asdfasd Posted May 26, 2019 ID:1314467 Share Posted May 26, 2019 I have reacently noticed that my pc, after a fiew minutes of inactivity or just not using my m/kb (so when using a seperate controller eg xbox360 or rift) my GPU would spike to 100% when it usualy rins at 70-80% and would drop back down after i moved my mouse. I tried to look into this and scaned my pc, found SOME malware that was supposedly using my GUP for mining but the problem did not stop. I had task manager left open to see what process was causing this much usage and updatedg.exe poped up around 5 mins later and dissapeared as soon as i moved my mouse, could not find it in details either. I did find it in my registry under "DiagnosedApplications" and removed it however it came back after a reboot but i could not find it in the Registry Editor again. i tried using Rkill however this program was not found by Malwarebytes in the first place so i was not suprised that 1. it did not locate the file 2: after the reboot the file was back. I would like to find the root of this problem as soon as it is posible wuthout reinstalling windows. Thanks Link to post Share on other sites More sharing options...
nasdaq Posted May 27, 2019 ID:1314526 Share Posted May 27, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the Farbar Recovery Scan Tool (FRST).Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file: In the Reply section in the bottom of the topic Select Click the Choose a File. Navigate to the location of the File. Click the file. It will appear in section. Click the Saving button. Wait for further instructions ==== Link to post Share on other sites More sharing options...
asdfasd Posted May 27, 2019 Author ID:1314539 Share Posted May 27, 2019 Addition.txtScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05.2019 Ran by lukas (administrator) on DESKTOP-CCFTGOI (27-05-2019 15:48:25) Running from D:\Desktop Loaded Profiles: lukas (Available Profiles: lukas & OVRLibraryService) Platform: Windows 10 Home (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc -> AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\3.00.08\atkexComSvc.exe (Corel Corporation -> ) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe (Corel Corporation -> Corel Corporation) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe (Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) D:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) D:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) D:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) D:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (Discord Inc. -> Discord Inc.) C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe (Discord Inc. -> Discord Inc.) C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Guangzhou Ugee Computers Technology Co.,Ltd -> ) D:\Program Files\Pentablet\PenTablet.exe (Guangzhou Ugee Computers Technology Co.,Ltd -> UGEE) D:\Program Files\Pentablet\PentabletService.exe (Janos Mathe -> H.D.S. Hungary) D:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (Kristjan Skutta -> ) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Malwarebytes Corporation -> Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) D:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) D:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Oculus VR, LLC -> ) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINPE.EXE (ShareX Team) [File not signed] D:\Program Files\ShareX\ShareX.exe (Shenzhen Huion Animation Technology Co., Ltd. -> Graphic Tablet Company Shenzhen) D:\PenTabletDriver\TabletDriver.exe (Spotify AB -> Spotify Ltd) C:\Users\lukas\AppData\Roaming\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd) C:\Users\lukas\AppData\Roaming\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd) C:\Users\lukas\AppData\Roaming\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd) C:\Users\lukas\AppData\Roaming\Spotify\Spotify.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TabletDriver] => D:\PenTabletDriver\TabletDriver.exe [655368 2017-04-19] (Shenzhen Huion Animation Technology Co., Ltd. -> Graphic Tablet Company Shenzhen) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-15] (Corel Corporation -> WinZip) [File not signed] HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-15] (Corel Corporation -> WinZip Computing, S.L.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [PentabletService] => D:\Program Files\Pentablet\PentabletService.exe [2222560 2019-03-20] (Guangzhou Ugee Computers Technology Co.,Ltd -> UGEE) HKLM-x32\...