:26 - 2017-08-09 15:53 - 000549496 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-08-23 04:26 - 2017-08-09 15:53 - 000392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-08-23 04:26 - 2017-08-09 15:53 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-08-23 04:26 - 2017-08-09 15:53 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-08-23 04:26 - 2017-08-08 02:39 - 008112721 _____ C:\Windows\system32\nvcoproc.bin
2017-08-23 04:26 - 2017-06-07 13:51 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-08-23 04:26 - 2017-05-19 18:07 - 000521816 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-08-23 04:25 - 2017-08-23 07:44 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-23 04:25 - 2017-08-23 07:42 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-23 04:25 - 2017-08-23 07:42 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-23 04:25 - 2017-08-23 04:35 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Google
2017-08-23 04:21 - 2017-08-23 04:21 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Macromedia
2017-08-23 04:19 - 2017-08-23 04:19 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-23 04:19 - 2017-08-23 04:19 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-08-23 04:19 - 2017-06-29 14:57 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2017-08-23 03:53 - 2017-08-23 03:53 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\PeerDistRepub
2017-08-23 03:20 - 2017-08-23 03:21 - 000007597 _____ C:\Users\Sebastian's PC\AppData\Local\resmon.resmoncfg
2017-08-23 02:45 - 2017-08-23 02:45 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\ElevatedDiagnostics
2017-08-23 02:12 - 2017-08-23 02:12 - 000000000 ____D C:\Windows\tbaseregistry
2017-08-23 02:12 - 2017-03-18 13:56 - 000407552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEShims.dll
2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-23 02:10 - 2017-08-23 02:10 - 000000000 ____D C:\Program Files (x86)\AMD
2017-08-23 02:09 - 2017-08-23 02:09 - 000000000 ____D C:\Program Files\AMD
2017-08-23 01:32 - 2017-08-23 08:40 - 000000000 ____D C:\Windows\Panther
2017-08-23 01:17 - 2017-08-23 01:17 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\DBG
2017-08-23 01:03 - 2017-08-23 04:21 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\MicrosoftEdge
2017-08-23 01:00 - 2017-08-23 01:01 - 000000000 ____D C:\Users\Sebastian's PC\Documents\Sound recordings
2017-08-23 00:53 - 2017-08-23 00:53 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Comms
2017-08-23 00:51 - 2017-08-23 00:51 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-2524848303-2415197009-2639144431-1001
2017-08-23 00:44 - 2017-08-23 00:44 - 000000000 ____D C:\ProgramData\USOShared
2017-08-23 00:39 - 2017-08-23 09:05 - 001184332 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-23 00:38 - 2017-08-23 05:32 - 000002394 _____ C:\Users\Sebastian's PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-23 00:38 - 2017-08-23 05:32 - 000000000 ___RD C:\Users\Sebastian's PC\OneDrive
2017-08-23 00:38 - 2017-08-23 00:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-23 00:37 - 2017-08-23 05:36 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Packages
2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Roaming\Adobe
2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\VirtualStore
2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\TileDataLayer
2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\Publishers
2017-08-23 00:37 - 2017-08-23 00:37 - 000000000 ____D C:\Users\Sebastian's PC\AppData\Local\ConnectedDevicesPlatform
2017-08-23 00:36 - 2017-08-23 08:23 - 000000000 ____D C:\Users\Sebastian's PC
2017-08-23 00:36 - 2017-08-23 00:36 - 000000020 ___SH C:\Users\Sebastian's PC\ntuser.ini
2017-08-23 00:36 - 2017-08-23 00:36 - 000000000 ____D C:\Windows\CSC
2017-08-23 00:36 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-08-23 00:34 - 2017-08-23 00:34 - 000000000 _SHDL C:\Documents and Settings
2017-08-23 00:33 - 2017-08-23 09:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-23 00:33 - 2017-08-23 00:33 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-23 00:32 - 2017-08-23 02:09 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-08-23 00:32 - 2017-08-23 00:32 - 000217000 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-23 00:32 - 2017-08-23 00:32 - 000000000 ____D C:\Windows\ServiceProfiles
2017-08-22 06:16 - 2017-08-22 06:16 - 001565184 _____ C:\Windows\bb8d1bafa3db34aee94035c5aae349a0.exe
2017-08-22 06:16 - 2017-08-22 06:16 - 000077184 _____ (36IHD8) C:\Windows\system32\Drivers\86aa752c55f57b9a6f0cfd229745c7f7.sys
2017-08-22 06:16 - 2017-08-22 06:16 - 000051618 _____ C:\Windows\uninstaller.dat
2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Windows\workweeks.exe
2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
2017-08-03 16:07 - 2017-08-03 16:07 - 001996920 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438494.dll
2017-08-03 16:07 - 2017-08-03 16:07 - 001606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438494.dll
2017-08-03 11:44 - 2017-08-03 11:44 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-08-03 11:44 - 2017-08-03 11:44 - 000000669 _____ C:\Windows\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-23 09:00 - 2017-03-18 04:40 - 012058624 _____ C:\Windows\system32\config\HARDWARE
2017-08-23 09:00 - 2017-03-18 04:40 - 000524288 _____ C:\Windows\system32\config\BBI
2017-08-23 08:02 - 2017-03-18 14:01 - 000000000 ____D C:\Windows\INF
2017-08-23 06:00 - 2017-03-18 13:51 - 000000000 ____D C:\Windows\CbsTemp
2017-08-23 05:45 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\AppReadiness
2017-08-23 05:22 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-23 04:26 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\Help
2017-08-23 04:20 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\NDF
2017-08-23 03:54 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\LiveKernelReports
2017-08-23 03:31 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\appcompat
2017-08-23 01:32 - 2017-03-18 14:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-08-23 00:44 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\spool
2017-08-23 00:36 - 2017-03-18 14:03 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-08-23 00:34 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-23 00:33 - 2017-03-18 19:31 - 000000000 ____D C:\Windows\HoloShell
2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\PrintDialog
2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\MiracastView
2017-08-23 00:33 - 2017-03-18 14:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-08-23 00:33 - 2017-03-18 04:40 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-08-23 00:33 - 2017-03-18 04:40 - 000000000 ____D C:\Windows\system32\Sysprep
2017-08-10 10:49 - 2017-05-19 18:03 - 001615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-08-10 10:49 - 2017-05-19 18:03 - 000218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-08-09 17:34 - 2017-05-19 17:47 - 004209520 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-08-09 17:34 - 2017-05-19 14:22 - 000046463 _____ C:\Windows\system32\nvinfo.pb
2017-07-31 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-31 08:15 - 2017-03-18 14:06 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-08-23 07:42 - 2017-08-23 07:42 - 007649280 _____ () C:\Program Files (x86)\GUT8FE3.tmp
2017-08-23 03:20 - 2017-08-23 03:21 - 000007597 _____ () C:\Users\Sebastian's PC\AppData\Local\resmon.resmoncfg
2017-08-21 21:50 - 2017-08-21 21:50 - 000013824 _____ (Steepest) C:\Users\Sebastian's PC\AppData\Local\steepest.exe
2017-08-23 05:23 - 2017-08-23 05:23 - 000003072 _____ () C:\Users\Sebastian's PC\AppData\Local\uninstallce.exe

