Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus, GPU being used for no reason on idle.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Marvin14

Marvin14

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 15 January 2018 - 03:35 PM

Nothing is running at all, my GPU temperatures spike up randomly to 70-80C, and full fan speed. Maybe Bitcoin miner malware? idk

 



BC AdBot (Login to Remove)

 


#2 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 15 January 2018 - 05:22 PM

Hi, Marvin14,

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. To start out, please read through the thread here. Then, please try to perform step 6 and copy/paste the log into a reply here. If you are not able to get the programs to run, just reply here and we'll go about it another way.

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

Sincerely,
Sasschary


Edited by sasschary, 15 January 2018 - 05:24 PM.


#3 Marvin14

Marvin14
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 15 January 2018 - 05:40 PM

Hi, thanks for your reply.

 

I have posted the logs.

Attached Files



#4 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 18 January 2018 - 09:43 AM

Hi Marvin14,

It looks like you have some P2P software installed on your computer.

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal. I ask, although I will not require, that you remove this software before continuing. At the very least, refrain from using it until we are done working on your computer. If you have any pirated software, I ask you to remove that as well. If you need any help removing these programs, I can help you with that. Please also be aware that the tools we use may remove cracked files, which could leave pirated software in an unstable and crash-prone state.

Let's run a fix using FRST.

We need to first create a fixlist for FRST to run.

  • Open Notepad and paste the text given below in the window.
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    GroupPolicy: Restriction <==== ATTENTION
    C:\Users\Marvin\Downloads\HitmanPro Reset.exe
    C:\Windows\System32\Tasks\Tasker21
    C:\Users\Marvin\AppData\Roaming\Lib
    C:\Users\Marvin\AppData\Local\Temp\dllnt_dump.dll
    Task: {F1A71A5A-F5EE-4D3D-9936-A18EFB4F1C63} - System32\Tasks\Tasker21 => C:\Users\Marvin\AppData\Roaming\Lib\tskschd.exe [2017-12-02] ()
  • Click File -> Save, and a Save As dialog box should appear.
  • In the Save As dialog, browse to where you saved FRST earlier..
  • Type fixlist in the File Name box and ensure that Text Documents (*.txt) is selected in the Save As Type box.
  • Click Save.

Now we need to run the fixlist.

  • Find the location where you downloaded FRST in File Explorer.
  • Right click FRST and click Run as Administrator
  • If a User Account Control dialog box and/or a disclaimer from FRST appears, click Yes to allow FRST to run.
  • When FRST opens, click Fix and wait for the fixlist to be run.
  • After the fix has been completed, FRST should create and open a file called Fixlog.txt in Notepad. Please copy and paste that file into your next reply.

Afterwards, please generate a new FRST log using the same steps as you did initially. Then, copy and paste that log into your next reply.

 

In your next reply, please include the following:

  • Fixlog.txt
  • FRST.txt

sasschary



#5 Marvin14

Marvin14
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 18 January 2018 - 02:16 PM

Thanks for the fix :)

 

 

Attached Files



#6 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 18 January 2018 - 05:01 PM

Hi, Marvin14,

 

Could you please generate a new FRST log as you did initially? Also, when posting your logs, please copy and paste them into your reply rather than attaching the files.

 

Sasschary



#7 Marvin14

Marvin14
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 18 January 2018 - 05:09 PM

