Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible key logger, mouse/desktop refreshes alot


  • This topic is locked This topic is locked
10 replies to this topic

#1 CubeZapper

CubeZapper

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 August 2016 - 02:35 AM

I downloaded a malicious zip file a few weeks ago and made a post about it:

http://www.bleepingcomputer.com/forums/t/622705/downloaded-a-shady-file/

 

Since then my cursor has been refreshing alot more often and my desktop refreshes itself often too. I was wondering if this is related to a keylogger/hidden malware? I am not the best with computers so any help is appreciated.

 

I was told to make a FRST report, which I did following the instructions from this thread:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01

Ran by Daniel (administrator) on 601112266882 (25-08-2016 15:07:53)
Running from C:\Users\Daniel\Downloads
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Home Single Language Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Daniel\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Daniel\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349224 2015-11-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-18] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-22] (CyberLink Corp.)
HKLM-x32\...\Run: [Gaming Mouse Driver] => C:\Program Files (x86)\Gaming Mouse\Monitor.EXE [491520 2015-01-22] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-07-31] (AVAST Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-05-30] (Razer Inc.)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-17] (Valve Corporation)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Spotify Web Helper] => C:\Users\Daniel\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-14] (Spotify Ltd)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\Run: [Discord] => C:\Users\Daniel\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\RunOnce: [Uninstall C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\RunOnce: [Uninstall C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\...\RunOnce: [Uninstall C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Daniel\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{46774ff0-7501-428a-a704-a1cf9c802daa}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{bfe14919-e2e4-478a-9588-a13ab6986b02}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-05-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-26] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1622788738-3801000913-2380669748-1001: @nsroblox.roblox.com/launcher -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1622788738-3801000913-2380669748-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-30]
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-30]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Awaken the Force Within) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeojddkbfhdgnnicgkgogjnbkdljibb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Avast SafePrice) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-16]
CHR Extension: (Google Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-25]
CHR Extension: (Skype) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-25]
CHR HKU\S-1-5-21-1622788738-3801000913-2380669748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-07-31] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-11-30] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2015-12-03] (EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144616 2015-11-30] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-26] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-18] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [361376 2015-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-09-04] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-06-01] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-17] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-05-30] (Razer Inc.)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [39424 2016-02-10] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-27] (Wacom Technology, Corp.)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-11-30] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-04] (Broadcom Corporation)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31464 2015-07-17] (ELAN Microelectronic Corp.)
R3 GMLXDFltr01; C:\Windows\system32\drivers\GMLXDFltr01.sys [10752 2014-07-24] (LXD Development, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-25] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-18] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-06-02] (Razer, Inc.)
R3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 15:07 - 2016-08-25 15:08 - 00025730 _____ C:\Users\Daniel\Downloads\FRST.txt
2016-08-25 15:06 - 2016-08-25 15:07 - 00000000 ____D C:\FRST
2016-08-25 15:05 - 2016-08-25 15:06 - 02396672 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64 (1).exe
