Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spambots injection - IP keep getting blacklisted from CBL & Spamcop


  • This topic is locked This topic is locked
7 replies to this topic

#1 Verkz

Verkz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 24 August 2016 - 11:34 PM

Hello Bleeping Computer

I'm currently trying to fight against this spambots on my computers / internet.
We have currently three computers running on the same IP that is getting blacklisted. I did a MBAM scan today and I thought it would help, seems like not, for 7 hours ago CBL got reports about another spam from my IP. 
On this computer I'm making this thread on had 0 virus, but the two others had 82 and 89.
I will start out with my main computer.

- FRST LOG -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Vedel (administrator) on VEDEL-PC (25-08-2016 06:20:33)
Running from C:\Users\Vedel\Downloads
Loaded Profiles: Vedel & DefaultAppPool (Available Profiles: Vedel & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\Vedel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Spotify Ltd) C:\Users\Vedel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Vedel\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Vedel\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Vedel\AppData\Roaming\Spotify\Spotify.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Curse) C:\Users\Vedel\AppData\Local\Apps\2.0\VONEZ9C6.QG9\RKQ4XGX7.ELW\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Vedel\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Vedel\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5136\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7848\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7848\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Hammer & Chisel, Inc.) C:\Users\Vedel\AppData\Local\Discord\app-0.0.295\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Vedel\AppData\Local\Discord\app-0.0.295\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Vedel\AppData\Local\Discord\app-0.0.295\Discord.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7848\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\Vedel\AppData\Local\Temp\HouseCall\HouseCallX_x64\HouseCallX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Users\Vedel\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-29] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-04] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-13] (Nota Inc.)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [Spotify Web Helper] => C:\Users\Vedel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [Spotify] => C:\Users\Vedel\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-07-17] (Electronic Arts)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [Discord] => C:\Users\Vedel\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [DRScanner] => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [1628672 2016-07-13] (Trend Micro Inc.)
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\MountPoints2: {5e604b7d-4c24-11e6-b2b1-806e6f6e6963} - "D:\.\Bin\ASSETUP.exe" 
Startup: C:\Users\Vedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-07-17] ()
Startup: C:\Users\Vedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-08-22]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8bd3eb45-fb76-4f24-a62e-d2abc666ce36}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-321774315-828011313-1267528381-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-25] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.dk/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\gcswf32.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\gears.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-09]
CHR Extension: (Google Cast) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-08-09]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-08-09]
CHR Extension: (AdBlock) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-08-23]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Vedel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-01] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-17] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [316168 2015-12-24] (Trend Micro Inc.)
R3 VBAudioVMVAIOMME; C:\Windows\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-08-17] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 06:20 - 2016-08-25 06:20 - 00019665 _____ C:\Users\Vedel\Downloads\FRST.txt
2016-08-25 06:20 - 2016-08-25 06:20 - 00000000 ____D C:\FRST
2016-08-25 06:17 - 2016-08-25 06:17 - 02396672 _____ (Farbar) C:\Users\Vedel\Downloads\FRST64.exe
2016-08-25 06:17 - 2016-08-25 06:17 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-08-25 06:07 - 2016-08-25 06:07 - 00000010 _____ C:\Users\Vedel\AppData\Local\sponge.last.runtime.cache
2016-08-25 05:49 - 2016-08-25 05:49 - 00000000 ____D C:\WINDOWS\Trend Micro
2016-08-25 05:49 - 2016-08-25 05:49 - 00000000 ____D C:\ProgramData\Trend Micro
2016-08-25 05:33 - 2016-08-25 05:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-25 05:32 - 2016-08-25 05:32 - 02527376 _____ (Trend Micro Inc.) C:\Users\Vedel\Downloads\HousecallLauncher64.exe
2016-08-25 05:32 - 2016-08-25 05:32 - 00000036 _____ C:\Users\Vedel\AppData\Local\housecall.guid.cache
2016-08-25 05:32 - 2015-12-24 15:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-08-25 05:00 - 2016-08-25 05:48 - 00000000 ____D C:\Users\Vedel\Desktop\mbar
2016-08-25 04:59 - 2016-08-25 05:00 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Vedel\Downloads\mbar-1.09.3.1001.exe
2016-08-24 04:26 - 2016-08-24 04:26 - 00000114 _____ C:\WINDOWS\ntbtlog.txt
2016-08-24 04:19 - 2016-08-24 04:19 - 00000000 ____D C:\NPE
2016-08-24 04:18 - 2016-08-24 04:35 - 00000000 ____D C:\Users\Vedel\AppData\Local\NPE
2016-08-24 04:18 - 2016-08-24 04:18 - 00000000 ____D C:\ProgramData\Norton
2016-08-23 15:57 - 2016-08-23 15:57 - 00000000 ____D C:\Users\Vedel\AppData\LocalLow\BitTorrent
2016-08-22 22:28 - 2016-08-22 22:28 - 00277215 _____ C:\Users\Vedel\Downloads\[HoundDawgs]Neighbors.2.Sorority.Rising.2016.NORDiC.1080p.WEB-DL.DD5.1.x264-DAWGS.torrent
2016-08-22 22:28 - 2016-08-22 22:28 - 00000000 ____D C:\Users\Vedel\Downloads\Neighbors.2.Sorority.Rising.2016.NORDiC.1080p.WEB-DL.DD5.1.x264-DAWGS
2016-08-22 18:33 - 2016-08-23 01:05 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\SimulationCraft
2016-08-22 18:33 - 2016-08-22 18:33 - 00000000 ____D C:\Users\Vedel\AppData\Local\SimulationCraft
2016-08-22 18:33 - 2016-08-22 18:33 - 00000000 ____D C:\Users\Vedel\.SimulationCraft
2016-08-22 18:33 - 2016-08-22 18:33 - 00000000 ____D C:\Users\Vedel\.QtWebEngineProcess
2016-08-22 18:33 - 2016-08-22 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simulationcraft(x64)
2016-08-22 18:32 - 2016-08-22 18:32 - 00000000 ____D C:\Simulationcraft(x64)
2016-08-22 05:36 - 2016-08-24 18:47 - 00000000 ____D C:\Users\Vedel\Documents\ShareX
2016-08-22 05:36 - 2016-08-22 05:36 - 00000825 _____ C:\Users\Vedel\Desktop\ShareX.lnk