Some files in TEMP:
====================
2017-08-23 05:24 - 2017-08-23 05:24 - 001854627 _____ () C:\Users\Sebastian's PC\AppData\Local\Temp\FullVersion.exe
2017-08-23 05:35 - 2017-08-23 05:35 - 001234704 _____ (                                                            ) C:\Users\Sebastian's PC\AppData\Local\Temp\ICReinstall_Registry_Activation.exe
2017-08-23 05:23 - 2017-08-23 05:23 - 002424747 _____ () C:\Users\Sebastian's PC\AppData\Local\Temp\MaxPlayer.exe
2017-08-23 04:39 - 2017-07-18 15:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\Sebastian's PC\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-23 00:32

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Sebastian's PC (23-08-2017 09:17:20)
Running from C:\Users\Sebastian's PC\Desktop
Windows 10 Pro Version 1703 (X64) (2017-08-23 07:34:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2524848303-2415197009-2639144431-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2524848303-2415197009-2639144431-503 - Limited - Disabled)
Guest (S-1-5-21-2524848303-2415197009-2639144431-501 - Limited - Disabled)
Sebastian's PC (S-1-5-21-2524848303-2415197009-2639144431-1001 - Administrator - Enabled) => C:\Users\Sebastian's PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.28 - NVIDIA Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DragonBoost (HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\119) (Version:  - ) <==== ATTENTION
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.28 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.28 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-09] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07DD544A-2C1B-4132-B778-EC4597083D51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {11406F35-28C0-4F5D-BB86-9A7A0E67F7B0} - System32\Tasks\56633843 => C:\Users\Sebastian's PC\AppData\Local\steepest.exe [2017-08-21] (Steepest) <==== ATTENTION
Task: {21910460-BEEB-4545-AD96-E029BAF95260} - System32\Tasks\89192954 => C:\Program Files (x86)\Climatologists\steepest.exe [2017-08-21] (Steepest) <==== ATTENTION
Task: {240A87DA-5CFE-46AB-AEC4-E359459FC5A9} - System32\Tasks\S-1-5-21-2524848303-2415197009-2639144431-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {5013F4B7-05C3-4374-853F-B875FE1BB5DE} - System32\Tasks\ba5663384356633843 => C:\Users\Sebastian's PC\AppData\Local\steepest.exe [2017-08-21] (Steepest)
Task: {595A5BD2-D287-42EE-90A9-48F25144F572} - System32\Tasks\ba8919295489192954 => C:\Program Files (x86)\Climatologists\steepest.exe [2017-08-21] (Steepest)
Task: {5C0F5D00-F090-46A7-95D4-95690C70ABF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {6CD73023-6C5D-45BE-94F8-AC72DCD473F8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-21] (NVIDIA Corporation)
Task: {7DE1AC5B-C883-4C38-A009-3AA873740E1E} - System32\Tasks\k89192954 => C:\Program Files (x86)\pitchmen\pitchmen.exe
Task: {8C36FFE9-1472-4886-A344-9E0A5E1B59F8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-21] (NVIDIA Corporation)
Task: {93B02490-8ACF-4B8A-BA80-B6113487FB03} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxp://sh.st/AeotZ" <==== ATTENTION
Task: {9DD718B1-6423-436D-A7F9-E02ED7B7E3A0} - System32\Tasks\ba14444881444488 => C:\Program Files (x86)\Kleck\steepest.exe
Task: {A10DCDEB-2BFB-4EF3-AB00-941107FFE315} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {AF0A25DE-9A8B-4249-9EDF-E81ED1D6AE00} - System32\Tasks\bak89192954k89192954 => C:\Program Files (x86)\pitchmen\pitchmen.exe