2016-08-25 15:02 - 2016-08-25 15:03 - 02396672 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2016-08-25 14:18 - 2016-08-25 14:18 - 00003340 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-11 18:43 - 2016-08-03 18:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-11 18:43 - 2016-08-03 18:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-11 18:43 - 2016-08-03 18:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-11 18:43 - 2016-08-03 18:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-11 18:43 - 2016-08-03 18:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-11 18:43 - 2016-08-03 18:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-11 18:43 - 2016-08-03 18:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-11 18:43 - 2016-08-03 18:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-11 18:43 - 2016-08-03 18:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-11 18:43 - 2016-08-03 18:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-11 18:43 - 2016-08-03 18:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-11 18:43 - 2016-08-03 18:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-11 18:43 - 2016-08-03 18:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-11 18:43 - 2016-08-03 18:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-11 18:43 - 2016-08-03 18:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-11 18:43 - 2016-08-03 18:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-11 18:43 - 2016-08-03 18:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-11 18:43 - 2016-08-03 17:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-11 18:43 - 2016-08-03 17:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-11 18:43 - 2016-08-03 17:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-11 18:43 - 2016-08-03 17:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-11 18:43 - 2016-08-03 17:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-11 18:43 - 2016-08-03 17:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-11 18:43 - 2016-08-03 17:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-11 18:43 - 2016-08-03 17:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-11 18:43 - 2016-08-03 17:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-11 18:43 - 2016-08-03 17:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-11 18:43 - 2016-08-03 17:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-11 18:43 - 2016-08-03 17:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-11 18:43 - 2016-08-03 17:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-11 18:43 - 2016-08-03 17:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-11 18:43 - 2016-08-03 17:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-11 18:43 - 2016-08-03 17:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-11 18:43 - 2016-08-03 17:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-11 18:43 - 2016-08-03 17:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-11 18:43 - 2016-08-03 17:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-11 18:43 - 2016-08-03 17:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-11 18:43 - 2016-08-03 17:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-11 18:43 - 2016-08-03 17:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-11 18:43 - 2016-08-03 17:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-11 18:43 - 2016-08-03 17:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-11 18:43 - 2016-08-03 17:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-11 18:43 - 2016-08-03 17:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-11 18:43 - 2016-08-03 17:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-11 18:43 - 2016-08-03 17:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-11 18:43 - 2016-08-03 17:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-11 18:43 - 2016-08-03 17:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-11 18:43 - 2016-08-03 17:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-11 18:43 - 2016-08-03 17:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-11 18:43 - 2016-08-03 17:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-11 18:43 - 2016-08-03 17:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-11 18:43 - 2016-08-03 17:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-11 18:43 - 2016-08-03 17:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-11 18:43 - 2016-08-03 13:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-11 18:43 - 2016-08-03 13:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-11 18:43 - 2016-08-03 13:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-11 18:43 - 2016-08-03 13:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-11 18:43 - 2016-08-03 13:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-11 18:43 - 2016-08-03 13:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-11 18:43 - 2016-08-03 13:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-11 18:43 - 2016-08-03 13:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-11 18:43 - 2016-08-03 12:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-11 18:43 - 2016-08-03 12:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-11 18:43 - 2016-08-03 12:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-11 18:43 - 2016-08-03 12:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-11 18:43 - 2016-08-03 12:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-11 18:43 - 2016-08-03 12:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-11 18:43 - 2016-08-03 12:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-11 18:43 - 2016-08-03 12:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-11 18:43 - 2016-08-03 12:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-11 18:43 - 2016-08-03 12:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-11 18:43 - 2016-08-03 12:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-11 18:43 - 2016-08-03 12:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-11 18:43 - 2016-08-03 12:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-11 18:43 - 2016-08-03 12:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-11 18:43 - 2016-08-03 12:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-11 18:42 - 2016-08-03 19:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-11 18:42 - 2016-08-03 19:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-11 18:42 - 2016-08-03 19:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-11 18:42 - 2016-08-03 18:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-11 18:42 - 2016-08-03 18:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-11 18:42 - 2016-08-03 18:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-11 18:42 - 2016-08-03 18:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-11 18:42 - 2016-08-03 18:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-11 18:42 - 2016-08-03 18:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-11 18:42 - 2016-08-03 17:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-11 18:42 - 2016-08-03 17:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-11 18:42 - 2016-08-03 17:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-11 18:42 - 2016-08-03 17:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-11 18:42 - 2016-08-03 17:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-11 18:42 - 2016-08-03 17:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-11 18:42 - 2016-08-03 17:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-11 18:42 - 2016-08-03 17:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-11 18:42 - 2016-08-03 17:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-11 18:42 - 2016-08-03 17:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-11 18:42 - 2016-08-03 17:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-11 18:42 - 2016-08-03 17:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-11 18:42 - 2016-08-03 17:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-11 18:42 - 2016-08-03 17:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-11 18:42 - 2016-08-03 17:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-11 18:42 - 2016-08-03 17:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-11 18:42 - 2016-08-03 17:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-11 18:42 - 2016-08-03 17:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-11 18:42 - 2016-08-03 17:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-11 18:42 - 2016-08-03 17:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-11 18:42 - 2016-08-03 17:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-11 18:42 - 2016-08-03 17:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-11 18:42 - 2016-08-03 17:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-11 18:42 - 2016-08-03 17:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-11 18:42 - 2016-08-03 17:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-11 18:42 - 2016-08-03 17:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-11 18:42 - 2016-08-03 17:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-11 18:42 - 2016-08-03 17:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-11 18:42 - 2016-08-03 17:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-11 18:42 - 2016-08-03 13:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-11 18:42 - 2016-08-03 13:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-11 18:42 - 2016-08-03 12:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-11 18:42 - 2016-08-03 12:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-11 18:42 - 2016-08-03 12:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-11 18:42 - 2016-08-03 12:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-11 18:42 - 2016-08-03 12:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-11 18:42 - 2016-08-03 12:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-11 18:42 - 2016-08-03 12:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-11 18:42 - 2016-08-03 12:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-11 18:42 - 2016-08-03 12:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-11 18:42 - 2016-08-03 12:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-11 18:42 - 2016-08-03 12:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-11 18:42 - 2016-08-03 12:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-11 18:42 - 2016-08-03 12:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-11 18:42 - 2016-08-03 12:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-11 18:42 - 2016-08-03 12:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-11 18:42 - 2016-08-03 12:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-11 18:42 - 2016-08-03 12:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-11 18:42 - 2016-08-03 12:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 16:21 - 2016-08-09 16:23 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Daniel\Downloads\cbSetup.exe