\Run: [CORSAIR iCUE Software] => D:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [OculusTrayTool] => D:\Program Files (x86)\Oculus Tray Tool\OculusTrayTool.exe HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation) HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [Discord] => C:\Users\lukas\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [EADM] => D:\Program Files (x86)\Origin\Origin.exe [3113768 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [WallpaperEngine] => D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [1776120 2019-05-07] (Kristjan Skutta -> ) HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINPE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3543040 2010-12-18] () [File not signed] HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3543040 2010-12-18] () [File not signed] HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [uTorrent] => "C:\Users\lukas\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [Spotify] => C:\Users\lukas\AppData\Roaming\Spotify\Spotify.exe [26062056 2019-05-20] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-2106919109-669726452-617904421-1001\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-20] (GOG Sp. z o.o. -> GOG.com) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\osk.exe [637952 2018-09-15] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Windows\System32\osk.exe [637952 2018-09-15] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.) Startup: C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-09-15] ShortcutTarget: ShareX.lnk -> D:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed] ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019F439B-050D-449E-A608-631B16BC4150} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe) Task: {069CCFCB-BD45-4220-A554-7E015F88A1B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {093A0AD4-379E-4ADF-8DA8-EB3880B3CF81} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe Task: {1555D3D7-BB17-41C7-8BD6-13E67B2E6ACD} - System32\Tasks\MSIAfterburner => D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [739624 2018-04-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) Task: {1B144429-B400-41AC-A241-FCA0336360C6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1B3A85A4-6A0F-41A8-9650-848ADDC80FC5} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_lukas => D:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5458008 2018-07-17] (Janos Mathe -> H.D.S. Hungary) Task: {1E64C0D4-9E4D-4181-AE85-497D774B54F7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lukasz.kozon02@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {20AD19EB-1B02-4498-81FE-DCBDD1F3AFD1} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-15] (Corel Corporation -> WinZip) [File not signed] Task: {22952773-4BD5-4147-9540-9E6D7B7E90C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-29] (Google Inc -> Google Inc.) Task: {23505E78-7EDA-4592-89A5-84198D7CC25D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {28F65BE4-8C4A-4429-8B07-623178315F09} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {36D659E0-BBEC-460A-8646-EB4CD6737ED0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3C931404-CDEC-4C59-9378-C1B93177939A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-29] (Google Inc -> Google Inc.) Task: {3EE1C241-7421-4D4C-A795-F7D94F2C6584} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {47EBF377-CFD5-4E66-9B07-C277A679160A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Task: {54CF0AD5-E3EF-4974-BB78-69AABAA0D0C9} - System32\Tasks\EPSON XP-520 Series Update {FE59CAAA-9411-45D2-9BCD-3E9ACB062C02} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {56457F60-A145-44A0-8A3B-A31257E2F6E9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5827E0DB-C0D9-4414-BAD6-E9959458FC36} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551136 2016-01-14] (ASUSTeK Computer Inc. -> ) [File not signed] Task: {604C1305-D9D4-4DC1-8331-CA56EF1D0BED} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation) Task: {67057EAC-6437-40A8-98EC-59F5BB955130} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {70452137-BA2E-4171-8015-E2A925BC67A3} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7A8EFD04-1F26-47D8-827E-7EC98FF89B5F} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {92F7F857-6CEF-4144-8386-00354EA57A89} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 x86 Critical => C:\Users\lukas\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\sysclc.exe [205562880 2019-04-16] () [File not signed] Task: {94C9477E-6DB4-48B6-AED2-31FB76DA2F74} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9C9EF492-78ED-49F3-93A5-68D90949DEF7} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {ADA594DB-203D-4EF4-A706-2BC59217EB76} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {BB813808-A301-4BFE-B595-78E6012545AD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Task: {CAB95F56-C10D-434B-8305-5366AB23DAED} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Task: {D037FF66-2840-45ED-96C7-64CCE46EDD01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation) Task: {D877C794-8E25-48D3-AC37-9570E4505834} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Task: {E886DB15-A709-4E0C-AB02-C854A50C19CE} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2522480 2017-03-01] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) Task: {EE5CDFEB-68C7-4DF9-A8A1-990D739253F2} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe Task: {F370D74F-5F0C-48DA-91F4-489A44DF6CAB} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-lukasz.kozon02@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {F38548DF-D1DA-4D44-A10E-4559D695ACDE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) Task: {FAA69D25-0BC0-46A9-B8B0-760952A8E346} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe) Task: {FFC58626-F538-4D20-8856-6D53C6109DE6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {FE59CAAA-9411-45D2-9BCD-3E9ACB062C02}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE:/EXE:{FE59CAAA-9411-45D2-9BCD-3E9ACB062C02} /F:UpdateWORKGROUP\DESKTOP-CCFTGOI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2e608902-2526-4fd3-a387-874d469b5e66}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{a633084b-a6c4-495c-8cf5-203e82f8ca06}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION SearchScopes: HKU\S-1-5-21-2106919109-669726452-617904421-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-21] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-21] (Oracle America, Inc. -> Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: 9h5fxety.default FF DefaultProfile: i9lnaqj3.default FF ProfilePath: C:\Users\lukas\AppData\Roaming\Supermedium\Profiles\9h5fxety.default [2019-05-17] FF ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\i9lnaqj3.default [2019-04-19] FF Extension: (Federated Learning Awesome Bar) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\i9lnaqj3.default\Extensions\federated-learning-v2@shield.mozilla.org.xpi [2019-04-19] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3319612&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP56A8E268-060F-4FCB-A1D2-860E185F45CB&SSPV= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR NewTab: Default -> Active:"chrome-extension://pimoijhhcolnleinpboiiilepeafehbf/start/index.html" CHR Profile: C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default [2019-05-27] CHR Extension: (Slides) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-29] CHR Extension: (Docs) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-29] CHR Extension: (Google Drive) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-29] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-19] CHR Extension: (Google Play Music) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-26] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2019-04-21] CHR Extension: (Sheets) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-29] CHR Extension: (Google Docs Offline) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-02] CHR Extension: (AdBlock) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-20] CHR Extension: (Pinterest Save Button) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-05-22] CHR Extension: (Hall of Faces (Game of Thrones) [LSP]) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhkjlcdbbfapccjpchniflcgckhdoefn [2018-05-29] CHR Extension: (Steam Database) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2019-05-14] CHR Extension: (Office Online) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2019-04-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-29] CHR Extension: (Free VPN - the fastest VPN in the house) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogojkdkkcopeepagdlddbninobfhfbcb [2019-05-19] CHR Extension: (No Game No Life Wallpaper HD New Tab Themes) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pimoijhhcolnleinpboiiilepeafehbf [2018-12-24] CHR Extension: (Gmail) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-15] CHR Extension: (Chrome Media Router) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23] CHR Profile: C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-17] CHR Profile: C:\Users\lukas\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-17] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\3.00.08\atkexComSvc.exe [530392 2017-11-02] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-07] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147336 2019-05-15] (Microsoft Corporation -> Microsoft Corporation) R2 CorsairService; D:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [47656 2019-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-03-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation) S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-20] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-20] (GOG Sp. z o.o. -> GOG.com) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53632 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.) R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-03-12] (Electronic