2016-08-22 05:36 - 2016-08-22 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2016-08-22 05:36 - 2016-08-22 05:36 - 00000000 ____D C:\Program Files\ShareX
2016-08-19 00:26 - 2016-08-19 00:26 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-18 18:38 - 2016-08-18 18:38 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-17 03:26 - 2016-08-17 04:00 - 00003927 _____ C:\Users\Vedel\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-17 03:23 - 2016-08-17 03:23 - 00041192 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2016-08-17 03:23 - 2016-08-17 03:23 - 00000000 ____D C:\Users\Vedel\Desktop\VoicemeeterSetup_v1050
2016-08-17 03:23 - 2016-08-17 03:23 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-08-17 03:23 - 2016-08-17 03:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-08-17 03:23 - 2016-08-17 03:23 - 00000000 ____D C:\Program Files\VB
2016-08-17 03:23 - 2016-08-17 03:23 - 00000000 ____D C:\Program Files (x86)\VB
2016-08-17 02:48 - 2016-08-17 03:37 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-08-17 02:48 - 2016-08-17 02:48 - 00000000 ____D C:\ProgramData\RzSurroundVAD_1.1.61.0
2016-08-17 02:48 - 2016-08-17 02:48 - 00000000 _____ C:\WINDOWS\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2016-08-17 00:29 - 2016-08-22 17:50 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\obs-studio
2016-08-17 00:29 - 2016-08-17 00:29 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-08-17 00:29 - 2016-08-17 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-08-17 00:29 - 2016-08-17 00:29 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-08-15 04:35 - 2016-08-24 04:33 - 00000000 ____D C:\Program Files (x86)\Warcraft Logs Uploader
2016-08-15 03:44 - 2016-08-15 03:44 - 00015409 _____ C:\Users\Vedel\Desktop\ogear_0.1.8.zip
2016-08-15 03:44 - 2016-08-15 03:44 - 00001375 _____ C:\Users\Public\Desktop\World of Warcraft Beta.lnk
2016-08-15 03:43 - 2016-08-15 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
2016-08-15 03:05 - 2016-08-15 03:10 - 00000000 ____D C:\Users\Vedel\AppData\LocalLow\Daybreak Game Company
2016-08-15 03:05 - 2016-08-15 03:05 - 00000000 ____D C:\Users\Vedel\AppData\Local\SCE
2016-08-15 03:05 - 2016-08-15 03:05 - 00000000 ____D C:\Users\Vedel\AppData\Local\Daybreak Game Company
2016-08-15 02:01 - 2016-08-15 02:01 - 00001305 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-08-15 02:01 - 2016-08-15 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-08-12 22:19 - 2016-08-12 22:19 - 00171622 _____ C:\Users\Vedel\Documents\cc_20160812_221911.reg
2016-08-12 22:12 - 2016-07-17 17:07 - 01972232 _____ (BitTorrent Inc.) C:\Users\Vedel\Desktop\BitTorrent.exe
2016-08-10 16:16 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 16:16 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 16:16 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 16:16 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 16:16 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 16:16 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 16:16 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 16:16 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 16:16 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 16:16 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 16:16 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 16:16 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 16:16 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 16:16 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 16:16 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 16:16 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 16:16 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 16:16 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 16:16 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 16:16 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 16:16 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 16:16 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 16:16 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 16:16 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 16:16 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 16:16 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 16:16 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 16:16 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 16:16 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 16:16 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 16:16 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 16:16 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 16:16 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 16:16 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 16:16 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 16:16 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 16:16 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 16:16 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 16:16 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 16:16 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 16:16 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 16:16 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 16:16 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 16:16 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 16:16 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 16:16 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 16:16 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 16:16 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 16:16 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 16:16 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 16:16 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 16:16 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 16:16 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 16:16 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 16:16 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 16:16 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 16:16 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 16:16 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 16:16 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 16:16 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 16:16 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 16:16 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 16:16 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 16:16 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 16:16 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 16:16 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 16:16 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 16:16 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 16:16 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 16:16 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 16:16 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 16:15 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 