2016-08-09 14:57 - 2016-08-25 14:57 - 00003258 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDaniel
2016-08-07 17:10 - 2016-08-07 17:10 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-07 17:10 - 2016-08-07 17:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer
2016-08-07 17:10 - 2016-08-07 17:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Apple Computer
2016-08-07 17:10 - 2016-08-07 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-07 17:09 - 2016-08-07 17:10 - 00000000 ____D C:\Program Files\iTunes
2016-08-07 17:09 - 2016-08-07 17:09 - 00000000 ____D C:\ProgramData\Apple Computer
2016-08-07 17:09 - 2016-08-07 17:09 - 00000000 ____D C:\Program Files\iPod
2016-08-07 17:09 - 2016-08-07 17:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-07 17:08 - 2016-08-07 17:08 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-07 17:08 - 2016-08-07 17:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-07 17:08 - 2016-08-07 17:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\Apple
2016-08-07 17:08 - 2016-08-07 17:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-08-07 17:07 - 2016-08-07 17:07 - 00000000 ____D C:\Program Files\Bonjour
2016-08-07 17:07 - 2016-08-07 17:07 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-08-07 17:06 - 2016-08-07 17:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-07 16:50 - 2016-08-07 17:04 - 170493768 _____ (Apple Inc.) C:\Users\Daniel\Downloads\iTunes6464Setup.exe
2016-08-05 16:44 - 2016-08-05 16:44 - 00002103 ____N C:\Users\Daniel\Desktop\Popcorn-Time.lnk
2016-08-05 16:41 - 2016-08-05 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-08-05 16:39 - 2016-08-05 17:52 - 00000000 ____D C:\Users\Daniel\AppData\Local\Popcorn-Time
2016-08-05 16:39 - 2016-08-05 16:39 - 34052006 _____ (Popcorn Time) C:\Users\Daniel\Downloads\Popcorn-Time-0.3.9-Setup (1).exe
2016-08-05 15:11 - 2016-08-05 15:28 - 00001071 ____N C:\Users\Daniel\Desktop\Review.txt
2016-08-04 23:04 - 2016-08-04 23:04 - 00000000 ____D C:\Users\Daniel\AppData\Local\You_Have_10_Secondsfinal
2016-08-04 20:24 - 2016-08-04 21:24 - 00000017 ____N C:\Users\Daniel\Desktop\Cool forumers.txt
2016-08-04 15:40 - 2016-08-06 15:26 - 00000000 ____D C:\Users\Daniel\Documents\Youtube stuff
2016-08-03 17:04 - 2016-08-25 14:18 - 00002249 _____ C:\Users\Daniel\Desktop\Discord.lnk
2016-08-03 17:04 - 2016-08-25 14:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-03 17:04 - 2016-08-25 14:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\discord
2016-08-03 17:03 - 2016-08-25 14:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\Discord
2016-08-03 17:02 - 2016-08-03 17:03 - 50899640 _____ (Hammer & Chisel, Inc.) C:\Users\Daniel\Downloads\DiscordSetup.exe
2016-08-02 20:03 - 2016-08-02 20:03 - 00000000 ____D C:\Users\Daniel\Documents\ROBLOX
2016-08-02 18:09 - 2016-08-02 18:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\com.playata.herozero.steam
2016-08-02 13:19 - 2016-08-05 15:08 - 00001441 ____N C:\Users\Daniel\Desktop\ROBLOX Player.lnk
2016-08-02 13:18 - 2016-08-05 15:08 - 00001256 ____N C:\Users\Daniel\Desktop\ROBLOX Studio.lnk
2016-08-02 13:18 - 2016-08-05 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-08-02 13:18 - 2016-08-02 13:18 - 01059832 _____ (ROBLOX Corporation) C:\Users\Daniel\Downloads\RobloxPlayerLauncher (1).exe
2016-08-02 13:12 - 2016-08-02 13:12 - 00003374 _____ C:\WINDOWS\System32\Tasks\{C13C8FAB-DA36-429C-880B-D9952E728DFA}
2016-08-01 14:12 - 2016-08-06 14:45 - 00000000 ____D C:\Users\Daniel\Documents\Bandicam
2016-08-01 14:10 - 2016-08-01 14:10 - 15675616 _____ (Bandisoft) C:\Users\Daniel\Downloads\bdcamsetup (1).exe
2016-07-31 20:12 - 2016-07-31 20:12 - 00001151 ____N C:\Users\Daniel\Desktop\Growtopia.lnk
2016-07-31 20:12 - 2016-07-31 20:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2016-07-31 20:07 - 2016-07-31 20:11 - 44235264 _____ C:\Users\Daniel\Downloads\GrowtopiaInstaller (3).exe
2016-07-31 17:09 - 2016-07-31 17:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twine 2
2016-07-31 17:09 - 2016-07-31 17:09 - 00000000 ____D C:\Program Files (x86)\Twine 2
2016-07-31 16:48 - 2016-07-31 17:08 - 44399228 _____ C:\Users\Daniel\Downloads\twine_2.0.11_win64.exe
2016-07-31 16:30 - 2016-07-31 16:30 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-07-31 16:30 - 2016-07-31 16:30 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-25 15:06 - 2015-12-02 21:18 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08EEB44A-8934-453A-8724-98ADB8BBCC84}
2016-08-25 15:06 - 2015-09-04 07:28 - 00000420 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
2016-08-25 15:03 - 2015-09-04 07:28 - 00000420 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
2016-08-25 14:57 - 2016-04-16 10:08 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDaniel.job
2016-08-25 14:31 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-25 14:31 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-25 14:22 - 2016-01-05 16:58 - 00000000 ____D C:\Users\Daniel\Documents\YouCam
2016-08-25 14:20 - 2015-12-14 10:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2016-08-25 14:20 - 2015-11-30 18:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-25 14:18 - 2015-11-29 14:33 - 00002377 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-25 14:18 - 2015-11-29 14:33 - 00000000 ___RD C:\Users\Daniel\OneDrive
2016-08-25 14:14 - 2016-01-30 18:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-25 14:14 - 2015-11-30 07:16 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 14:14 - 2015-11-29 22:29 - 00000000 __SHD C:\Users\Daniel\IntelGraphicsProfiles
2016-08-17 16:19 - 2015-12-14 10:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-17 16:19 - 2015-12-14 10:48 - 00000000 ____D C:\ProgramData\Skype
2016-08-17 16:12 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 16:10 - 2015-12-09 17:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-16 20:19 - 2015-11-30 19:10 - 00000000 ____D C:\Users\Daniel\AppData\Local\Growtopia
2016-08-12 19:50 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-12 16:10 - 2016-01-30 18:57 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-12 16:10 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-12 16:03 - 2015-07-16 14:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 15:59 - 2016-01-30 19:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-12 01:26 - 2015-10-30 14:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-12 01:25 - 2015-10-30 17:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 01:25 - 2015-10-30 15:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-12 01:25 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-11 23:04 - 2015-11-30 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 23:04 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 23:04 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-11 22:46 - 2015-11-30 21:25 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 00:20 - 2016-06-09 17:51 - 00000000 ____D C:\Users\Daniel\Documents\HD MOOOVIES
2016-08-09 15:34 - 2016-02-22 21:06 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 15:34 - 2016-02-22 21:06 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 17:08 - 2015-09-04 07:18 - 00000000 ____D C:\ProgramData\Apple
2016-08-05 16:31 - 2016-01-05 17:29 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-03 23:05 - 2016-01-30 18:57 - 00000000 ____D C:\Users\Daniel
2016-08-03 23:04 - 2015-12-28 10:34 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Bioshock
2016-08-03 19:47 - 2015-12-12 16:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-03 17:19 - 2016-07-18 16:04 - 00000000 ____D C:\Users\Daniel\Documents\Bioshock
2016-08-03 17:04 - 2016-05-03 19:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\SquirrelTemp
2016-08-02 20:29 - 2016-05-03 19:45 - 00000000 ____D C:\Users\Daniel\.counterplay
2016-08-02 20:01 - 2016-06-18 22:44 - 00000252 _____ C:\Users\Daniel\AppData\LocalLow\rbxcsettings.rbx
2016-08-02 20:01 - 2016-06-18 22:44 - 00000000 ____D C:\Users\Daniel\AppData\Local\Roblox
2016-08-01 14:11 - 2015-12-29 10:23 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-07-31 17:24 - 2015-11-30 07:16 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-31 17:24 - 2015-11-30 07:16 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-31 17:24 - 2015-11-30 07:16 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-31 17:15 - 2015-10-30 15:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-07-31 17:15 - 2015-10-30 15:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-07-31 17:15 - 2015-10-30 15:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-07-31 17:15 - 2015-10-30 15:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-07-31 17:15 - 2015-10-30 15:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-07-31 16:42 - 2015-10-30 14:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-31 16:35 - 2016-03-24 17:16 - 00004014 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458810965
2016-07-31 16:35 - 2016-03-24 17:16 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-31 16:31 - 2016-01-05 17:29 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-07-31 16:30 - 2016-03-24 17:15 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00968536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-07-31 16:30 - 2016-01-05 17:29 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
 