Task: {BCDFB8E2-E6CE-4485-A699-DD2085B3E0B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {BCFDAF6D-7F6A-4F45-96C6-1CCA73D5CEA5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-06-21] (NVIDIA Corporation)
Task: {CD839955-03A2-4F64-9C5B-2F6E95D225B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {DA6DFDD4-3B31-47BC-8DBA-119E66C49D09} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-21] (NVIDIA Corporation)
Task: {F0C72FB7-9AB2-48DE-94D1-C47A3BEAEFFF} - System32\Tasks\2bbe70eac594491e4f3b5f612220586b => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\2bbe70eac594491e4f3b5f612220586b.ps1" <==== ATTENTION
Task: {F0E9DB8E-4AFF-45F5-AD00-AA2BDE7A92A0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-21] (NVIDIA Corporation)
Task: {F10BE4F6-264F-4FB5-BC01-B087B0B83C1E} - System32\Tasks\1444488 => C:\Program Files (x86)\Kleck\steepest.exe <==== ATTENTION
Task: {F342CB61-1BA9-4F98-956E-E54483BBA632} - System32\Tasks\d03e216eb47866367aa50ea5e730a806 => sc start d03e216eb47866367aa50ea5e730a806 <==== ATTENTION
Task: {FE1AAB6A-DD01-409E-BA29-8CCF0E9CAD5A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-21] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-08-23 05:24 - 2017-08-23 05:24 - 000052224 _____ () C:\Windows\TEMP\WS\mediatek_86.exe
2017-08-23 04:41 - 2017-06-21 00:04 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 07:43 - 2017-08-11 00:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-23 07:43 - 2017-08-11 00:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2017-08-23 05:40 - 2017-06-23 02:18 - 000028160 _____ () C:\Users\Default\WindowsUpdate\WindowsUpdate.exe
2017-08-21 21:50 - 2017-08-21 21:50 - 000066364 _____ () C:\Program Files (x86)\failures\lure.exe
2017-04-07 00:41 - 2017-04-07 00:41 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-08-23 04:41 - 2017-06-21 00:04 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-08-23 04:41 - 2017-06-21 00:03 - 066836928 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-08-23 04:51 - 2017-05-16 18:54 - 000678176 _____ () C:\Steam\SDL2.dll
2017-08-23 04:51 - 2016-08-31 18:02 - 004969248 _____ () C:\Steam\v8.dll
2017-08-23 04:51 - 2017-07-17 17:33 - 002497824 _____ () C:\Steam\video.dll
2017-08-23 04:51 - 2016-01-27 00:49 - 000332800 _____ () C:\Steam\libavresample-2.dll
2017-08-23 04:51 - 2016-01-27 00:49 - 000491008 _____ () C:\Steam\libavformat-56.dll
2017-08-23 04:51 - 2016-01-27 00:49 - 002549760 _____ () C:\Steam\libavcodec-56.dll
2017-08-23 04:51 - 2016-01-27 00:49 - 000485888 _____ () C:\Steam\libswscale-3.dll
2017-08-23 04:51 - 2016-01-27 00:49 - 000442880 _____ () C:\Steam\libavutil-54.dll
2017-08-23 04:51 - 2016-08-31 18:02 - 001195296 _____ () C:\Steam\icuuc.dll
2017-08-23 04:51 - 2016-08-31 18:02 - 001563936 _____ () C:\Steam\icui18n.dll
2017-08-23 04:51 - 2017-07-17 17:33 - 000884512 _____ () C:\Steam\bin\chromehtml.DLL
2017-08-23 04:51 - 2016-07-04 15:17 - 000266560 _____ () C:\Steam\openvr_api.dll
2017-08-23 04:52 - 2017-05-16 18:54 - 000678176 _____ () C:\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-23 04:52 - 2017-07-06 10:58 - 073088800 _____ () C:\Steam\bin\cef\cef.win7\libcef.dll
2017-08-23 04:51 - 2017-07-17 17:33 - 000384288 _____ () C:\Steam\steam.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 14:03 - 2017-08-23 05:35 - 000001353 _____ C:\Windows\system32\Drivers\etc\hosts

