Jump to content
Hamburg

The program can't find cryptinject even with free trial

Recommended Posts

Hello. I don't know much about the forums I just need help and I can't find any other thread about it.

I somehow got infected with cryptinject, which I know because windows defender found it, and I am losing packets in some games(happened in the past but I narrowed the location down and deleted it).
Now I can't even find the location windows defender is pinpointing, and furthermore, malwarebytes doesn't seem to find the trojan at all.
I have tried removing and quaratining with windowsdefender but every time I perform a full scan it seems to be back.

I downloaded malarebytes due to a recommendation hoping it could help me solve the issue.image.thumb.png.c2db582250e0ad09fa51eebf91843604.pngimage.thumb.png.3c0510ca52b9c67e089519cbe8dabb17.png


Please let me know which info do I need to provide to recieve help from anyone. Thank you for your time.

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please post the logs for my review.

Wait for further instructions
==

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2019
Ran by Hamburg (administrator) on DESKTOP-RVNL28N (19-12-2019 13:26:00)
Running from C:\Users\Hamburg\Desktop\Nasdaq
Loaded Profiles: Hamburg (Available Profiles: Hamburg)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\Hamburg\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Hamburg\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Hamburg\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Hamburg\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\ORIGIN\OriginWebHelperService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_38bfcb542ef4272e\IntelCpHDCPSvc.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ND_Apps -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3889811010-1061122002-582621562-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-3889811010-1061122002-582621562-1001\...\Run: [Discord] => C:\Users\Hamburg\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3889811010-1061122002-582621562-1001\...\MountPoints2: {28a8a24f-f54b-11e9-b1a0-2c56dcd296f6} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3889811010-1061122002-582621562-1001\...\MountPoints2: {f3cbb01b-c419-11e9-b167-806e6f6e6963} - "F:\SETUP.EXE" 
HKU\S-1-5-21-3889811010-1061122002-582621562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12192019132329769\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3288016 2019-12-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-3889811010-1061122002-582621562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12192019132329769\...\Run: [Discord] => C:\Users\Hamburg\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3889811010-1061122002-582621562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12192019132329769\...\MountPoints2: {28a8a24f-f54b-11e9-b1a0-2c56dcd296f6} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3889811010-1061122002-582621562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12192019132329769\...\MountPoints2: {f3cbb01b-c419-11e9-b167-806e6f6e6963} - "F:\SETUP.EXE" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-09-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\Users\Hamburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2019-12-05]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2CCFE888-317F-4714-AF91-67777C20C3D4} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {458D42D0-0D22-4AE1-A03E-D42BDA939ABA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A9FCF99-6902-42F1-841A-F76EE16FDECA} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4BB2774A-B1E6-4C69-85B5-77D41A4E1D71} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {50169074-2E97-4D62-8569-7B45B66468DD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654456 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {57916F9B-AC8A-4480-8C47-EC605F225385} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {62892578-ADB5-42E0-A20F-E9AF3112C6AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-22] (Google Inc -> Google LLC)
Task: {64047408-3160-41A9-9CF3-6213B8607719} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {65E3FF06-8BA3-454E-9357-1614C16117CC} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2610160 2019-09-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {77580E76-D05C-4304-9437-3541EDDD2591} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [64758416 2016-07-11] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {99A20739-F56B-489B-AF3E-60A35E1148E4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {A7E3837E-C8FA-44F1-9D16-4F767B63735F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C7D7F23F-B198-4DC4-9A21-41DEC4E1641C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E51963CA-B27C-484B-9B0A-B40A165AFF1D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301928 2019-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FFE4BAC0-5A89-45AD-91D4-719220F618DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-22] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.14.1
Tcpip\..\Interfaces\{14985205-bf4a-4643-ac04-ebec7bbed232}: [DhcpNameServer] 192.168.14.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico
CHR Profile: C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default [2019-12-19]
CHR DownloadDir: D:\Download
CHR Extension: (Slides) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-22]
CHR Extension: (Docs) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-22]
CHR Extension: (Google Drive) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-22]
CHR Extension: (YouTube) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-22]