16:15 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 16:15 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 16:15 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 16:15 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 16:15 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 16:15 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 16:15 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 16:15 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 16:15 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 16:15 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 16:15 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 16:15 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 16:15 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 16:15 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 16:15 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 16:15 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 16:15 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 16:15 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 16:15 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 16:15 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 16:15 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 16:15 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 16:15 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 16:15 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 16:15 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 16:15 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 16:15 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 16:15 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 16:15 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 16:15 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 16:15 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 16:15 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 16:15 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 16:15 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 16:15 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 16:15 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 16:15 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 16:15 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 16:15 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 16:15 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 16:15 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 16:15 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 16:15 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 16:15 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 16:15 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 16:15 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 16:15 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 16:15 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 16:15 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 16:15 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 16:15 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 16:15 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 16:15 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 16:15 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 16:15 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 16:15 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 16:15 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 04:12 - 2016-08-09 04:12 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps
2016-08-09 03:33 - 2016-08-09 03:33 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-09 03:33 - 2016-08-09 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-09 03:33 - 2016-08-09 03:33 - 00000000 ____D C:\Program Files\CCleaner
2016-08-09 02:11 - 2016-08-25 05:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-09 02:11 - 2016-08-25 05:00 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-09 02:11 - 2016-08-09 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-09 02:11 - 2016-08-09 02:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-09 02:11 - 2016-08-09 02:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-09 02:11 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-09 02:11 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-09 01:09 - 2016-08-09 01:09 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Steam
2016-08-09 01:05 - 2016-08-09 01:05 - 00000000 ____D C:\Users\Vedel\AppData\LocalLow\Weappy
2016-08-05 06:34 - 2016-08-17 00:39 - 00000132 _____ C:\Users\Vedel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-04 17:01 - 2016-08-04 17:01 - 00000000 ____D C:\Users\Vedel\AppData\Local\HP
2016-08-04 16:55 - 2016-08-04 17:01 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\HP
2016-08-04 16:55 - 2016-08-04 16:55 - 00000000 ____D C:\ProgramData\WEBREG
2016-08-04 15:45 - 2016-08-04 15:45 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\HpUpdate
2016-08-04 15:34 - 2016-08-04 17:08 - 00000000 ____D C:\ProgramData\HP
2016-08-04 15:34 - 2016-08-04 15:48 - 00202711 _____ C:\WINDOWS\hpoins18.dat
2016-08-04 15:34 - 2012-10-14 18:32 - 00006071 ____N C:\WINDOWS\hpomdl18.dat
2016-08-04 15:25 - 2016-08-04 15:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-04 15:25 - 2016-08-04 15:25 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Hewlett-Packard
2016-08-04 15:25 - 2016-08-04 15:25 - 00000000 ____D C:\Users\Vedel\AppData\Local\Hewlett-Packard
2016-08-04 15:24 - 2016-08-04 15:24 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\hpqLog
2016-08-04 15:16 - 2016-08-04 17:09 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-08-04 15:16 - 2016-08-04 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-08-03 02:49 - 2016-08-03 02:50 - 00000000 ____D C:\Users\Vedel\AppData\Local\PAYDAY 2
2016-08-03 02:49 - 2016-08-03 02:49 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-08-01 19:02 - 2016-08-25 04:14 - 00000000 ____D C:\Users\Vedel\AppData\Local\Discord
2016-07-31 17:51 - 2016-08-02 19:40 - 00000000 ____D C:\Users\Vedel\Documents\Euro Truck Simulator 2
2016-07-30 15:15 - 2016-08-09 03:38 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\TS3Client
2016-07-30 15:15 - 2016-07-30 15:15 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-07-30 15:15 - 2016-07-30 15:15 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-07-30 07:11 - 2016-07-30 07:11 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files\iTunesMiniPlayer.Resources
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files\iTunesHelper.Resources
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files\iTunes.Resources
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files\iPod
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files\CD Configuration
2016-07-30 07:11 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-30 07:10 - 2016-07-30 07:10 - 00000000 ____D C:\Program Files\Bonjour
2016-07-30 07:10 - 2016-07-30 07:10 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-30 06:54 - 2016-07-30 07:00 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\WindSolutions
2016-07-30 06:54 - 2016-07-30 06:57 - 00000000 ____D C:\ProgramData\WindSolutions
2016-07-30 06:10 - 2016-07-30 06:10 - 00000000 ____D C:\Users\Vedel\Desktop\Ny mappe
2016-07-30 05:57 - 2016-07-30 06:18 - 00000000 ____D C:\Users\Vedel\Desktop\fotos
2016-07-30 01:19 - 2016-07-30 01:19 - 00000000 ____D C:\Users\Vedel\AppData\Local\RzStats
2016-07-28 22:52 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-07-28 22:52 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-07-28 22:52 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-07-28 22:52 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-07-28 22:52 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-07-28 22:52 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-07-28 22:52 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-07-28 22:52 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-07-28 22:52 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-07-28 22:52 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-07-28 22:52 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-07-28 22:52 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-07-28 22:52 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-07-28 22:52 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-07-28 22:52 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-07-28 22:52 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-07-28 22:52 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-07-28 22:52 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-07-28 22:52 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-07-28 22:52 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2016-07-28 22:52 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2016-07-28 22:52 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-07-28 22:52 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-07-28 22:52 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2016-07-28 22:52 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-07-28 22:52 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2016-07-28 22:52 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-07-28 22:52 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-07-28 22:52 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-07-28 22:52 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-07-28 22:52 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-07-28 22:52 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-07-28 22:52 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-07-28 22:52 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-07-28 22:52 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-07-28 22:52 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-07-28 22:52 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-07-28 22:52 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-07-28 22:52 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-07-28 22:52 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-07-28 22:52 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-07-28 22:52 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-07-28 22:52 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-07-28 22:52 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-07-28 22:52 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-07-28 22:52 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-07-28 22:52 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-07-28 22:52 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-07-28 22:52 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-07-28 22:52 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-07-28 22:52 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2016-07-28 22:52 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2016-07-28 22:52 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-07-28 22:52 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-07-28 22:52 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2016-07-28 22:52 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2016-07-28 22:52 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-07-28 22:52 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-07-28 22:52 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2016-07-28 22:52 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-07-28 22:52 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2016-07-28 22:52 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-07-28 22:52 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2016-07-28 22:52 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-07-28 22:52 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2016-07-28 22:52 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2016-07-28 22:52 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-07-28 22:52 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-07-28 22:52 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2016-07-28 22:52 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-07-28 22:52 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2016-07-28 22:52 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-07-28 22:52 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2016-07-28 22:52 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-07-28 22:52 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2016-07-28 22:52 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-07-28 22:52 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2016-07-28 22:52 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-07-28 22:52 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2016-07-28 22:52 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-07-28 22:52 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2016-07-28 22:52 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-07-28 22:52 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2016-07-28 22:52 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-07-28 22:52 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2016-07-28 22:52 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-07-28 22:52 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2016-07-28 22:52 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-07-28 22:52 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2016-07-28 22:52 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-07-28 22:52 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2016-07-28 22:52 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-07-28 22:52 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2016-07-28 22:52 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-07-28 22:52 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2016-07-28 22:52 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-07-28 22:52 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2016-07-28 22:52 