Arts, Inc. -> Electronic Arts) S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [142776 2019-05-16] (Oculus VR, LLC -> Facebook Technologies, LLC) R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [1705912 2019-05-16] (Oculus VR, LLC -> Facebook Technologies, LLC) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2019-02-20] (Even Balance, Inc. -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> ) [File not signed] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-06-15] (AnchorFree Inc -> The OpenVPN Project) R3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> ) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [46944 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [23392 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44648 2019-05-27] (CPUID S.A.R.L.U. -> CPUID) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 GLCKIO; C:\Program Files (x86)\ASUS\GPU TweakII\690b33e1-0462-4e84-9bea-c7552b45432a.sys [18712 2019-05-26] (ASUSTeK Computer Inc. -> ) R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-10-27] (Martin Malik - REALiX -> REALiX(tm)) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-27] (Malwarebytes Corporation -> Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bfe69934a6b764ef\nvlddmkm.sys [21672560 2019-05-07] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation) R3 OCULUSVRHEADSET; C:\WINDOWS\system32\DRIVERS\OCULUS119B.sys [1887232 2019-04-19] (C-MEDIA ELECTRONICS INC. -> OCULUS) R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2019-04-20] (Oculus VR, LLC -> Facebook Inc.) R3 OCUSBVID; C:\WINDOWS\System32\drivers\ocusbvid111.sys [69176 2019-04-20] (Oculus VR, LLC -> Oculus VR, LLC) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek ) R3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R3 SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [19456 2018-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> ) R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> ) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation) R3 VBAudioVACAMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cablea64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVACBMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cableb64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider) R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [45408 2018-11-22] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider) R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [55936 2019-02-13] (NCH Software Pty Ltd -> ) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [47616 2018-09-15] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation) S3 Kaozundxi; \??\C:\WINDOWS\system32\Kaozundxi.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-27 15:47 - 2019-05-27 15:48 - 000000000 ____D C:\FRST 2019-05-27 00:30 - 2019-05-27 15:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-05-26 19:32 - 2019-05-26 19:32 - 000000000 ____D C:\Users\lukas\AppData\Local\mbamtray 2019-05-26 19:32 - 2019-05-26 19:32 - 000000000 ____D C:\Users\lukas\AppData\Local\mbam 2019-05-26 19:32 - 2019-05-26 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-05-26 19:32 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-05-26 19:31 - 2019-05-26 20:03 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-05-26 19:31 - 2019-05-26 19:31 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-05-22 22:36 - 2019-05-24 17:47 - 000000000 ____D C:\Users\lukas\AppData\Local\ModAssistant 2019-05-22 18:39 - 2019-05-24 17:40 - 000000000 ____D C:\Users\lukas\AppData\Roaming\beatdrop 2019-05-22 18:39 - 2019-05-22 22:03 - 000000000 ____D C:\Users\lukas\AppData\Local\beatdrop-updater 2019-05-22 18:39 - 2019-05-22 18:39 - 000001434 _____ C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeatDrop.lnk 2019-05-20 18:15 - 2019-05-20 18:15 - 009682960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-05-20 18:15 - 2019-05-20 18:15 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 006545096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 004588536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-05-20 18:15 - 2019-05-20 18:15 - 002777440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 002275680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-05-20 18:15 - 2019-05-20 18:15 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-05-20 18:15 - 2019-05-20 18:15 - 000090664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-05-20 18:15 - 2019-05-20 18:15 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2019-05-20 18:15 - 2019-05-20 18:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2019-05-20 00:46 - 2019-05-20 00:46 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\RUST LTD 2019-05-17 22:35 - 2019-05-17 22:35 - 000000218 _____ C:\Users\lukas\AppData\Local\recently-used.xbel 2019-05-17 22:17 - 2019-05-17 22:17 