==================== Files in the root of some directories =======
 
2016-05-22 14:28 - 2016-05-22 14:28 - 0000055 ____N () C:\Users\Daniel\AppData\Roaming\MouseServer.ini
2015-12-28 21:38 - 2015-12-28 21:39 - 0000826 _____ () C:\ProgramData\1451309926.2188.bin
2015-12-28 21:38 - 2015-12-28 21:39 - 0002059 _____ () C:\ProgramData\1451309926.7436.bin
2015-12-28 21:38 - 2015-12-28 21:39 - 0042965 _____ () C:\ProgramData\1451309926.7440.bin
2015-12-01 14:52 - 2015-10-02 14:52 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\bdfilters.dll
C:\Users\Daniel\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Daniel\AppData\Local\Temp\pin2taskbar.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-18 20:34
 
==================== End of FRST.txt ============================
 
Addition.txt:
Attached File  Addition.txt   61.19KB   3 downloads


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 28 August 2016 - 01:29 PM

Greetings CubeZapper and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 28 August 2016 - 02:04 PM

Thanks for your patience.

Let's gather some information first.

Can you tell me if these downloads were similar to how you downloaded Bandicam?

Growtopia
Twine 2


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
File: C:\Users\Daniel\Downloads\bdcamsetup (1).exe
File: C:\Users\Daniel\Downloads\GrowtopiaInstaller (3).exe
File: C:\Users\Daniel\Downloads\twine_2.0.11_win64.exe
File: C:\users\daniel\downloads\mouse-server.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Program downloads?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 CubeZapper

CubeZapper
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 31 August 2016 - 08:21 PM

To the first question:

Growtopia and Twine were downloaded of different websites, Growtopia and Twine used installers while the "Bandicam file" used a zip. The two apps are irrelevant to the "Bandicam file" and are both reliable.

 

Must I still perform the second step?


Edited by CubeZapper, 31 August 2016 - 08:23 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 01 September 2016 - 08:12 AM

Thank you for the information, we can skip that step. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
2016-08-02 13:12 - 2016-08-02 13:12 - 00003374 _____ C:\WINDOWS\System32\Tasks\{C13C8FAB-DA36-429C-880B-D9952E728DFA}
2016-08-01 14:12 - 2016-08-06 14:45 - 00000000 ____D C:\Users\Daniel\Documents\Bandicam
2016-08-01 14:10 - 2016-08-01 14:10 - 15675616 _____ (Bandisoft) C:\Users\Daniel\Downloads\bdcamsetup (1).exe
2016-07-31 16:35 - 2016-03-24 17:16 - 00004014 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458810965
2016-07-31 16:35 - 2016-03-24 17:16 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-05-22 14:28 - 2016-05-22 14:28 - 0000055 ____N () C:\Users\Daniel\AppData\Roaming\MouseServer.ini
2015-12-28 21:38 - 2015-12-28 21:39 - 0000826 _____ () C:\ProgramData\1451309926.2188.bin
2015-12-28 21:38 - 2015-12-28 21:39 - 0002059 _____ () C:\ProgramData\1451309926.7436.bin
2015-12-28 21:38 - 2015-12-28 21:39 - 0042965 _____ () C:\ProgramData\1451309926.7440.bin
2015-12-01 14:52 - 2015-10-02 14:52 - 0000032 ____R () C:\ProgramData\hash.dat
C:\Users\Daniel\AppData\Local\Temp\bdfilters.dll
C:\Users\Daniel\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Daniel\AppData\Local\Temp\pin2taskbar.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\uninstall.exe
File: C:\users\daniel\downloads\mouse-server.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Adware Removal Tool by TSA

--------------------
  • Please download Adware Removal Tool and save it to your Desktop.
  • Right click on the icon and select Run as administrator.
  • Select: Yes, I agree.
  • Click Scan.
  • If objects are found, click OK.
  • Review the log and uncheck any items you want to keep (somewhat uncommon).
  • Click Clean.
  • If requested, click OK to close any open browsers.
  • Click OK after the cleaning process has Successfully Finished.
  • Click Save this Result and save the file to your Desktop as ART.txt.
  • Confirm the file was successfully saved.
  • Click Finished, then close the browser that will open.
  • Copy and paste ART.txt
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ART.txt
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 04 September 2016 - 09:55 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 06 September 2016 - 08:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 07 September 2016 - 09:58 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 09 September 2016 - 08:42 PM

Do you still want help?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 10 September 2016 - 09:21 AM

Though you asked for the Topic to be reopened 3 days ago I have not heard from you. If you are unable to reply within 24 hours the topic will be permanently closed and you will need to start a new Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 11 September 2016 - 09:19 AM

Due to the consistent lack of feedback, this topic is now permanently closed. If you desire further assistance please start a new topic when you are able to reply in a timely manner.

Edited by Oh My!, 11 September 2016 - 09:20 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users