CHR Extension: (uBlock Origin) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-28]
CHR Extension: (WatchList) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfihgchpknpgciblnlecpoglgjnfcfgb [2019-10-22]
CHR Extension: (Sheets) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-22]
CHR Extension: (Google Docs Offline) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-22]
CHR Extension: (Moneyz) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflndcdhfjofgbcihnkijldmbjnndmgd [2019-12-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-11]
CHR Extension: (Mount and Blade 2: Bannerlord - ThemeLead) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcficajiadeppejljoglpkmffpggphnc [2019-08-22]
CHR Extension: (Gmail) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Hamburg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-12]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-10-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [573472 2019-06-11] (ND_Apps -> Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-17] (Malwarebytes Inc -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; D:\ORIGIN\OriginClientService.exe [2425136 2019-11-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\ORIGIN\OriginWebHelperService.exe [3303736 2019-11-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-25] (ASUSTeK Computer Inc. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [135520 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2018-12-15] (Disc Soft Ltd -> Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_0d0901f66b76dc48\e1d68x64.sys [598112 2019-06-11] (Intel(R) INTELND1820 -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-17] (Malwarebytes Corporation -> Malwarebytes)
R3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-10-21] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [20624 2019-10-21] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-10-21] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-17] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-12-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-12-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-12-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-12-18] (Malwarebytes Corporation -> Malwarebytes)
R3 NAL; C:\WINDOWS\system32\Drivers\iqvw64e.sys [58304 2019-05-22] (ND_QV -> Intel Corporation )
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_77e6900053c33f6f\nvlddmkm.sys [23231744 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-19 13:25 - 2019-12-19 13:26 - 000000000 ____D C:\FRST
2019-12-19 13:24 - 2019-12-19 13:26 - 000000000 ____D C:\Users\Hamburg\Desktop\Nasdaq
2019-12-18 21:34 - 2019-12-18 21:34 - 000000743 _____ C:\Users\Public\Desktop\MapleRoyals.lnk
2019-12-18 21:34 - 2019-12-18 21:34 - 000000743 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MapleRoyals.lnk
2019-12-18 21:34 - 2019-12-18 21:34 - 000000743 _____ C:\ProgramData\Desktop\MapleRoyals.lnk
2019-12-18 21:30 - 2019-12-18 21:30 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-18 21:30 - 2019-12-18 21:30 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-12-18 21:30 - 2019-12-18 21:30 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-12-18 21:30 - 2019-12-18 21:30 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-12-17 16:33 - 2019-12-17 16:33 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-17 16:33 - 2019-12-17 16:33 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-17 16:33 - 2019-12-17 16:33 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-12-17 16:33 - 2019-12-17 16:33 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-17 16:33 - 2019-12-17 16:33 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-12-17 16:33 - 2019-12-17 16:33 - 000000000 ____D C:\Users\Hamburg\AppData\Local\mbamtray
2019-12-17 16:33 - 2019-12-17 16:33 - 000000000 ____D C:\Users\Hamburg\AppData\Local\mbam
2019-12-17 16:33 - 2019-12-17 16:33 - 000000000 ____D C:\Users\Hamburg\AppData\Local\cache
2019-12-17 16:33 - 2019-12-17 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-17 16:33 - 2019-12-17 16:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-17 16:32 - 2019-12-17 16:32 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-16 21:36 - 2019-12-16 21:35 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-12-13 11:04 - 2019-12-13 11:04 - 000000000 _____ C:\Users\Hamburg\Desktop\New Text Document.txt
2019-12-11 19:20 - 2019-12-11 19:20 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-11 19:20 - 2019-12-11 19:20 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-11 19:20 - 2019-12-11 19:20 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-11 19:20 - 2019-12-11 19:20 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-11 19:20 - 2019-12-11 19:20 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-11 19:20 - 2019-12-11 19:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 011843696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 010167952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 001729440 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-12-11 11:31 - 2019-12-08 23:28 - 001729440 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-12-11 11:31 - 2019-12-08 23:28 - 001329568 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-12-11 11:31 - 2019-12-08 23:28 - 001329568 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-12-11 11:31 - 2019-12-08 23:28 - 001079200 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 001079200 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 000937888 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 