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-07-28 22:52 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2016-07-28 22:52 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-07-28 22:52 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2016-07-28 22:52 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-07-28 22:52 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-07-28 22:52 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-07-28 22:52 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-07-28 22:52 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-07-28 22:52 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-07-28 22:52 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-07-28 22:52 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-07-28 22:52 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-07-28 22:52 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-07-28 22:52 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-07-28 22:52 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-07-28 22:52 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-07-28 22:52 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2016-07-28 22:52 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2016-07-28 22:52 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-07-28 22:52 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-07-28 22:52 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-07-28 22:52 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-07-28 22:52 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2016-07-28 22:52 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-07-28 22:52 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-07-28 22:52 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2016-07-28 22:52 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-07-28 22:52 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-07-28 22:52 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-07-28 22:52 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2016-07-28 22:52 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2016-07-28 22:52 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2016-07-28 22:52 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-07-28 22:52 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-07-28 22:52 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2016-07-28 22:52 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-07-28 22:52 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2016-07-28 22:52 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-07-28 22:52 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2016-07-28 22:52 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-07-28 22:52 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2016-07-28 22:52 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-07-28 22:52 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2016-07-28 22:52 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-07-28 22:52 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2016-07-28 22:52 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-07-28 22:52 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2016-07-28 22:52 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-07-28 22:52 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2016-07-28 22:52 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-07-28 22:52 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2016-07-28 22:52 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-07-28 22:52 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2016-07-28 22:52 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-07-28 22:52 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2016-07-28 02:30 - 2016-07-28 02:30 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\com.playsaurus.heroclicker
2016-07-27 19:10 - 2016-07-27 19:10 - 06535042 _____ C:\Users\Vedel\Documents\Verkyz Xmog - Trans.psd
2016-07-27 19:02 - 2016-07-30 07:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-27 19:02 - 2016-07-30 07:03 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Apple Computer
2016-07-27 19:02 - 2016-07-28 02:19 - 00000000 ____D C:\Users\Vedel\AppData\Local\Apple Computer
2016-07-27 19:02 - 2016-07-27 19:02 - 00000000 ____D C:\Users\Vedel\AppData\Local\Apple
2016-07-27 19:02 - 2016-07-27 19:02 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-27 19:01 - 2016-07-30 07:21 - 00000000 ____D C:\ProgramData\Apple
2016-07-27 18:55 - 2016-07-27 18:55 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Teiron
2016-07-27 18:55 - 2016-07-27 18:55 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\ahelper
2016-07-27 18:23 - 2016-07-27 18:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-26 21:29 - 2016-08-09 01:49 - 78331295 _____ C:\Users\Vedel\Documents\Untitled-2.psd
2016-07-26 20:57 - 2016-07-26 20:58 - 06538555 _____ C:\Users\Vedel\Documents\screenshot_113.psd
2016-07-26 20:55 - 2016-08-19 12:59 - 00024576 ___SH C:\Users\Vedel\Documents\Thumbs.db
2016-07-26 20:54 - 2016-07-26 20:55 - 41715054 _____ C:\Users\Vedel\Documents\screenshot_113.bmp
2016-07-26 20:45 - 2016-07-26 20:45 - 00000000 ____D C:\Users\Vedel\AppData\LocalLow\Adobe
2016-07-26 20:39 - 2016-07-26 20:40 - 41715054 _____ C:\Users\Vedel\Documents\screenshot_110.bmp
2016-07-26 20:03 - 2016-07-26 20:03 - 00003019 _____ C:\Users\Vedel\Documents\Verkyz.chr
2016-07-26 20:03 - 2016-07-26 20:03 - 00002470 _____ C:\Users\Vedel\Documents\Verkyz xmog.eq
2016-07-26 16:56 - 2016-08-09 03:00 - 00000000 ____D C:\Users\Vedel\Documents\World of Warcraft
2016-07-26 16:46 - 2016-02-01 13:06 - 00000000 ____D C:\Users\Vedel\Desktop\Easters WoWModelViewer
2016-07-26 16:28 - 2016-07-26 16:28 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\NVIDIA
2016-07-26 16:25 - 2016-07-26 21:02 - 00000000 ____D C:\Users\Vedel\Desktop\GFX PACK
2016-07-26 16:22 - 2016-07-26 16:22 - 00001120 _____ C:\Users\Vedel\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2016-07-26 16:22 - 2016-07-26 16:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-26 16:21 - 2016-07-26 16:22 - 00000000 ____D C:\Program Files\Adobe
2016-07-26 16:21 - 2016-07-26 16:21 - 00001596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-07-26 16:21 - 2016-07-26 16:21 - 00001426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-07-26 16:21 - 2016-07-26 16:21 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-07-26 16:20 - 2016-07-26 16:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 06:18 - 2016-07-17 15:06 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Skype
2016-08-25 06:18 - 2016-07-17 14:18 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-25 06:15 - 2016-07-17 15:01 - 00000000 ____D C:\Users\Vedel\AppData\Local\Battle.net
2016-08-25 05:59 - 2016-07-17 22:16 - 00000000 ____D C:\Users\Vedel\AppData\Local\Deployment
2016-08-25 04:14 - 2016-07-17 15:03 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-25 04:14 - 2016-07-17 15:03 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\discord