162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com
37.139.50.192 www.gstatic.com
37.139.50.192 www.google-analytics.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2524848303-2415197009-2639144431-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E2571722-8C1F-4C9F-8C2D-326DBCBF0AC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A1FA5621-CDF7-4020-826B-1D44360502B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{21008F87-AFCA-4F2C-8083-F3F6CDDC7212}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{681AFCF2-758B-40F8-8E63-633699B7085F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7DCAB042-5E8B-43C2-A367-43B8C8C7B231}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4200734D-2EEC-4A2B-8C23-A7471C6416E9}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{AA91A042-646C-4BDB-A1E9-235A46488C89}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{56EADDFC-083E-41D8-9E1E-914555FF8A73}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{410889E8-5A6D-481C-8C2F-13B0D2B5EF17}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A3B97BD-ACB9-4016-BBBC-A757BBBA2137}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{CCA11977-10BD-4DF6-9392-8A04B88B3882}] => (Allow) D:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BEAAE8EC-3413-4328-A9D0-15EC7840DF51}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{F8E58A5F-C3E8-4C81-8A64-3C648D141B19}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DCE6B92F-44B1-418B-B26F-813531F869CB}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{26937B38-FEA8-4DFB-AC3D-CA5F805505BD}] => (Allow) C:\Program Files (x86)\Kleck\steepest.exe
FirewallRules: [{CF025E0A-DD1A-4BE1-8D2D-090B2079BBA1}] => (Allow) C:\Program Files (x86)\Climatologists\steepest.exe
FirewallRules: [{8AFA1306-D905-48B0-9DF0-7E5C12184808}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2017 09:10:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x028028f8
Faulting process id: 0x2758
Faulting application start time: 0x01d31c2a5dd14b46
Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe
Faulting module path: unknown
Report Id: 9c7164eb-f97a-4d5a-aeed-d9c08e275f00
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/23/2017 09:10:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x02806010
Faulting process id: 0x2758
Faulting application start time: 0x01d31c2a5dd14b46
Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe
Faulting module path: unknown
Report Id: 79a4b985-e861-4158-8227-37a68ef165c8
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/23/2017 09:10:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/23/2017 09:00:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/23/2017 08:24:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a228f8
Faulting process id: 0x27d0
Faulting application start time: 0x01d31c23e21724d0
Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe
Faulting module path: unknown
Report Id: 84dfebb3-7404-415c-b843-2272e23ae3cb
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/23/2017 08:24:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: activation.exe, version: 0.0.0.0, time stamp: 0x594816fc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x02a26010
Faulting process id: 0x27d0
Faulting application start time: 0x01d31c23e21724d0
Faulting application path: C:\Users\Sebastian's PC\AppData\Local\cypjMERAky\activation.exe
Faulting module path: unknown
Report Id: 73e998c0-eb8d-4891-af48-24e4a3bb521b
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/23/2017 08:24:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/23/2017 08:23:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/23/2017 08:02:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2017 07:41:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-M5OMJK2)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00031401-0079-0000-11d0-000000000000} was terminated because it took too long to suspend.