Oh, my mistake. Here you go.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by Marvin (administrator) on DESKTOP-1LU7QSQ (18-01-2018 17:07:47)
Running from C:\Users\Marvin\Downloads
Loaded Profiles: Marvin (Available Profiles: Marvin)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TeamSpeak Systems GmbH) C:\Users\Marvin\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [54332920 2017-12-09] (Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\MountPoints2: {11104a31-f87a-11e7-a5d2-dc85decc49f9} - "H:\setup.exe" 
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{376a4ca3-48ca-45a6-80b9-c0a82959865d}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2673189215-3870192770-1104817137-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-29] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-30] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default [2018-01-18]
CHR Extension: (Honey) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-01-16]
CHR Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-11]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-01] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-10-24] (Futuremark)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [280032 2017-11-29] (Realtek Semiconductor Corp.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2017-10-17] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 efavdrv; C:\Windows\system32\drivers\efavdrv.sys [139704 2018-01-16] (ESET)
R3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45192 2017-10-19] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R1 MpKsl846929f0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48D96D8C-F16F-4093-B025-C029FE835670}\MpKsl846929f0.sys [58120 2018-01-18] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_055e1dc5d54d6d02\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [757216 2017-11-29] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [7959408 2017-11-21] (Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
R2 WinRing0_1_2_0; C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [14536 2017-12-12] (OpenLibSys.org)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-18 17:07 - 2018-01-18 17:07 - 000001816 _____ C:\Users\Marvin\Downloads\Fixlog (1).txt
2018-01-18 14:19 - 2018-01-18 14:19 - 000294400 _____ (WZT) C:\Users\Marvin\Downloads\DWS_Lite.exe
2018-01-18 14:11 - 2018-01-18 14:11 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-01-18 14:06 - 2018-01-18 14:06 - 000001816 _____ C:\Users\Marvin\Downloads\Fixlog.txt
2018-01-18 14:05 - 2018-01-18 14:05 - 000000000 ____D C:\Users\Marvin\Downloads\FRST-OlderVersion
2018-01-17 21:42 - 2018-01-17 21:42 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-01-17 21:42 - 2018-01-17 21:42 - 000000000 ____D C:\ProgramData\Sophos
2018-01-17 21:42 - 2018-01-17 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-01-17 21:42 - 2018-01-17 21:42 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-01-16 23:18 - 2018-01-16 23:18 - 000001270 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2018-01-16 23:18 - 2018-01-16 23:18 - 000000000 ____D C:\Users\Marvin\AppData\Local\NVIDIA
2018-01-16 23:18 - 2018-01-16 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2018-01-16 23:17 - 2018-01-16 23:18 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2018-01-16 23:17 - 2018-01-16 23:17 - 052289552 _____ (Popcorn Time ) C:\Users\Marvin\Downloads\PopcornTime-latest.exe
2018-01-16 18:02 - 2018-01-16 18:02 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-01-16 15:43 - 2018-01-18 14:50 - 000003144 _____ C:\Windows\System32\Tasks\MSIAfterburner
2018-01-16 15:22 - 2018-01-16 15:22 - 039281471 _____ C:\Users\Marvin\Downloads\MSIAfterburnerSetup.zip
2018-01-16 15:22 - 2018-01-16 15:22 - 000001159 _____ C:\Users\Marvin\Desktop\MSI Afterburner.lnk
2018-01-16 15:22 - 2018-01-16 15:22 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2018-01-16 15:20 - 2018-01-16 15:20 - 005603499 _____ (UserBenchmark.com) C:\Users\Marvin\Downloads\UserBenchMark.exe
2018-01-16 15:09 - 2018-01-16 15:17 - 000222000 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-16 15:06 - 2018-01-16 15:06 - 000290816 _____ (SUPERAntiSpyware.com) C:\Users\Marvin\Downloads\SASUNINST64.EXE
2018-01-16 14:54 - 2018-01-16 14:54 - 000000000 ____D C:\ProgramData\SUPERSetup
2018-01-16 13:35 - 2018-01-17 22:02 - 000000000 ____D C:\Users\Marvin\Downloads\Tech tool store tools
2018-01-16 13:35 - 2018-01-17 22:02 - 000000000 ____D C:\ProgramData\Tech Tool Store
2018-01-16 13:34 - 2018-01-16 13:34 - 005004296 _____ (Carifred) C:\Users\Marvin\Downloads\TechToolStore.exe
2018-01-16 13:33 - 2018-01-16 13:34 - 016540168 _____ (Carifred) C:\Users\Marvin\Downloads\UVKSetup.exe
2018-01-16 13:24 - 2018-01-16 13:31 - 000000000 ____D C:\Program Files\Webroot
2018-01-16 13:24 - 2018-01-16 13:24 - 000128264 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2018-01-16 13:24 - 2018-01-16 13:24 - 000000120 _____ C:\Users\Marvin\Downloads\SecurityProductInformation.ini
2018-01-16 13:23 - 2018-01-16 13:23 - 001251768 _____ (Webroot) C:\Users\Marvin\Downloads\wsainstall.exe
2018-01-16 12:45 - 2018-01-16 12:45 - 002991832 _____ (ESET) C:\Users\Marvin\Downloads\ERARemover_x64.exe
2018-01-16 12:45 - 2018-01-16 12:45 - 000616883 _____ C:\Users\Marvin\Downloads\ESET_Rootkit_Detector.zip
2018-01-16 12:45 - 2018-01-16 12:45 - 000139704 _____ (ESET) C:\Windows\system32\Drivers\efavdrv.sys
2018-01-16 12:44 - 2018-01-16 12:45 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Marvin\Downloads\esetonlinescanner_enu.exe
2018-01-15 19:26 - 2018-01-15 19:26 - 000000085 _____ C:\Windows\wininit.ini
2018-01-15 18:25 - 2018-01-15 18:25 - 000071244 _____ C:\Users\Marvin\Downloads\FRST (2).txt
2018-01-15 18:24 - 2018-01-16 12:46 - 000000000 ____D C:\Users\Marvin\AppData\Local\ESET
2018-01-15 18:18 - 2018-01-15 18:18 - 004254840 _____ (ESET) C:\Users\Marvin\Downloads\eset_smart_security_premium_live_installer.exe
2018-01-15 17:40 - 2018-01-15 17:40 - 000071244 _____ C:\Users\Marvin\Downloads\FRST (1).txt
2018-01-15 17:38 - 2018-01-18 17:08 - 000011057 _____ C:\Users\Marvin\Downloads\FRST.txt
2018-01-15 17:38 - 2018-01-15 17:38 - 000033806 _____ C:\Users\Marvin\Downloads\Addition.txt
2018-01-15 17:37 - 2018-01-18 17:07 - 000000000 ____D C:\FRST
2018-01-15 17:37 - 2018-01-18 14:05 - 002393088 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2018-01-15 17:08 - 2018-01-15 19:26 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-15 17:08 - 2018-01-15 19:26 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-15 17:08 - 2018-01-15 17:08 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-01-15 17:06 - 2018-01-15 17:07 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Marvin\Downloads\spybotsd-2.6.46.exe
2018-01-15 16:48 - 2018-01-15 16:48 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Marvin\Downloads\rkill.exe
2018-01-15 16:03 - 2018-01-15 16:03 - 000000000 ____D C:\Program Files\HitmanPro
2018-01-15 16:00 - 2018-01-15 16:00 - 000000000 _____ C:\Windows\cd_127
2018-01-15 15:51 - 2018-01-15 16:03 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-15 15:50 - 2018-01-18 14:26 - 011605440 _____ (SurfRight B.V.) C:\Users\Marvin\Downloads\HitmanPro_x64 (1).exe
2018-01-15 15:36 - 2018-01-15 15:36 - 000549504 _____ (ESET) C:\Users\Marvin\Downloads\esetpowelikscleaner.exe
2018-01-15 15:36 - 2018-01-15 15:36 - 000000022 _____ C:\Users\Marvin\Downloads\esetpowelikscleaner.exe_20180115.153609.6432.zip
2018-01-15 15:29 - 2018-01-15 15:29 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marvin\Downloads\procexp.exe
2018-01-15 15:29 - 2018-01-15 15:29 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2018-01-15 15:28 - 2018-01-15 15:28 - 011584088 _____ (SurfRight B.V.) C:\Users\Marvin\Downloads\HitmanPro_x64.exe
2018-01-15 15:27 - 2018-01-18 14:08 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-15 15:27 - 2018-01-15 15:27 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-01-15 15:27 - 2018-01-15 15:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-15 15:27 - 2018-01-15 15:27 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-15 15:27 - 2018-01-03 20:44 - 000532792 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-01-15 15:27 - 2018-01-03 20:44 - 000438768 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-01-15 15:27 - 2018-01-03 20:44 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-01-15 15:27 - 2018-01-03 19:33 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-01-15 15:27 - 2018-01-03 18:50 - 005951336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 002588232 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 001768480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 000631880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 000123704 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 000081992 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-01-15 15:27 - 2017-12-24 14:07 - 007928821 _____ C:\Windows\system32\nvcoproc.bin