2016-08-25 03:43 - 2016-07-17 16:01 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B195073-DCDE-4B28-843B-F4921828A45D}
2016-08-25 03:33 - 2016-07-17 18:23 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Spotify
2016-08-25 01:18 - 2016-07-17 14:18 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 00:36 - 2016-07-17 16:31 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-08-24 23:32 - 2016-07-17 15:01 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-24 23:00 - 2016-07-17 19:08 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Beta
2016-08-24 18:39 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-24 15:11 - 2016-07-17 15:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-24 15:04 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 14:58 - 2016-07-17 18:24 - 00000000 ____D C:\Users\Vedel\AppData\Local\Spotify
2016-08-24 05:17 - 2016-07-17 23:54 - 00000000 ____D C:\Users\Vedel\AppData\Local\CrashDumps
2016-08-24 04:54 - 2016-07-17 15:44 - 01682070 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-24 04:54 - 2016-04-27 08:05 - 00562390 _____ C:\WINDOWS\system32\perfh006.dat
2016-08-24 04:54 - 2016-04-27 08:05 - 00119904 _____ C:\WINDOWS\system32\perfc006.dat
2016-08-24 04:54 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-24 04:48 - 2016-07-17 16:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-24 04:48 - 2016-04-27 08:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-24 04:48 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-24 04:18 - 2016-07-17 17:06 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\BitTorrent
2016-08-24 01:22 - 2016-07-17 18:03 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\vlc
2016-08-23 02:12 - 2016-07-22 13:32 - 00161280 ___SH C:\Users\Vedel\Desktop\Thumbs.db
2016-08-22 18:33 - 2016-07-17 15:44 - 00000000 ____D C:\Users\Vedel
2016-08-22 02:08 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-22 01:54 - 2016-07-17 16:17 - 00000000 ____D C:\Program Files (x86)\Razer
2016-08-19 00:26 - 2016-07-17 16:42 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-18 18:38 - 2016-07-17 15:51 - 00002375 _____ C:\Users\Vedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 18:38 - 2016-07-17 15:51 - 00000000 ___RD C:\Users\Vedel\OneDrive
2016-08-17 13:31 - 2016-07-17 15:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-17 13:31 - 2016-07-17 15:01 - 00000000 ____D C:\ProgramData\Skype
2016-08-17 03:37 - 2016-07-17 16:17 - 00000000 ____D C:\ProgramData\Razer
2016-08-15 15:25 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-15 03:05 - 2016-07-17 16:05 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-14 19:02 - 2016-07-17 21:31 - 00000000 ____D C:\ProgramData\Origin
2016-08-12 22:20 - 2016-07-17 15:50 - 00000000 ____D C:\Users\Vedel\AppData\Local\Packages
2016-08-12 22:11 - 2016-04-27 08:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 22:10 - 2016-04-27 08:19 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 22:10 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 22:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 22:05 - 2016-07-17 17:24 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-08-12 15:54 - 2016-07-17 20:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-12 15:54 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-12 15:54 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-12 15:51 - 2016-07-17 20:27 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 21:21 - 2016-07-17 14:19 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 04:00 - 2016-07-17 16:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 17:13 - 2016-04-26 23:27 - 04818456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-04 15:47 - 2009-07-14 04:34 - 00000438 _____ C:\WINDOWS\win.ini
2016-08-04 15:25 - 2016-07-17 14:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-03 00:53 - 2016-07-20 11:00 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\BetterDiscord
2016-08-01 19:02 - 2016-07-17 15:03 - 00000000 ____D C:\Users\Vedel\AppData\Local\SquirrelTemp
2016-07-31 22:16 - 2016-07-18 19:01 - 00027136 ___SH C:\Users\Vedel\Downloads\Thumbs.db
2016-07-29 01:13 - 2016-07-17 14:18 - 00004016 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 01:13 - 2016-07-17 14:18 - 00003784 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 21:25 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 02:00 - 2016-07-17 16:36 - 00000000 ____D C:\Users\Vedel\AppData\Local\Adobe
2016-07-26 21:33 - 2016-07-17 15:01 - 00000000 ____D C:\Users\Vedel\AppData\Local\Blizzard Entertainment
2016-07-26 21:32 - 2016-07-17 15:01 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-07-26 16:28 - 2016-07-17 15:50 - 00000000 ____D C:\Users\Vedel\AppData\Roaming\Adobe
2016-07-26 16:22 - 2016-07-17 16:36 - 00000000 ____D C:\ProgramData\Adobe
2016-07-26 16:21 - 2016-07-17 16:37 - 00000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2015-12-18 07:03 - 2015-12-18 07:03 - 0124133 _____ () C:\Program Files\Acknowledgements.rtf
2016-07-05 21:29 - 2016-07-05 21:29 - 3370128 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_dsp.dll
2016-07-05 21:30 - 2016-07-05 21:30 - 0165520 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_link.dll
2016-07-05 21:30 - 2016-07-05 21:30 - 2199696 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_manager.dll
2016-07-05 21:29 - 2016-07-05 21:29 - 0870544 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_musicid.dll
2016-07-05 21:30 - 2016-07-05 21:30 - 0325776 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_submit.dll
2016-07-05 21:30 - 2016-07-05 21:30 - 3082000 _____ (Apple Inc.) C:\Program Files\iPodUpdaterExt.dll
2016-07-05 21:29 - 2016-07-05 21:29 - 3051320 _____ (Apple Inc.) C:\Program Files\iTunes.exe
2016-07-05 21:29 - 2016-07-05 21:29 - 0576824 _____ (Apple Inc.) C:\Program Files\iTunesAdmin.dll
2016-07-05 21:30 - 2016-07-05 21:30 - 38180664 _____ (Apple Inc.) C:\Program Files\iTunesCore.dll
2016-07-05 21:29 - 2016-07-05 21:29 - 0212280 _____ (Apple Inc.) C:\Program Files\iTunesHelper.dll
2016-07-05 21:30 - 2016-07-05 21:30 - 0176952 _____ (Apple Inc.) C:\Program Files\iTunesHelper.exe
2016-07-05 21:30 - 2016-07-05 21:30 - 0162616 _____ (Apple Inc.) C:\Program Files\iTunesMiniPlayer.dll
2016-08-05 06:34 - 2016-08-17 00:39 - 0000132 _____ () C:\Users\Vedel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-17 03:26 - 2016-08-17 04:00 - 0003927 _____ () C:\Users\Vedel\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-25 05:32 - 2016-08-25 05:32 - 0000036 _____ () C:\Users\Vedel\AppData\Local\housecall.guid.cache
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Vedel\AppData\Local\setup.txt
2016-08-25 06:07 - 2016-08-25 06:07 - 0000010 _____ () C:\Users\Vedel\AppData\Local\sponge.last.runtime.cache
2016-08-04 15:34 - 2016-08-04 17:12 - 0006327 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-16 15:39
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 AM

Posted 28 August 2016 - 08:33 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Verkz

Verkz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 28 August 2016 - 10:02 PM

1)  
Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 101  
 Java version 32-bit out of Date! 
 Google Chrome (51.0.2704.106) 
 Google Chrome (52.0.2743.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

2)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.545.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.311000 GHz
Memory total: 8482074624, free: 761307136
 
Downloaded database version: v2016.08.25.01
Downloaded database version: v2016.08.15.01
Downloaded database version: v2016.08.15.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/25/2016 05:33:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\jraid.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\SamsungRapidFSFltr.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\SamsungRapidDiskFltr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\rzmpos.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
\??\C:\WINDOWS\system32\drivers\rzpnk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\??\C:\WINDOWS\system32\drivers\semav6msr64.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\ladfGSS.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.08.25.01
  rootkit: v2016.08.15.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0014fd5a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0014fd5ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0014fd5a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0014fd5bc40, DeviceName: Unknown, DriverName: \Driver\SamsungRapidDiskFltr\
DevicePointer: 0xffffe0014fb05e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0014fb03060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E83E0D27
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 877965312
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 878172160  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-23E0357CC3BD43BA934B3A5F3A767E76CA4C0678.bin.83" is compressed (flags = 1)
File "C:\Users\Vedel\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-878172160-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.545.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.311000 GHz
Memory total: 8482074624, free: 2829107200
 