000937888 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 000451656 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-12-11 11:31 - 2019-12-08 23:28 - 000352712 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 001483712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 001146880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 000824256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 000684992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 000676608 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 000557072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-12-11 11:31 - 2019-12-08 23:27 - 000545296 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 040510424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 035380264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 017462424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 015030896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 005382024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 004717656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 002076064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 001727920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444166.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 001568504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 001491472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444166.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 001371648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 001064840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-12-11 11:31 - 2019-12-08 23:26 - 000812800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-12-11 11:31 - 2019-12-08 19:20 - 004224176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-12-11 08:00 - 2019-12-11 08:08 - 000000000 __SHD C:\Users\Hamburg\IntelGraphicsProfiles
2019-12-11 08:00 - 2019-12-11 08:05 - 000000000 ____D C:\Users\Hamburg\AppData\Local\Intel
2019-12-11 08:00 - 2019-12-11 08:00 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-12-09 21:51 - 2019-12-11 23:25 - 000000000 ____D C:\Users\Hamburg\Desktop\Money Screenshots
2019-12-09 17:24 - 2019-12-09 17:24 - 000002705 _____ C:\Users\Hamburg\Desktop\Moneyz.lnk
2019-12-09 12:47 - 2019-09-30 22:47 - 021092352 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 019993216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 003195968 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h265ve_64.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 003189168 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_vp9ve_64.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 003175640 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h264ve_64.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 002971944 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_encrypt_64.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 002585904 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h265ve_32.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 002580712 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_vp9ve_32.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 002572256 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h264ve_32.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 002415016 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_encrypt_32.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 000212456 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2019-12-09 12:47 - 2019-09-30 22:47 - 000184144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 025056264 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 011902472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 003007496 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_mjpgvd_64.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 002437128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_mjpgvd_32.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 000168968 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 000141832 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2019-12-09 12:47 - 2019-09-30 22:46 - 000136712 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2019-12-09 12:47 - 2019-09-30 18:29 - 001376256 _____ C:\WINDOWS\system32\c_64.cpa
2019-12-09 12:47 - 2019-09-30 18:29 - 001361159 _____ C:\WINDOWS\SysWOW64\c_32.cpa
2019-12-09 12:47 - 2019-09-30 18:29 - 000072361 _____ C:\WINDOWS\SysWOW64\h265e_32.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000071956 _____ C:\WINDOWS\SysWOW64\vp9e_32.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000070721 _____ C:\WINDOWS\SysWOW64\he_32.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000065805 _____ C:\WINDOWS\SysWOW64\mj_32.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000057143 _____ C:\WINDOWS\SysWOW64\dev_32.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000056359 _____ C:\WINDOWS\system32\dev_64.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000014145 _____ C:\WINDOWS\system32\h265e_64.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000013992 _____ C:\WINDOWS\system32\vp9e_64.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000013585 _____ C:\WINDOWS\system32\he_64.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000013317 _____ C:\WINDOWS\system32\mj_64.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000001125 _____ C:\WINDOWS\SysWOW64\cpa_32.vp
2019-12-09 12:47 - 2019-09-30 18:29 - 000001125 _____ C:\WINDOWS\system32\cpa_64.vp
2019-12-08 13:55 - 2019-12-08 13:55 - 000801684 _____ C:\WINDOWS\Minidump\120819-11484-01.dmp
2019-12-07 12:43 - 2019-12-07 12:43 - 000865636 _____ C:\WINDOWS\Minidump\120719-10953-01.dmp