2018-01-15 15:27 - 2017-11-02 15:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-01-15 15:27 - 2017-11-02 15:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-01-15 15:27 - 2017-11-02 15:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-01-15 15:27 - 2017-11-02 15:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-01-15 15:26 - 2018-01-16 13:31 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-15 15:26 - 2018-01-15 15:27 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-15 15:26 - 2018-01-03 20:44 - 040269624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 035179080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 019796520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 016449872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 013430632 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 012843496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 011015584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 010900432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 004580320 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 004306736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 003893792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 003707888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001975184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439065.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001674544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439065.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001334624 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001325384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001134952 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001125960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001053768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001049296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 001043128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000988656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000938896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000795928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000740336 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000635248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000618928 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000616248 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000599536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-01-15 15:26 - 2018-01-03 20:44 - 000048282 _____ C:\Windows\system32\nvinfo.pb
2018-01-15 15:25 - 2018-01-16 14:37 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-15 15:25 - 2018-01-15 15:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-15 15:24 - 2018-01-15 15:25 - 036319144 _____ (Adlice Software ) C:\Users\Marvin\Downloads\RogueKiller_setup_ref3.exe
2018-01-15 15:21 - 2018-01-15 15:23 - 451740272 _____ (NVIDIA Corporation) C:\Users\Marvin\Downloads\390.65-desktop-win10-64bit-international-whql.exe
2018-01-15 13:46 - 2018-01-15 13:46 - 000000000 ____D C:\Users\Marvin\AppData\Local\CrashReportClient
2018-01-14 14:38 - 2018-01-14 14:38 - 000030471 _____ C:\ProgramData\agent.uninstall.1515958682.bdinstall.bin
2018-01-14 14:37 - 2018-01-14 14:37 - 000207221 _____ C:\ProgramData\cl.uninstall.1515958622.bdinstall.bin
2018-01-14 14:37 - 2018-01-14 14:37 - 000038473 _____ C:\ProgramData\dm.uninstall.1515958636.bdinstall.bin
2018-01-14 13:30 - 2018-01-14 14:37 - 000001087 _____ C:\bdlog.txt
2018-01-14 13:25 - 2018-01-14 13:25 - 000061072 _____ C:\ProgramData\dm.1515954299.bdinstall.bin
2018-01-14 13:24 - 2018-01-14 13:24 - 000400828 _____ C:\ProgramData\cl.1515954192.bdinstall.bin
2018-01-14 13:24 - 2018-01-14 13:24 - 000076859 _____ C:\ProgramData\cl.kit.1515954188.bdinstall.bin
2018-01-14 13:23 - 2018-01-14 14:37 - 000000000 ____D C:\ProgramData\Bitdefender
2018-01-14 13:20 - 2018-01-14 13:20 - 000049242 _____ C:\ProgramData\agent.1515954046.bdinstall.bin
2018-01-14 12:24 - 2018-01-14 12:24 - 000017004 _____ C:\Users\Marvin\Desktop\NoBastian.rar
2018-01-13 20:31 - 2018-01-13 22:44 - 000000114 _____ C:\Users\Marvin\Desktop\fortnite.txt
2018-01-13 20:30 - 2018-01-13 20:32 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\Electrum
2018-01-13 19:50 - 2018-01-13 20:09 - 000000000 ____D C:\Users\Marvin\Desktop\windows7blackbleep
2018-01-13 19:36 - 2018-01-18 14:07 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-01-13 19:30 - 2018-01-15 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2018-01-13 19:30 - 2018-01-15 15:19 - 000000000 ____D C:\Program Files (x86)\WinCDEmu
2018-01-13 19:11 - 2018-01-13 19:11 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\Macromedia
2018-01-12 18:32 - 2018-01-12 18:32 - 000000222 _____ C:\Users\Marvin\Desktop\Warframe.url
2018-01-11 20:13 - 2018-01-10 19:11 - 000000241 ___SH C:\Users\Public\Libraries.ini
2018-01-09 22:39 - 2018-01-09 22:39 - 000000000 ____D C:\Users\Marvin\Documents\League of Legends
2018-01-08 22:26 - 2018-01-08 22:26 - 000000000 ____D C:\ProgramData\Riot Games
2018-01-08 22:23 - 2018-01-08 22:23 - 000000741 _____ C:\Users\Public\Desktop\League of Legends.lnk
2018-01-08 22:23 - 2018-01-08 22:23 - 000000000 ____D C:\Riot Games
2018-01-08 22:23 - 2018-01-08 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-01-08 22:23 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-01-08 22:23 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-01-08 22:23 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-01-05 11:36 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-01-05 11:36 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-01-05 11:36 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bam.sys
2018-01-05 11:36 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-05 11:36 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-01-05 11:36 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-05 11:36 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-01-05 11:36 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-05 11:36 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-05 11:36 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-05 11:36 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-05 11:36 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-05 11:36 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-01-05 11:36 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-01-05 11:36 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-05 11:36 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-01-05 11:36 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-01-05 11:36 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-01-05 11:36 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2018-01-05 11:36 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-01-05 11:36 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 11:36 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-01-05 11:36 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-01-05 11:36 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-01-05 11:36 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-05 11:36 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2018-01-05 11:36 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-01-05 11:36 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-05 11:36 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-01-05 11:36 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-05 11:36 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 11:36 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-01-05 11:36 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-01-05 11:36 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-01-05 11:36 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-01-05 11:36 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-05 11:36 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-01-05 11:36 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-01-05 11:36 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-01-05 11:36 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2018-01-05 11:36 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-01-05 11:36 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2018-01-05 11:36 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-01-05 11:36 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-05 11:36 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-01-05 11:36 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-01-05 11:36 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-01-05 11:36 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-01-05 11:36 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-01-05 11:36 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-01-05 11:36 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-05 11:36 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-05 11:36 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-05 11:36 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-05 11:36 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-05 11:36 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-05 11:36 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-05 11:36 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2018-01-05 11:36 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-01-05 11:36 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-05 11:36 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-05 11:36 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-05 11:36 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-01-05 11:36 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-01-05 11:36 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-05 11:36 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-05 11:36 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-01-05 11:36 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-01-05 11:36 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-05 11:36 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-05 11:36 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-01-05 11:36 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-05 11:36 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2018-01-05 11:36 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-01-05 11:36 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-05 11:36 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-05 11:36 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-01-05 11:36 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-05 11:36 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-01-05 11:36 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-05 11:36 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-01-05 11:35 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-05 11:35 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-05 11:35 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2018-01-05 11:35 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-05 11:35 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-05 11:35 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-01-05 11:35 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-01-05 11:35 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2018-01-05 11:35 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-01-05 11:35 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-01-05 11:35 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-01-05 11:35 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-05 11:35 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2018-01-05 11:35 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-05 11:35 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-05 11:35 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-01-05 11:35 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-01-05 11:35 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-05 11:35 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-05 11:35 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
2018-01-05 11:35 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2018-01-05 11:35 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-05 11:35 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-05 11:35 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-01-05 11:35 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-01-05 11:35 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2018-01-05 11:35 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2018-01-05 11:35 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-05 11:35 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2018-01-05 11:35 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-01-05 11:35 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-05 11:35 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-01-05 11:35 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-01-05 11:35 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2018-01-05 11:35 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2018-01-05 11:35 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-01-05 11:35 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2018-01-05 11:35 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-05 11:35 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-05 11:35 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-01-05 11:35 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-05 11:35 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-01-05 11:35 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2018-01-05 11:35 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-05 11:35 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2018-01-05 11:35 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-05 11:35 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2018-01-05 11:35 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-05 11:35 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-05 11:35 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-05 11:35 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-05 11:35 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-05 11:35 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-01-05 11:35 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-01-05 11:35 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-05 11:35 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-05 11:35 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2018-01-05 11:35 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-01-05 11:35 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 11:35 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-01-05 11:35 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-01-05 11:35 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-05 11:35 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-05 11:35 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-01-05 11:35 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-01-05 11:35 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2018-01-05 11:35 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-01-05 11:35 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-05 11:35 - 2018-01-01 06:25 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2018-01-05 11:35 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\AboutSettingsHandlers.dll
2018-01-05 11:35 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-05 11:35 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-05 11:35 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-01-05 11:35 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-05 11:35 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2018-01-05 11:35 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\convertvhd.exe
2018-01-05 11:35 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-05 11:35 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2018-01-05 11:35 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-05 11:35 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 11:35 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
2018-01-05 11:35 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 11:35 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-05 11:35 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2018-01-05 11:35 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2018-01-05 11:35 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-05 11:35 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2018-01-05 11:35 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-05 11:35 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-05 11:35 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2018-01-05 11:35 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\SCardDlg.dll
2018-01-05 11:35 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-01-05 11:35 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\Windows\system32\NaturalAuth.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-05 11:35 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-05 11:35 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2018-01-05 11:35 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoert2.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2018-01-05 11:35 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-05 11:35 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\AppLockerCSP.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-05 11:35 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-05 11:35 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-05 11:35 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-01-05 11:35 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-05 11:35 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-05 11:35 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 11:35 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-01-05 11:35 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-01-05 11:35 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-05 11:35 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-01-05 11:35 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-01-05 11:35 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 11:35 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-05 11:35 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-05 11:35 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-05 11:35 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-05 11:35 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 11:35 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2018-01-05 11:35 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-05 11:35 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-05 11:35 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-05 11:35 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-05 11:35 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2018-01-05 11:35 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-05 11:35 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2018-01-05 11:35 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-01-05 11:35 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2018-01-05 11:35 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-01-05 11:35 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-05 11:35 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-05 11:35 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
2018-01-05 11:35 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2018-01-05 11:35 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2018-01-05 11:35 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-01-04 19:57 - 2018-01-15 16:54 - 000002090 _____ C:\Users\Marvin\Desktop\Rkill.txt
2018-01-04 19:36 - 2018-01-04 19:36 - 000008822 _____ C:\Users\Marvin\Desktop\ASUS_VG248_Windows_8_WHQL.zip
2018-01-04 19:08 - 2018-01-04 19:09 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-04 19:06 - 2018-01-15 15:17 - 000000000 ____D C:\Users\Marvin\Desktop\settings
2018-01-04 19:06 - 2018-01-15 15:17 - 000000000 ____D C:\Users\Marvin\Desktop\DDU Logs
2018-01-04 19:06 - 2018-01-04 19:06 - 000000000 ____D C:\Users\Marvin\Desktop\x64
2018-01-04 19:06 - 2017-12-30 20:07 - 001525424 _____ (Wagnardsoft) C:\Users\Marvin\Desktop\Display Driver Uninstaller.exe
2018-01-04 19:06 - 2017-12-29 10:34 - 000613888 _____ C:\Users\Marvin\Desktop\Display Driver Uninstaller.pdb
2018-01-04 19:06 - 2017-09-26 10:20 - 000000813 _____ C:\Users\Marvin\Desktop\Readme.txt
2018-01-04 19:06 - 2017-06-18 07:43 - 000000937 _____ C:\Users\Marvin\Desktop\Issues and solutions.txt
2018-01-04 17:59 - 2018-01-04 17:59 - 000010520 _____ C:\Users\Marvin\Desktop\ASUS VG248QE Nvidia.icm
2017-12-29 18:54 - 2017-12-29 19:03 - 000000000 ____D C:\ProgramData\Oracle
2017-12-29 18:54 - 2017-12-29 18:54 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-12-29 18:54 - 2017-12-29 18:54 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\Sun
2017-12-29 18:54 - 2017-12-29 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-29 18:54 - 2017-12-29 18:54 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-28 20:58 - 2017-12-28 20:58 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\WinRAR
2017-12-28 20:58 - 2017-12-28 20:58 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-28 20:58 - 2017-12-28 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-28 20:58 - 2017-12-28 20:58 - 000000000 ____D C:\Program Files\WinRAR
2017-12-28 19:33 - 2017-12-28 19:34 - 000000022 _____ C:\Users\Marvin\Desktop\New Text Document.txt
2017-12-27 17:55 - 2017-12-27 17:55 - 000000219 _____ C:\Users\Marvin\Desktop\Counter-Strike Global Offensive (2).url
2017-12-27 17:12 - 2017-12-27 17:12 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\EasyAntiCheat
2017-12-27 17:12 - 2017-12-27 17:12 - 000000000 ____D C:\Users\Marvin\AppData\LocalLow\Facepunch Studios LTD
2017-12-27 14:04 - 2017-12-27 14:05 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\Apple Computer
2017-12-27 14:04 - 2017-12-27 14:04 - 000000000 ____D C:\Users\Marvin\AppData\Local\Apple Computer
2017-12-27 14:03 - 2017-12-27 14:03 - 000000000 ____D C:\Users\Marvin\AppData\Local\Apple
2017-12-27 14:03 - 2017-12-27 14:03 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-27 14:02 - 2017-12-27 18:07 - 000000000 ____D C:\ProgramData\Apple
2017-12-27 13:56 - 2017-12-27 13:56 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-27 13:31 - 2017-12-27 13:31 - 000000000 ____D C:\Users\Marvin\.android
2017-12-25 20:29 - 2018-01-03 01:36 - 000000000 ____D C:\Users\Marvin\Documents\My Games
2017-12-25 20:27 - 2018-01-04 19:24 - 000000000 ____D C:\Users\Marvin\AppData\Local\Ubisoft Game Launcher
2017-12-25 20:27 - 2018-01-04 19:24 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2017-12-22 20:02 - 2018-01-18 14:58 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-12-22 14:04 - 2018-01-15 15:27 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-22 14:04 - 2018-01-15 15:27 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-22 14:04 - 2018-01-15 15:27 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-22 14:04 - 2018-01-15 15:27 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-22 14:04 - 2018-01-15 15:27 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 16:48 - 2017-12-21 16:48 - 000000000 _____ C:\Users\Marvin\Desktop\McCp7S8xwu4y6F9OrQvjee92F5p4xesjs4JAXS7tnc2uUbgk2NEh2QkHVKOt0fOskw2hoaNMoPeg1wC3jgmm7F42rSwr7jUtQXNd7yZwodOpMrt4JPqRvuUXnqovKhYz.txt
2017-12-20 21:28 - 2017-12-20 21:28 - 000000913 _____ C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-12-20 21:28 - 2017-12-20 21:28 - 000000865 _____ C:\Users\Marvin\Desktop\Start Tor Browser.lnk
2017-12-20 21:28 - 2017-12-20 21:28 - 000000000 ____D C:\Users\Marvin\Desktop\Tor Browser
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-18 16:50 - 2017-11-30 20:17 - 000000000 ____D C:\Users\Marvin\AppData\Roaming\TS3Client
2018-01-18 15:35 - 2017-11-30 20:22 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-18 14:24 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\AppReadiness
2018-01-18 14:22 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-01-18 14:21 - 2017-11-30 20:12 - 000000000 ____D C:\Users\Marvin
2018-01-18 14:20 - 2017-11-30 20:13 - 000000000 ____D C:\Users\Marvin\AppData\Local\Packages
2018-01-18 14:12 - 2017-11-30 20:01 - 002147030 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-18 14:07 - 2017-11-30 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-18 14:07 - 2017-09-29 03:45 - 000262144 _____ C:\Windows\system32\config\BBI
2018-01-18 14:06 - 2017-09-29 08:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-18 14:06 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-01-17 22:06 - 2017-12-15 15:07 - 000000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2018-01-17 21:08 - 2017-12-02 11:40 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-17 21:08 - 2017-12-02 11:39 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-17 19:52 - 2017-11-30 22:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-17 18:02 - 2017-09-29 08:44 - 000000000 ____D C:\Windows\INF
2018-01-16 15:37 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\ELAMBKUP
2018-01-15 16:04 - 2017-12-01 19:33 - 000000000 ____D C:\Users\Marvin\AppData\Local\NVIDIA Corporation
2018-01-15 15:27 - 2017-12-01 17:55 - 000000000 ____D C:\temp
2018-01-15 15:27 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\Help
2018-01-15 11:52 - 2017-12-16 13:01 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2018-01-14 14:38 - 2017-12-01 18:47 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-01-14 14:37 - 2017-12-07 19:30 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2018-01-14 14:36 - 2017-09-29 03:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-01-09 17:15 - 2017-12-02 18:46 - 000003938 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-01-09 17:15 - 2017-12-02 18:46 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-09 17:15 - 2017-12-02 18:46 - 000000000 ____D C:\Program Files\CCleaner
2018-01-09 16:04 - 2017-12-02 11:40 - 000000000 ____D C:\Windows\system32\MRT
2018-01-09 16:02 - 2017-09-29 08:37 - 000000000 ____D C:\Windows\CbsTemp
2018-01-08 18:32 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\rescache
2018-01-06 13:31 - 2017-11-30 20:13 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-06 13:31 - 2017-11-30 20:13 - 000000000 ___RD C:\Users\Marvin\3D Objects
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ___SD C:\Windows\system32\F12
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\TextInput
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\system32\oobe
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\system32\migwiz
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-01-06 13:28 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\Provisioning
2018-01-06 13:28 - 2017-09-29 03:45 - 000000000 ____D C:\Windows\system32\Dism
2018-01-05 22:25 - 2017-11-30 20:19 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-05 22:25 - 2017-11-30 20:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-05 11:37 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2018-01-05 11:37 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-01-05 11:36 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-01-04 19:55 - 2017-12-01 18:41 - 000000000 ____D C:\AdwCleaner
2018-01-04 19:26 - 2017-11-30 20:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-04 19:25 - 2017-12-11 16:10 - 000000000 ____D C:\Users\Marvin\Heaven
2018-01-04 19:22 - 2017-09-29 08:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-01 07:07 - 2017-11-30 22:52 - 000397994 __RSH C:\bootmgr
2017-12-26 12:23 - 2017-12-01 23:50 - 000000000 ____D C:\ProgramData\MTA San Andreas All
2017-12-26 12:23 - 2017-12-01 23:50 - 000000000 ____D C:\Program Files (x86)\MTA San Andreas 1.5
2017-12-26 12:19 - 2017-12-02 03:20 - 000000000 ____D C:\Users\Marvin\Documents\3DMark
2017-12-22 19:35 - 2017-12-01 23:50 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-12-22 19:35 - 2017-12-01 23:50 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-12-22 19:35 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-22 08:45 - 2017-12-14 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-22 08:45 - 2017-12-14 00:06 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-19 22:48 - 2017-09-29 08:46 - 000000000 __RSD C:\Windows\media
 
==================== Files in the root of some directories =======
 
2017-12-11 16:09 - 2017-12-18 19:52 - 001065984 _____ () C:\Users\Marvin\AppData\Local\file__0.localstorage
2017-12-01 18:25 - 2017-12-12 21:13 - 000007597 _____ () C:\Users\Marvin\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-12 15:56
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Addition:
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Marvin (18-01-2018 17:08:29)
Running from C:\Users\Marvin\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-01 00:57:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2673189215-3870192770-1104817137-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2673189215-3870192770-1104817137-503 - Limited - Disabled)
Guest (S-1-5-21-2673189215-3870192770-1104817137-501 - Limited - Disabled)
Marvin (S-1-5-21-2673189215-3870192770-1104817137-1001 - Administrator - Enabled) => C:\Users\Marvin
WDAGUtilityAccount (S-1-5-21-2673189215-3870192770-1104817137-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.65 - NVIDIA Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{213B426C-5317-4F2D-8395-AC04B70711C4}) (Version: 1.1.133.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESEA Client (HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
Futuremark SystemInfo (HKLM-x32\...\{71BFECB2-2CFD-4E6A-A8AF-4EE600A816B7}) (Version: 5.3.629.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.7.2.0 - Popcorn Time) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03CA755F-06AE-40DF-B647-6932763089D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-30] (Google Inc.)
Task: {10BF1E19-0461-4997-AEB8-8FC274EB47F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {1D100E9E-2F04-4024-91D7-07DBDF777E57} - System32\Tasks\CreateExplorerShellUnelevatedTask => c:\windows\explorer.exe /NOUACCHECK
Task: {388DB85B-30B4-4D65-BD5F-BA0C81F15885} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {3E773D0F-0262-4103-8173-87F0997BE634} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {501D084F-284E-4196-9FA2-91F8825E755C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-12-15] ()
Task: {52416735-94DF-4C36-9A0C-3F7B35A82403} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-03] (NVIDIA Corporation)
Task: {666C814C-7D4A-4A06-99FB-FC9183DC0363} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-03] (NVIDIA Corporation)
Task: {7172734C-4513-447B-B415-9D12E2446B47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {74B49728-BC11-40BD-A2B2-C96B32D235E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-30] (Google Inc.)
Task: {9438D699-ADD5-4B99-9EDD-DB7B82E45C53} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-03] (NVIDIA Corporation)
Task: {B82F59DA-D2D1-480C-9FAE-C9D533A6A03E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-03] (NVIDIA Corporation)
Task: {C6DF60C7-6E20-4186-AA3C-69CD5C58361A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-03] (NVIDIA Corporation)
Task: {F0EC4E5E-A5B1-4D28-9A80-BF7D62354854} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {F118557E-60A4-431D-85E3-9227B4F11782} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {FC5C240A-74D3-41D2-A23A-C4263F27ADDD} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2673189215-3870192770-1104817137-1001 => C:\Users\Marvin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-01-15 15:27 - 2018-01-03 20:44 - 000544056 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-01-15 15:27 - 2018-01-03 18:50 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-12 14:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 14:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-16 06:39 - 2017-08-16 06:39 - 000173848 _____ () C:\Users\Marvin\AppData\Local\TeamSpeak 3 Client\quazip.dll
2017-04-03 06:19 - 2017-04-03 06:19 - 000019736 _____ () C:\Users\Marvin\AppData\Local\TeamSpeak 3 Client\libEGL.DLL
2017-04-03 06:19 - 2017-04-03 06:19 - 001980696 _____ () C:\Users\Marvin\AppData\Local\TeamSpeak 3 Client\libGLESv2.dll
2017-08-16 06:39 - 2017-08-16 06:39 - 000124696 _____ () C:\Users\Marvin\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2017-08-16 06:39 - 2017-08-16 06:39 - 000149784 _____ () C:\Users\Marvin\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2017-11-30 20:17 - 2017-11-30 20:17 - 000157696 _____ () C:\Users\Marvin\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2017-11-30 20:17 - 2017-11-30 20:17 - 000345880 _____ () C:\Users\Marvin\AppData\Roaming\TS3Client\plugins\clientquery_plugin_win64.dll
2018-01-05 22:25 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 22:25 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-12-15 04:04 - 2017-12-15 04:04 - 000725288 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2017-12-14 12:56 - 2017-12-14 12:56 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2017-12-14 12:56 - 2017-12-14 12:56 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2017-12-14 12:56 - 2017-12-14 12:56 - 000232448 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2017-12-14 12:56 - 2017-12-14 12:56 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2017-12-14 12:57 - 2017-12-14 12:57 - 000566784 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2017-11-30 23:52 - 2017-11-29 00:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-11-30 23:52 - 2017-12-15 14:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-11-30 23:52 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-13 22:20 - 2017-11-03 20:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-13 22:20 - 2017-11-03 20:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-13 22:20 - 2017-11-03 20:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-13 22:20 - 2017-11-03 20:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-13 22:20 - 2017-11-03 20:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-11-30 23:52 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-11-30 23:52 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-11-30 23:52 - 2017-12-15 14:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-11-30 23:52 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-11-30 23:54 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-11-30 23:54 - 2017-10-30 23:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-11-30 23:52 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 08:46 - 2018-01-18 14:24 - 000004872 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 a.ads1.msn.com 
0.0.0.0 a.ads2.msads.net 
0.0.0.0 a.ads2.msn.com 
0.0.0.0 a.rad.msn.com 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 a-0002.a-msedge.net 
0.0.0.0 a-0003.a-msedge.net 
0.0.0.0 a-0004.a-msedge.net 
0.0.0.0 a-0005.a-msedge.net 
0.0.0.0 a-0006.a-msedge.net 
0.0.0.0 a-0007.a-msedge.net 
0.0.0.0 a-0008.a-msedge.net 
0.0.0.0 a-0009.a-msedge.net 
0.0.0.0 ac3.msn.com 
0.0.0.0 ad.doubleclick.net 
0.0.0.0 adnexus.net 
0.0.0.0 adnxs.com 
0.0.0.0 ads.msn.com 
0.0.0.0 ads1.msads.net 
0.0.0.0 ads1.msn.com 
0.0.0.0 aidps.atdmt.com 
0.0.0.0 aka-cdn-ns.adtech.de 
0.0.0.0 a-msedge.net 
0.0.0.0 apps.skype.com 
0.0.0.0 az361816.vo.msecnd.net 
0.0.0.0 az512334.vo.msecnd.net 
0.0.0.0 b.ads1.msn.com 
0.0.0.0 b.ads2.msads.net 
0.0.0.0 b.rad.msn.com 
0.0.0.0 bs.serving-sys.com 
 