Downloaded database version: v2016.08.28.08
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/29/2016 04:36:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\jraid.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\SamsungRapidFSFltr.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\SamsungRapidDiskFltr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\rzmpos.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
\??\C:\WINDOWS\system32\drivers\rzpnk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\??\C:\WINDOWS\system32\drivers\semav6msr64.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\ladfGSS.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.08.28.08
  rootkit: v2016.08.15.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0014fd5a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0014fd5ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0014fd5a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0014fd5bc40, DeviceName: Unknown, DriverName: \Driver\SamsungRapidDiskFltr\
DevicePointer: 0xffffe0014fb05e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0014fb03060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E83E0D27
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 877965312
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 878172160  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.83" is compressed (flags = 1)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.545.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.311000 GHz
Memory total: 8482074624, free: 6998466560
 
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/29/2016 04:47:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\jraid.sys
\SystemRoot\System32\drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\SamsungRapidFSFltr.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\SamsungRapidDiskFltr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\ladfGSS.sys
\SystemRoot\System32\drivers\rzmpos.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\mmcss.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\Ndu.sys
\??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
\??\C:\WINDOWS\system32\drivers\rzpnk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.08.28.08
  rootkit: v2016.08.15.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00094985060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00094985b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00094985060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000948b0de0, DeviceName: Unknown, DriverName: \Driver\SamsungRapidDiskFltr\
DevicePointer: 0xffffe000947c0260, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000947fe060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E83E0D27
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 877965312
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 878172160  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-173C634689E3533535C36C2DC1A570B15D2E80D2.bin.83" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-878172160-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


3)
# AdwCleaner v6.010 - Logfile created 29/08/2016 at 04:44:42
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-28.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Vedel - VEDEL-PC
# Running from : C:\Users\Vedel\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Update service
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Vedel\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
[-] Folder deleted: C:\Program Files (x86)\Popcorn Time
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1100 Bytes] - [29/08/2016 04:44:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [1370 Bytes] - [29/08/2016 04:41:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1246 Bytes] ##########


#4 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 AM

Posted 29 August 2016 - 03:39 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Verkz

Verkz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 29 August 2016 - 11:42 AM

I already posted the logs from Malwarebytes Anti-Rootkit and AdwCleaner.exe.

Here is the scan from Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Vedel (Administrator) on 29-08-2016 at 18:40:08,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29-08-2016 at 18:41:00,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 AM

Posted 29 August 2016 - 12:22 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


 
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-321774315-828011313-1267528381-1000\...\MountPoints2: {5e604b7d-4c24-11e6-b2b1-806e6f6e6963} - "D:\.\Bin\ASSETUP.exe" 
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\gcswf32.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\52.0.2743.116\gears.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) 
C:\Program Files\Popcorn Time\Updater.exe
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
Task: {6F1905F1-0A9D-4495-A0C1-D9B9F285325C} - System32\Tasks\{C26AD230-C4CB-4896-A3D2-FAE7C7DEA205} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/da/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {E34F0BBA-0955-4965-B262-161771730C32} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 AM

Posted 01 September 2016 - 03:02 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:42 AM

Posted 08 September 2016 - 11:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users