2019-12-06 19:48 - 2019-12-06 19:49 - 001067556 _____ C:\WINDOWS\Minidump\120619-7656-01.dmp
2019-12-05 18:41 - 2019-12-07 22:47 - 000000000 ____D C:\Users\Hamburg\Documents\temp
2019-12-05 18:38 - 2019-12-08 13:54 - 000002664 _____ C:\WINDOWS\system32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE
2019-12-05 18:38 - 2019-12-05 18:38 - 000001295 _____ C:\Users\Public\Desktop\XTREME GAMING ENGINE.lnk
2019-12-05 18:38 - 2019-12-05 18:38 - 000001295 _____ C:\ProgramData\Desktop\XTREME GAMING ENGINE.lnk
2019-12-05 18:38 - 2019-12-05 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2019-12-05 18:38 - 2019-12-05 18:38 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-12-05 18:30 - 2019-12-05 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-12-05 18:26 - 2019-12-05 18:29 - 000000000 ___HD C:\$WINDOWS.~BT
2019-11-28 17:05 - 2019-11-28 17:06 - 000632988 _____ C:\WINDOWS\Minidump\112819-6921-01.dmp
2019-11-23 16:54 - 2019-11-23 16:54 - 000000000 ____D C:\Users\Hamburg\AppData\LocalLow\Plausible Concept
2019-11-23 16:53 - 2019-11-23 16:53 - 000000262 _____ C:\Users\Hamburg\Desktop\Bad North Jotunn Edition.url
2019-11-23 16:50 - 2019-11-23 16:50 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2019-11-23 16:50 - 2019-11-23 16:50 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2019-11-23 16:50 - 2019-11-23 16:50 - 000001258 _____ C:\ProgramData\Desktop\Epic Games Launcher.lnk
2019-11-23 16:50 - 2019-11-23 16:50 - 000000000 ____D C:\Users\Hamburg\AppData\Local\UnrealEngineLauncher
2019-11-23 16:50 - 2019-11-23 16:50 - 000000000 ____D C:\Users\Hamburg\AppData\Local\EpicGamesLauncher
2019-11-23 16:49 - 2019-11-23 16:51 - 000000000 ____D C:\ProgramData\Epic
2019-11-23 16:49 - 2019-11-23 16:49 - 000000000 ____D C:\Program Files (x86)\Epic Games
2019-11-22 11:00 - 2019-11-22 11:00 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2019-11-22 11:00 - 2019-11-22 11:00 - 000001443 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2019-11-22 10:55 - 2019-11-28 22:50 - 000003458 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003256 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003212 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003044 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003008 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003008 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003008 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000003008 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000002974 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-28 22:50 - 000002804 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-11-22 10:55 - 2019-11-22 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-11-22 10:55 - 2019-10-24 16:01 - 002845208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2019-11-22 10:55 - 2019-10-24 16:01 - 002209136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2019-11-22 10:55 - 2019-10-24 16:01 - 001323112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2019-11-22 10:55 - 2019-07-22 20:36 - 000179000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2019-11-22 10:55 - 2019-07-22 20:36 - 000154424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2019-11-22 10:54 - 2019-11-05 21:59 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-11-22 10:52 - 2019-12-08 23:26 - 000659152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-11-22 10:52 - 2019-12-08 19:20 - 004957288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-11-22 10:52 - 2019-11-12 21:13 - 001683032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-11-22 10:52 - 2019-11-12 21:13 - 000228792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-11-22 10:52 - 2019-11-12 21:13 - 000047272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-11-22 10:52 - 2019-08-23 05:08 - 000075600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2019-11-22 10:52 - 2019-04-17 09:42 - 000069840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2019-11-22 10:49 - 2019-11-22 10:49 - 000000000 ____D C:\NVIDIA
2019-11-22 10:26 - 2019-11-28 22:50 - 000002592 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2019-11-22 10:25 - 2019-11-22 10:25 - 000001293 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2019-11-22 10:25 - 2019-11-22 10:25 - 000001293 _____ C:\ProgramData\Desktop\Samsung Magician.lnk
2019-11-22 10:25 - 2019-11-22 10:25 - 000000000 ____D C:\ProgramData\Samsung
2019-11-22 10:25 - 2019-11-22 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2019-11-22 10:25 - 2019-11-22 10:25 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-11-22 10:20 - 2019-11-28 22:50 - 000003234 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2019-11-22 10:14 - 2019-12-11 08:00 - 000000000 ____D C:\ProgramData\Intel
2019-11-22 10:14 - 2019-12-05 18:30 - 000000000 ____D C:\Program Files\Intel
2019-11-22 10:14 - 2019-11-22 10:14 - 000000000 ____D C:\Users\Hamburg\Intel
2019-11-22 10:14 - 2019-11-22 10:14 - 000000000 ____D C:\Program Files (x86)\Intel
2019-11-22 10:13 - 2019-11-22 10:18 - 000010024 _____ C:\WINDOWS\PE_Rom.dll
2019-11-22 10:13 - 2014-02-25 08:49 - 000014464 _____ C:\WINDOWS\SysWOW64\Drivers\AsUpIO.sys
2019-11-21 09:19 - 2019-11-22 10:29 - 000000000 ____D C:\Users\Hamburg\Superposition
2019-11-21 09:19 - 2019-11-21 09:19 - 000002108 _____ C:\Users\Public\Desktop\Superposition Benchmark.lnk
2019-11-21 09:19 - 2019-11-21 09:19 - 000002108 _____ C:\ProgramData\Desktop\Superposition Benchmark.lnk
2019-11-21 09:19 - 2019-11-21 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2019-11-21 09:17 - 2019-11-21 09:17 - 000000000 ____D C:\Program Files\Unigine

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-19 13:22 - 2019-08-22 22:05 - 000000000 ____D C:\Program Files (x86)\Steam
2019-12-19 13:22 - 2019-08-22 21:55 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-19 00:20 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-19 00:19 - 2019-09-05 20:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-18 21:36 - 2019-09-05 20:43 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-18 21:36 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-18 21:33 - 2019-08-22 23:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-18 21:33 - 2019-08-22 23:09 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-18 21:33 - 2019-08-22 23:09 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-18 21:30 - 2019-09-05 20:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-18 21:30 - 2019-08-22 22:02 - 000000000 ____D C:\Users\Hamburg\AppData\Local\Avg
2019-12-18 21:30 - 2019-08-22 22:00 - 000000000 ____D C:\ProgramData\AVG
2019-12-18 21:29 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-18 21:29 - 2019-03-19 06:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-12-18 13:26 - 2019-09-05 20:41 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-18 13:26 - 2019-09-05 20:41 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-18 13:26 - 2019-09-05 20:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2019-12-18 10:35 - 2019-11-11 10:13 - 000000000 ____D C:\Users\Hamburg\AppData\Local\CrashDumps
2019-12-18 10:35 - 2019-08-22 23:24 - 000000000 ____D C:\Users\Hamburg\AppData\Roaming\Discord
2019-12-18 00:04 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-17 16:33 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-12-17 16:28 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-17 16:28 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-16 21:45 - 2019-08-23 17:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-16 21:45 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-12-13 00:22 - 2019-08-21 20:12 - 000000000 ____D C:\Users\Hamburg\AppData\Local\Packages
2019-12-11 23:37 - 2019-08-24 01:08 - 000000000 ____D C:\Users\Hamburg\AppData\Local\D3DSCache
2019-12-11 23:16 - 2019-09-05 20:37 - 000000000 ____D C:\Users\Hamburg
2019-12-11 23:16 - 2019-09-05 20:36 - 000267640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 23:16 - 2019-08-24 01:02 - 000000000 ___RD C:\Users\Hamburg\3D Objects
2019-12-11 23:16 - 2019-08-21 20:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-11 23:15 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 23:15 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 23:15 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-11 19:23 - 2019-08-23 01:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-11 19:22 - 2019-08-23 01:17 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 08:20 - 2019-10-21 03:39 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-12-11 08:01 - 2019-08-21 20:12 - 000000000 ____D C:\Users\Hamburg\AppData\Local\Publishers
2019-12-09 17:24 - 2019-10-22 08:06 - 000000000 ____D C:\Users\Hamburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2019-12-08 13:55 - 2019-10-17 17:31 - 000000000 ____D C:\WINDOWS\Minidump
2019-12-07 05:09 - 2018-04-12 18:33 - 000055685 _____ C:\WINDOWS\system32\nvinfo.pb
2019-12-07 03:21 - 2019-08-22 21:56 - 005562208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-12-07 03:21 - 2019-08-22 21:56 - 002652712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-12-07 03:21 - 2019-08-22 21:56 - 001768456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-12-07 03:21 - 2019-08-22 21:56 - 000670744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-12-07 03:21 - 2019-08-22 21:56 - 000455152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-12-07 03:21 - 2019-08-22 21:56 - 000129392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-12-07 03:21 - 2019-08-22 21:56 - 000083392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-12-05 18:29 - 2019-09-05 20:41 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2019-12-05 18:29 - 2019-09-05 20:41 - 000001908 _____ C:\WINDOWS\diagerr.xml
2019-12-05 18:29 - 2019-08-28 11:47 - 000000000 ___DC C:\WINDOWS\Panther
2019-12-04 12:50 - 2019-08-22 21:56 - 008800072 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-11-28 22:50 - 2019-09-05 20:41 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3889811010-1061122002-582621562-1001
2019-11-25 12:36 - 2019-08-22 23:34 - 000000000 ____D C:\Users\Hamburg\AppData\Local\Battle.net
2019-11-25 09:51 - 2019-09-05 20:37 - 000002369 _____ C:\Users\Hamburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-25 09:51 - 2019-08-21 20:14 - 000000000 ___RD C:\Users\Hamburg\OneDrive
2019-11-24 22:35 - 2018-03-30 23:22 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2019-11-24 17:51 - 2019-08-22 23:31 - 000000000 ____D C:\ProgramData\Origin
2019-11-22 14:35 - 2019-08-22 21:55 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-11-22 14:14 - 2019-11-05 13:36 - 000000000 ____D C:\Users\Hamburg\AppData\Local\NVIDIA Corporation
2019-11-22 14:13 - 2019-08-23 12:19 - 000000000 ____D C:\Users\Hamburg\AppData\Local\NVIDIA
2019-11-22 10:55 - 2019-08-22 21:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-11-22 10:55 - 2019-08-22 21:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-11-22 10:14 - 2019-08-22 22:50 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-20 08:58 - 2019-08-21 20:12 - 000000000 ____D C:\Users\Hamburg\AppData\Local\VirtualStore

==================== Files in the root of some directories ========

2019-09-14 10:10 - 2019-09-14 10:10 - 000002826 _____ () C:\Users\Hamburg\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean of malware.

The file you cannot find is in your Recycle Bin.

Empty the bin and restart the computer.

Let me know if the problem is solved.

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hello again Nasdaq.

I emptied the bin, restarted my computer, did a full scan again, and the results were the same.

Waiting for further instructions.

Sincerely,

Hamburg.

image.thumb.png.942055fb1126af93809aec22b9bc0dd1.png

Share this post


Link to post
Share on other sites

Hi,

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
$RWSS1HU.exe:RWSS1HU.exe
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites

I moved farbar to c after the first scan just in case it would help in some way, these is what you asked me to copypaste.

 

Farbar Recovery Scan Tool (x64) Version: 26-12-2019
Ran by Hamburg (27-12-2019 15:11:03)
Running from D:\Download
Boot Mode: Normal

================== Search Registry: "$RWSS1HU.exe:RWSS1HU.exe" ===========


====== End of Search ======

Farbar Recovery Scan Tool (x64) Version: 26-12-2019
Ran by Hamburg (27-12-2019 15:19:03)
Running from C:\Users\Hamburg\Downloads
Boot Mode: Normal

================== Search Registry: "$RWSS1HU.exe:RWSS1HU.exe" ===========


====== End of Search ======

Share this post


Link to post
Share on other sites

Can you post the Malwarebytes' log for my review.

It's hard to read image you provided.

Share this post


Link to post
Share on other sites

Apparently it was a 5 and not S, ran again and this is the log

 

Farbar Recovery Scan Tool (x64) Version: 26-12-2019
Ran by Hamburg (28-12-2019 14:58:28)
Running from C:\Users\Hamburg\Desktop\Nasdaq
Boot Mode: Normal

================== Search Registry: "$RW5S1HU.exe:RW5S1HU.exe" ===========


====== End of Search ======

Share this post


Link to post
Share on other sites

Hi
Sorry for this delay. I had internet issues yesterday.

Run Malwarebytes again and see if you can find the log.

Please download Malwarebytes Anti-Malware from here
 

  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.


Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.

Share this post


Link to post
Share on other sites

Hi,

Nothing in the Malwarebytes is being reported.

Was the image you posted from Malwarebytes or some other security program?

If no report is available copy an post the exact error message.

I cannot read correctly that the image is reporting.

 

Share this post


Link to post
Share on other sites

After scanning again(using windows defender like the first time), seems like the threats are gone.
Thank you for your help Nasdaq, and have a wonderful day.

 

Share this post


Link to post
Share on other sites

Hello Hamburg.

This is about cleanups on tools used.

Download "Delfix by Xplode" and save it to your desktop.


If your security program alerts to Delfix either, accept the alert or turn your security off.

please right-click on Delfix  and choose run as administrator

Make Sure the following items are checked:

  Remove disinfection tools <----- this will remove tools we may have used.


Now click on "Run" and wait patiently until the tool has completed.

Any remaining  files/logs from tools we have used can be deleted.
 

.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"
.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.