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\Deo VR 2019-05-17 22:02 - 2019-05-17 22:02 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\Valve Software 2019-05-17 20:21 - 2019-05-17 20:21 - 000000000 ____D C:\Users\lukas\AppData\Local\Pavlov 2019-05-17 17:44 - 2019-05-17 17:44 - 000000000 ____D C:\Users\lukas\AppData\Local\BeatSaberModManager 2019-05-15 21:33 - 2019-05-15 21:33 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-05-15 21:33 - 2019-05-15 21:33 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-05-15 21:33 - 2019-05-15 21:33 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2019-05-15 21:33 - 2019-05-15 21:33 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll 2019-05-15 21:33 - 2019-05-15 21:33 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-05-15 21:32 - 2019-05-15 21:33 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-05-15 21:32 - 2019-05-15 21:32 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-05-15 21:32 - 2019-05-15 21:32 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-05-15 21:32 - 2019-05-15 21:32 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2019-05-15 21:32 - 2019-05-15 21:32 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2019-05-15 21:32 - 2019-05-15 21:32 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll 2019-05-15 21:32 - 2019-05-15 21:32 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll 2019-05-15 19:16 - 2019-05-15 19:16 - 000000000 ____D C:\Users\lukas\AppData\Local\GameAnalytics 2019-05-14 18:51 - 2019-05-14 18:51 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\ILLUSION 2019-05-12 17:36 - 2019-05-12 17:36 - 000000000 ____D C:\ProgramData\OculusTrayTool 2019-05-12 17:16 - 2019-05-07 20:56 - 011051912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 009486536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 000457096 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2019-05-12 17:16 - 2019-05-07 20:56 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2019-05-12 17:16 - 2019-05-07 20:56 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe 2019-05-12 17:16 - 2019-05-07 20:56 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2019-05-12 17:16 - 2019-05-07 20:56 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2019-05-12 17:16 - 2019-05-07 20:55 - 001470856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2019-05-12 17:16 - 2019-05-07 20:55 - 001134016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2019-05-12 17:16 - 2019-05-07 20:55 - 000821152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2019-05-12 17:16 - 2019-05-07 20:55 - 000675416 _____ C:\WINDOWS\system32\nvofapi64.dll 2019-05-12 17:16 - 2019-05-07 20:55 - 000631232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2019-05-12 17:16 - 2019-05-07 20:55 - 000541656 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2019-05-12 17:16 - 2019-05-07 20:55 - 000521472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 040412760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 035270232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 020187904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 017465512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 005421960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 004758728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 001721600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443064.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 001540488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443064.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 001162448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 000911616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2019-05-12 17:16 - 2019-05-07 20:54 - 000654080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2019-05-12 17:16 - 2019-05-06 06:35 - 000046848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2019-05-12 17:14 - 2019-05-12 17:14 - 000000000 ____D C:\Users\lukas\AppData\Local\ApollyonVR 2019-05-12 17:13 - 2019-05-12 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oculus Tray Tool 2019-05-11 22:16 - 2019-05-11 22:16 - 000000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FallenDoll(Beta1.30)(VR).lnk 2019-05-11 22:12 - 2019-05-11 22:12 - 000000000 ____D C:\Users\lukas\AppData\Roaming\AppContainer 2019-05-05 21:48 - 2019-05-05 21:48 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\VReleased 2019-05-05 01:22 - 2019-05-27 13:43 - 000003142 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2019-05-03 19:39 - 2019-05-03 19:39 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2019-05-03 19:39 - 2019-05-03 19:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2019-05-03 19:39 - 2019-05-03 19:39 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe 2019-05-03 19:39 - 2019-05-03 19:39 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll 2019-05-03 19:39 - 2019-05-03 19:39 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-05-03 19:38 - 2019-05-03 19:38 - 000806600 _____ C:\WINDOWS\system32\locale.nls 2019-05-03 19:38 - 2019-05-03 19:38 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-05-03 19:38 - 2019-05-03 19:38 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-05-03 19:38 - 2019-05-03 19:38 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2019-05-03 19:38 - 2019-05-03 19:38 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2019-05-03 19:38 - 2019-05-03 19:38 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe 2019-05-03 13:14 - 2019-05-03 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software 2019-04-30 19:07 - 2019-04-30 19:07 - 000000000 ____D C:\WINDOWS\SysWOW64\directx ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-27 15:43 - 2018-06-24 10:20 - 000000000 ____D C:\Users\lukas\AppData\Local\CrashDumps 2019-05-27 15:42 - 2019-03-31 18:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-05-27 15:24 - 2019-03-31 18:15 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-05-27 15:24 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-05-27 15:20 - 2019-04-19 18:51 - 000000000 ____D C:\Users\lukas\AppData\Local\FBCapture 2019-05-27 15:20 - 2018-05-29 17:06 - 000000000 ____D C:\ProgramData\NVIDIA 2019-05-27 15:19 - 2018-12-01 20:00 - 000000000 ____D C:\Users\lukas\AppData\Local\Spotify 2019-05-27 15:19 - 2018-12-01 19:59 - 000000000 ____D C:\Users\lukas\AppData\Roaming\Spotify 2019-05-27 15:18 - 2019-04-19 16:27 - 000000000 ____D C:\Users\lukas\AppData\Local\Oculus 2019-05-27 15:18 - 2019-03-31 18:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-05-27 15:18 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-27 12:01 - 2018-06-16 16:49 - 000000000 ____D C:\Users\lukas\AppData\Local\Adobe 2019-05-27 00:42 - 2018-05-30 10:22 - 000000000 ____D C:\Users\lukas\AppData\Roaming\discord 2019-05-27 00:30 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-05-27 00:28 - 2019-04-19 17:43 - 000000000 ____D C:\Users\lukas\AppData\Roaming\Oculus 2019-05-26 19:54 - 2018-09-21 23:10 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.8.1 2019-05-26 19:32 - 2019-01-12 20:04 - 000007601 _____ C:\Users\lukas\AppData\Local\Resmon.ResmonCfg 2019-05-26 19:32 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-05-26 14:08 - 2018-09-05 10:05 - 000000000 ____D C:\Program Files\Microsoft Office 2019-05-26 14:03 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-05-26 14:03 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-05-25 00:06 - 2018-12-06 22:50 - 000000000 ____D C:\Users\lukas\AppData\Roaming\.minecraft 2019-05-23 00:53 - 2019-03-31 18:12 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2106919109-669726452-617904421-1001 2019-05-23 00:53 - 2019-03-31 18:07 - 000002380 _____ C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-05-23 00:53 - 2018-05-29 17:04 - 000000000 ___RD C:\Users\lukas\OneDrive 2019-05-22 23:30 - 2018-05-29 17:34 - 000002318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-05-20 20:45 - 2019-03-31 18:03 - 000354496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-05-20 20:12 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-05-20 18:16 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-05-19 23:15 - 2018-05-29 18:43 - 000000000 ____D C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2019-05-18 22:32 - 2018-10-22 17:46 - 000000000 ____D C:\Users\lukas\AppData\Local\Frontier_Developments 2019-05-18 21:51 - 2018-05-30 10:40 - 000000000 ____D C:\Users\lukas\AppData\Local\Ubisoft Game Launcher 2019-05-18 20:39 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-05-17 22:35 - 2018-09-17 22:47 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\Mozilla 2019-05-17 22:03 - 2019-04-19 21:41 - 000000000 ____D C:\Users\lukas\AppData\LocalLow\Valve 2019-05-17 21:43 - 2019-04-17 01:03 - 000000000 ____D C:\Users\lukas\AppData\Roaming\deluge 2019-05-17 20:19 - 2018-05-29 18:27 - 000000000 ____D C:\ProgramData\Package Cache 2019-05-17 01:03 - 2019-03-31 18:07 - 000000000 ____D C:\Users\lukas 2019-05-17 00:05 - 2019-04-20 18:47 - 000000000 ____D C:\Program Files\Oculus 2019-05-15 23:57 - 2018-09-15 08:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-05-15 17:24 - 2019-03-31 18:12 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-15 17:24 - 2019-03-31 18:12 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-14 23:17 - 2018-05-29 17:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-05-14 23:00 - 2018-09-15 08:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-05-14 23:00 - 2018-09-15 08:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-05-14 23:00 - 2018-05-29 20:52 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-05-14 22:54 - 2018-05-29 20:51 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-05-14 19:52 - 2019-03-31 18:12 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-05-14 19:52 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-05-14 19:52 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-05-13 19:56 - 2018-11-20 18:29 - 000000000 ____D C:\Users\lukas\AppData\Local\Warframe 2019-05-12 19:30 - 2018-05-29 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-05-12 17:31 - 2018-05-29 18:27 - 000000000 ____D C:\Users\lukas\AppData\Local\NVIDIA 2019-05-12 17:17 - 2018-05-29 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2019-05-12 17:08 - 2019-03-31 18:12 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:08 - 2019-03-31 18:12 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2019-03-31 18:12 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-05-12 17:07 - 2018-05-29 17:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2019-05-11 22:56 - 2018-11-16 23:02 - 000000000 ____D C:\Users\lukas\AppData\Roaming\vlc 2019-05-11 22:17 - 2018-06-23 19:22 - 000000000 ____D C:\Users\lukas\AppData\Local\UnrealEngine 2019-05-11 19:14 - 2019-04-19 17:43 - 000000000 ____D C:\Users\lukas\AppData\Roaming\OculusClient 2019-05-10 22:40 - 2018-05-29 19:41 - 000000000 ____D C:\Users\lukas\AppData\Local\D3DSCache 2019-05-09 00:20 - 2018-05-29 18:16 - 000000000 ____D C:\Users\lukas\AppData\Local\ElevatedDiagnostics 2019-05-08 20:31 - 2018-05-29 16:59 - 000000000 ____D C:\Users\lukas\AppData\Local\Packages 2019-05-08 00:02 - 2019-04-08 15:37 - 000000000 ____D C:\Users\lukas\AppData\Roaming\obs-studio 2019-05-07 20:55 - 2019-03-29 01:10 - 002039688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2019-05-07 20:54 - 2019-03-29 01:10 - 000808840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2019-05-07 20:51 - 2019-03-29 01:10 - 005085152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2019-05-07 20:51 - 2019-03-29 01:10 - 004340120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2019-05-06 06:35 - 2019-03-31 16:19 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2019-05-06 06:35 - 2019-03-31 16:19 - 000228608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2019-05-06 06:35 - 2019-03-29 01:10 - 000052319 _____ C:\WINDOWS\system32\nvinfo.pb 2019-05-06 03:43 - 2018-09-02 11:11 - 005432176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2019-05-06 03:43 - 2018-09-02 11:11 - 002637808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2019-05-06 03:43 - 2018-09-02 11:11 - 001767736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2019-05-06 03:43 - 2018-09-02 11:11 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2019-05-06 03:43 - 2018-09-02 11:11 - 000450416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2019-05-06 03:43 - 2018-09-02 11:11 - 000125424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2019-05-06 03:43 - 2018-09-02 11:11 - 000082984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2019-05-04 01:32 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\TextInput 2019-05-04 01:32 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-05-01 19:25 - 2018-06-04 13:16 - 000000000 ____D C:\Users\lukas\AppData\Roaming\NekoWorks ==================== Files in the root of some directories ======= 2019-04-20 19:15 - 2019-04-20 19:15 - 000000000 _____ () C:\Users\lukas\AppData\Roaming\.OculusDebugToolGUI 2019-04-16 23:08 - 2019-04-18 21:35 - 000001747 _____ () C:\Users\lukas\AppData\Roaming\syncplay.ini 2019-03-21 18:56 - 2019-03-26 19:11 - 000034080 _____ () C:\Users\lukas\AppData\Roaming\VoiceMeeterBananaDefault.xml 2018-09-27 22:08 - 2018-09-27 22:08 - 000000000 _____ () C:\Users\lukas\AppData\Local\oobelibMkey.log 2019-05-17 22:35 - 2019-05-17 22:35 - 000000218 _____ () C:\Users\lukas\AppData\Local\recently-used.xbel 2019-01-12 20:04 - 2019-05-26 19:32 - 000007601 _____ () C:\Users\lukas\AppData\Local\Resmon.ResmonCfg ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
nasdaq Posted May 28, 2019 ID:1314620 Share Posted May 28, 2019 Hi, ATTENTION: System Restore is disabled Turn System Restore ON for Drives in Windows 10 - Immediately.https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html <<<>>> Unable to find any Chrome links for this extension. Did you install it? CHR Extension: (Free VPN - the fastest VPN in the house) - C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogojkdkkcopeepagdlddbninobfhfbcb === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply. === Lets check the registry. Run the Farbar program .exe as an Administrator. In the Search text area, copy and paste the following:DiagnosedApplications Once done, click on the Search Registry button and wait for FRST to finish the search On completion, a log will open in Notepad. Copy and paste its content in your next reply ==== Please post the logs and let me know what problem persists. fixlist.txt Link to post Share on other sites More sharing options...