There are 91 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: LogiRegistryService => 2
MSCONFIG\Services: RtkBtManServ => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "InstallerLauncher"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "InstallerLauncher"
HKLM\...\StartupApproved\Run32: => "iolo Startup"
HKLM\...\StartupApproved\Run32: => "iolo WebUpdate Reboot"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2673189215-3870192770-1104817137-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4C2747CE-4D6C-4F18-AB45-154FA3610834}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6040B923-ACE0-495E-9961-646DA3BE2AD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{9C7EB616-0D02-4636-824B-91C5E71025FA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C95618A7-F87B-44FE-A437-90923EAF4449}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{B1A18EFE-08AC-4501-935A-70BA1A45F05C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4EB38DA7-E4AB-42DD-9701-328E756B2E89}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{9E1C3EAD-FAEE-4AF9-8366-C5C61B1A8FE4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{662D84A9-01E8-4608-93D8-0066546D5810}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{301DF1A8-CE7D-40CF-AD3B-9FB565C1B92A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BEBE5057-5177-4D3B-A25F-8DB7166C3D9D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{1F5057E7-F571-4D5D-A37F-6A9F6E627383}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{83DE4F05-080B-4E8F-80A3-6B406F239F2A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{F1534F6D-7A5A-45DA-B11A-6BCE99DB9D87}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{F57A0B39-E8FA-44E7-A763-671458B2DD84}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{EC4D9372-6538-4998-9D3D-6F2807429E0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAF24FA6-28A8-4BE2-B4F1-4FB287E68B0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8FE2FE2A-7DC9-4AC3-8B64-D280B6FF08AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FA2B7950-3893-4678-A6A6-00F4FEC588B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{9646DE60-EA7E-4048-9930-B5EC6264E01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BDC1A91C-64F6-41F0-BEA7-FB989D907038}] => (Allow) C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D564A2BD-78DC-4322-A9BB-B1AB867DB1E4}] => (Allow) C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{80D7BFB1-2393-4ADA-9A84-C67855F97F71}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
FirewallRules: [{37285E1F-4AFA-4FEF-8977-0DEA5CACF5E5}] => (Allow) C:\Users\Marvin\Downloads\Tech tool store tools\TechToolStore64.exe
FirewallRules: [{3D884920-1744-4438-857C-F6A184E2E8D2}] => (Allow) C:\Users\Marvin\Downloads\Tech tool store tools\TechToolStore64.exe
FirewallRules: [{65F8AAA9-0766-40F4-83AC-C2CEBC8C2EBF}] => (Allow) C:\Users\Marvin\Downloads\Tech tool store tools\TechToolStore64.exe
FirewallRules: [{ECFEA575-1392-417A-8E26-F87D11C78AC2}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9D7BDCEA-4882-4166-99B4-2C4F3B3B604C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{D7B600DF-2152-47FD-B73C-25F5985B2C4F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{DB3965CF-5AFE-4FDC-9FC9-9477B5E796D4}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{5A410D65-FE32-40E3-BB56-FED8CF8FC961}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{9760B3B1-1802-44EE-9323-BFEC383B473C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{83416DFF-E78A-4B80-95BD-43AE4D4A3794}] => (Block) C:\Windows\explorer.exe
 
==================== Restore Points =========================
 
12-01-2018 21:49:44 Scheduled Checkpoint
14-01-2018 14:38:18 Removed ASUS MultiFrame
16-01-2018 15:07:11 Removed Futuremark SystemInfo
17-01-2018 21:41:52 Installed Sophos Virus Removal Tool.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2018 02:24:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/17/2018 10:06:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000041
Faulting process id: 0x1c08
Faulting application start time: 0x01d390094029cb80
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: b623a305-758d-48b9-8b45-01f20b4ba080
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/17/2018 10:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.15, time stamp: 0x59cda7cd
Faulting module name: win32u.dll, version: 10.0.16299.15, time stamp: 0x1900dcc9
Exception code: 0xcfffffff
Fault offset: 0x00000000000010c4
Faulting process id: 0x1ea0
Faulting application start time: 0x01d390092a6a491e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\System32\win32u.dll
Report Id: e634739c-26da-43fb-8c6a-7a040f27325a
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/17/2018 09:39:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/16/2018 03:25:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UserBenchMark.exe version 2.9.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 116c
 
Start Time: 01d38f0810e31a25
 
Termination Time: 4294967295
 
Application Path: C:\Users\Marvin\Downloads\UserBenchMark.exe
 
Report Id: 2a19491e-c9af-4eb4-8027-649def828d00
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/16/2018 03:07:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary ESEADriver2.
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/16/2018 02:54:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SASSetup.exe, version: 6.0.0.1254, time stamp: 0x5a53ebad
Faulting module name: SASSetup.exe, version: 6.0.0.1254, time stamp: 0x5a53ebad
Exception code: 0xc0000005
Fault offset: 0x00081e6b
Faulting process id: 0x14a4
Faulting application start time: 0x01d38f03d152c8d2
Faulting application path: C:\Users\Marvin\Downloads\Tech tool store tools\SASSetup.exe
Faulting module path: C:\Users\Marvin\Downloads\Tech tool store tools\SASSetup.exe
Report Id: e43bbb43-0a39-4906-be8a-3fa11ea4f1e8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/16/2018 02:31:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/16/2018 01:46:33 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/16/2018 01:46:33 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
 
System errors:
=============
Error: (01/18/2018 02:50:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1LU7QSQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-1LU7QSQ\Marvin SID (S-1-5-21-2673189215-3870192770-1104817137-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2018 02:16:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1LU7QSQ)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
Error: (01/18/2018 02:15:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1LU7QSQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-1LU7QSQ\Marvin SID (S-1-5-21-2673189215-3870192770-1104817137-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2018 02:14:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (01/18/2018 02:10:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (01/18/2018 02:10:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (01/18/2018 02:07:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The !SASCORE service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/18/2018 01:51:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1LU7QSQ)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
Error: (01/18/2018 01:50:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-1LU7QSQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-1LU7QSQ\Marvin SID (S-1-5-21-2673189215-3870192770-1104817137-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2018 01:49:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
 
CodeIntegrity:
===================================
  Date: 2018-01-18 16:24:57.847
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 16:24:31.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 16:17:35.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 16:01:37.145
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 15:51:20.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 15:50:41.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 15:50:40.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 15:50:15.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 15:50:03.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-18 15:50:02.341
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 23%
Total physical RAM: 16323.14 MB
Available physical RAM: 12509.78 MB
Total Virtual: 32707.14 MB
Available Virtual: 28423.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1861.21 GB) (Free:1747.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AFD0CEFE)
Partition 1: (Active) - (Size=1861.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#8 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 19 January 2018 - 09:40 AM

Hi Marvin14,

It looks like you are currently using Windows Defender for your antivirus and antispyware software, correct? Please open Windows Defender from your Start Menu and see if you are able to open and interact with it. If you are not able to open Defender, please retype any error messages word for word into your next reply.

 

And, are you still experiencing the issues you had initially with the black screen and high GPU usage?

In your next reply, please include the following:

  • Error Messages (If any)
  • Are initial problems still present?

sasschary



#9 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 22 January 2018 - 09:09 AM

Hi, Marvin14,

 

Are you still with me?

 

Sasschary



#10 Marvin14

Marvin14
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 22 January 2018 - 09:16 AM

Hey, I haven't been home recently, sorry for the lack of replies, I'll be able to access my computer today and update you.

#11 Marvin14

Marvin14
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 24 January 2018 - 08:58 PM

Yup, everything works correctly. Thank you very much for the assistance.



#12 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 25 January 2018 - 05:06 AM

Hi Marvin14,

No worries on the delay. That is good news that everything is working out. So, to finish cleanup, I'd like to run a scan with ESET online scanner, and then we'll remove the tools we used to clean your system. I will give you an all-clean once we're done. :)

Let's run a scan using ESET's Online Scanner

  • Disable your current antivirus software. If you need help with this, please ask me for assistance before continuing.
  • Click Scan Now from here and save the file to your desktop.
  • On your desktop, right click the ESET file you just downloaded and click Run as Administrator.
  • If a User Account Control dialog box opens, click Yes to allow ESET to run.
  • When the scanner opens, clieck Accept.
  • Click the radio button next to Enable detection of potentially unwanted applications.
  • Click Advanced settings.
  • In the advanced settings section, make sure the following settings are checked and that all others are unchecked.
    • Enable detection of potentially unsafe applications
    • Scan archives
    • Enable Anti-Stealth technology
    • Clean threats automatically
  • Click Scan.
  • Allow the scan to run. After it has completed, if any threats are found, click List Found Threats. If no threats are found, click Finish and skip to step number 14.
  • Click Export.
  • Save the file on your desktop as ESETScan.txt.
  • Click Back and then Finish to close the scanner.
  • Finally, re-enable your antivirus. I can help with this if you need it.

On your desktop, if there were any threats, should be the log that we saved from ESET. Please open it, then copy and paste the contents into your next reply.

In your next reply, please include the following:

  • ESETScan.txt

sasschary



#13 Marvin14

Marvin14
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 27 January 2018 - 02:10 PM

Hey, no threats detected at all, all good :)



#14 sasschary

sasschary

  • Malware Study Hall Senior
  • 837 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:00 AM

Posted 28 January 2018 - 02:05 PM

Hi Marvin14,

Awesome. Just one last thing, and then we should be done!

Let's clean up some of the tools which we've run on your computer.
  • Please download Delfix from here and save it to your desktop.
  • On your desktop, right click on Delfix and click Run as Administrator.
  • If a User Account Control dialog box opens, click Yes to allow Delfix to run.
  • When Delfix opens, ensure there are checkmarks by the following and that the other boxes are blank:
    • Remove disinfection tools
  • Click Run.
  • After the cleanup process is complete, Delfix should open a log file. Please copy and paste that into your next reply.
It looks like your computer is clean!

Before we close this topic, please read through this last bit of information. Reading through it and following what I'm saying will help prevent you from getting infected again in the future.

Anti-Virus Software
Perhaps the most important thing to keep infections off your machine is anti-virus software. Anti-virus software scans your system regularly for any viruses, and if it finds anything, it will notify you and remove the infection. I'm sure this sounds like a good thing to you, and now you want to go get every antivirus that's out there! However, you should really only get one. If you get multiple, then there is a high risk of conflict between the two. To avoid anything like that, please only download one antivirus software. In addition, you should ensure that your anti-virus software is always updated. Using an outdated version could lead to more recent infections getting around your software.

There are many different anti-virus programs out there. I personally use Avast!, which has both a paid and free version. The free version has worked quite well for me, and I'm sure it would for you, as well. However, there are also other software available, such as Kaspersky, TrendMicro, and ESET.

Backups

In case something goes wrong with your system, you want some way to restore it back to how it was before the problem appeared. Thus, you should make regular backups of your system. This includes both system files, in case you get infected again, as well as your personal files, lest you lose everything in the case of a hard drive failure or a ransomware infection.

Program and Windows Updates

Very much like your anti-virus software, Windows and 3rd party softwares will have updates every so often. To avoid falling prey to programs which may use exploits in these softwares, you should install any updates to them when they become available.

P2P Programs and Illegal Media

P2P programs have a high risk of bringing infection. Stay away from them if it all possible, especially if you are downloading illegal software/music/movies/etc. Not only are these areas very large targets for malware authors, they are also what they say in the name: Illegal.

Once again, your system is now all clean! Do you have any questions for me concerning keeping your system clean?

In your next reply, please include the following:
  • Delfix.txt
sasschary

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:00 PM

Posted 31 January 2018 - 08:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users