System errors:
=============
Error: (08/23/2017 09:12:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error: 
Access is denied.

Error: (08/23/2017 09:02:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.

Error: (08/23/2017 09:00:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: 
The requested resource is in use.

Error: (08/23/2017 09:00:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: 
The requested resource is in use.

Error: (08/23/2017 09:00:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (08/23/2017 09:00:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M5OMJK2)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (08/23/2017 09:00:22 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M5OMJK2)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (08/23/2017 08:25:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.

Error: (08/23/2017 08:23:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: 
The requested resource is in use.

Error: (08/23/2017 08:23:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The d03e216eb47866367aa50ea5e730a806 service failed to start due to the following error: 
The requested resource is in use.


==================== Memory info =========================== 

Processor: AMD Ryzen 3 1200 Quad-Core Processor 
Percentage of memory in use: 31%
Total physical RAM: 8125.09 MB
Available physical RAM: 5560.25 MB
Total Virtual: 10045.09 MB
Available Virtual: 7143.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.75 GB) (Free:93.44 GB) NTFS
Drive d: (MY GAMES BOIIIII) (Fixed) (Total:1862.89 GB) (Free:1834.55 GB) NTFS
Drive e: (MY PC USB) (Removable) (Total:14.57 GB) (Free:14.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8E4C974F)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.6 GB) (Disk ID: C987D167)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hi PLSHELP :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.