asdfasd Posted May 28, 2019 Author ID:1314670 Share Posted May 28, 2019 Yes the VPN was installed by me, and the problem still persists, updatedg.exe pops up after 5 mins of inactivity and uses my GPU at high levels, it was using it at 30% whilst running sekiro bringing it to 100% and at 60% when idle bringing total usage to 70-80%. the fixlog.txt and searchreg.txt are both attached. SearchReg.txtFixlog.txt Link to post Share on other sites More sharing options...
nasdaq Posted May 29, 2019 ID:1314745 Share Posted May 29, 2019 Hi, Lets see what we can find in the Registry. Run the Farbar program .exe as an Administrator. In the Search text area, copy and paste the following:sysclc.exe Once done, click on the Search Registry button and wait for FRST to finish the search On completion, a log will open in Notepad. Copy and paste its content in your next reply ==== The file in bold is suspicious. Please submit it to VirusTotal for inspection. C:\Users\lukas\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\sysclc.exe at:https://www.virustotal.com/gui/home/upload Follow the directives on the page. Post the log and the link that will be generated. Link to post Share on other sites More sharing options...
asdfasd Posted May 29, 2019 Author ID:1314785 Share Posted May 29, 2019 Hi as i am writing this reply i have finished the search and it appears that it did not find the exe in the registry, which i am not suprised since i tried to locate the file myself and as i was going through the path to the file the folder Internet settings did not exist, i checked the view settings and in fact i had turned on "show hidden files forders and drives" so it could not have been that. i oened the folder manualy and sysclc.exe was not there however i managed to find various files that confirmed that someone was using my gpu to mine, not only that they where using my cpu too, after looking through some of the files i managed to find the pool adress and walled adress of whomever was mining on this, i dont know how helpful this would be but would you like me to attach the whole "AppContainer" folder so that you can inspect it fully? here are the search results: Farbar Recovery Scan Tool (x64) Version: 29-05.2019 Ran by lukas (29-05-2019 18:05:57) Running from D:\Desktop\RndAppsFolders\FRST Boot Mode: Normal ================== Search Registry: "sysclc.exe" =========== ====== End of Search ====== Link to post Share on other sites More sharing options...
asdfasd Posted May 30, 2019 Author ID:1314877 Share Posted May 30, 2019 Update: i went back to this this evening to mess around and try and find this file, i added the whole folder to a rar archive and as i looked through it all the hidden files were now displayed, this included "sysclc.exe" plus what looked like a backup of the "updatadg.exe" and its adjacent files and libraries. i was unable to upload the file itself to the website since when i extracted the file the file imediately dissapeared, which was a pain to remove since my dumbass extracted it to my desktop so i had to backup all my files, change the location of the desktop folder and then delete the whole folder just to get rid of that exe, using shell commands didnt work since that file could not be located but i checked by adding the old desktop to a rar and infact that file was there. i have whe whole "AppContainer" folder in a rar archive if you want to have a look and i am planing on removing the folder within the next 24 hours unless you advise againts that but i will keep the rar for a while. Link to post Share on other sites More sharing options...
nasdaq Posted May 30, 2019 ID:1314938 Share Posted May 30, 2019 Is your problem solved? If you need to delete a file or folder and the access is denied boot to safe mode and delete it in that Mode. Link to post Share on other sites More sharing options...
asdfasd Posted May 30, 2019 Author ID:1314948 Share Posted May 30, 2019 Yup I deleted the folder this morning an the problem did not reoccur. Thanks a lot for your help and time. Have a great day Link to post Share on other sites More sharing options...
nasdaq Posted May 30, 2019 ID:1314953 Share Posted May 30, 2019 Glad we could help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 5, 2019 Root Admin ID:1315873 Share Posted June 5, 2019 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts