Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD Dialog Box opens at random. Used all methods to search-- 0.


  • This topic is locked This topic is locked
19 replies to this topic

#1 Kickens

Kickens

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 25 August 2016 - 09:29 AM

Hello,

 

For the last couple months a random CMD box opens for a brief second (unable to see what it says). It is completely random and causes some of my programs to tab out if they are running in fullscreen which is a very big annoyance. I completed a bunch of methods on how to find extremely hidden viruses & malware. I honestly believed I had a "rootkit." After using about 4 different programs they all came back with nothing. Nothing significant has happened after or right before the box appears. I don't visit malicious websites neither... just the average G-Mail and YouTube. It's been starting to concern me because it happens a lot more frequently recently. Any help on this would be greatly appreciated! Thanks for reading this lengthy explanation.

 

- Kickens



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 25 August 2016 - 09:54 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 26 August 2016 - 03:45 AM

Hello, sorry for the late response on the topic. Thanks for replying to this concerning issue! I had to upload the logs to Pastebin because it would say "Saving post" for hours on end and wouldn't finish!

 

Here is the link to the logs (pastebin):

http://pastebin.com/4mibdEi9



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 26 August 2016 - 09:17 AM

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Please run a new scan with standard parameters (md5 drivers and list bcd should be unchecked)

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 27 August 2016 - 02:08 AM

Alright. I just finished running AdwCleaner and came up with 21 results. The log below is from AdwCleaner:

# AdwCleaner v6.010 - Logfile created 26/08/2016 at 18:15:14
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-25.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Daniel - DANIEL-PC
# Running from : C:\Users\danie\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Update service
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\danie\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
[-] Folder deleted: C:\ProgramData\VideoDownloaderUltimateWinApp
[#] Folder deleted on reboot: C:\ProgramData\Application Data\VideoDownloaderUltimateWinApp
[-] Folder deleted: C:\Program Files (x86)\Popcorn Time
 
 
***** [ Files ] *****
 
[-] File deleted: C:\END
[-] File deleted: C:\Users\danie\AppData\Local\Temp\Utils.dll
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Update service
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\Software\Link64
[-] Key deleted: HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloaderUltimateWinApp
[#] Key deleted on reboot: HKCU\Software\Link64
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloaderUltimateWinApp
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAKURA
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2462 Bytes] - [26/08/2016 18:15:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [2607 Bytes] - [26/08/2016 18:11:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2608 Bytes] ##########
 
Now for Malware-Bytes,
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/27/2016
Scan Time: 2:39 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.27.03
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Daniel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401674
Time Elapsed: 14 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Finally,
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Daniel (administrator) on DANIEL-PC (27-08-2016 03:05:18)
Running from C:\Users\danie\Downloads
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() H:\Program Files\EslWire\service\WireHelperSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Samsung Electronics Co., Ltd.) H:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Samsung Electronics.) H:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\danie\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() H:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() H:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
(Spotify Ltd) C:\Users\danie\AppData\Roaming\Spotify\Spotify.exe
() H:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
(Spotify Ltd) C:\Users\danie\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\danie\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\danie\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\danie\AppData\Roaming\Spotify\Spotify.exe
() H:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-01-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1410168 2016-01-05] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [SamsungRapidApp] => H:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-10-16] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-07-07] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [SMTP Host] => C:\Users\danie\AppData\Roaming\6CAABE52-2A18-4029-AD1B-AC1FE52FF811\SMTP Host\smtphost.exe [53248 2015-10-23] (Microsoft Corporation)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Spotify Web Helper] => C:\Users\danie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-23] (Spotify Ltd)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3639280 2016-06-13] (Electronic Arts)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2016-04-04] (hxxp://shotty.devs-on.net)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Reflector2] => [X]
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Spotify] => C:\Users\danie\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-23] (Spotify Ltd)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Dxtory Update Checker 2.0] => F:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [Discord] => C:\Users\danie\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\lol.scr
Startup: C:\Users\danie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-06-26]
ShortcutTarget: Curse.lnk -> C:\Users\danie\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1f242a3b-e887-49a3-aa32-a987461b3c23}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{571d17e9-3959-47b3-9f7a-3b07b8678c11}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{571d17e9-3959-47b3-9f7a-3b07b8678c11}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-07] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-07] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\danie\AppData\Roaming\Mozilla\Firefox\Profiles\ba3c0ypm.default
FF DefaultSearchEngine.US: Google
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-07] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> H:\Program Files\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> H:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3053298624-2859590821-3115551304-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-05-24] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3053298624-2859590821-3115551304-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-05-24] (TD Ameritrade)
FF Extension: (ScrapBook) - C:\Users\danie\AppData\Roaming\Mozilla\Firefox\Profiles\ba3c0ypm.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2016-06-11]
FF Extension: (Grammarly for Firefox) - C:\Users\danie\AppData\Roaming\Mozilla\Firefox\Profiles\ba3c0ypm.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-07-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-08-16]
CHR Extension: (Google Docs) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Ban Checker for Steam) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2016-04-19]
CHR Extension: (Adblock Plus) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Steam Inventory Helper) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-08-25]
CHR Extension: (Google Search) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Tags for YouTube™) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggphokdgjikekfiakjcpidcclbmkfga [2016-07-07]
CHR Extension: (Tampermonkey) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-20]
CHR Extension: (Video Downloader professional) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-18]
CHR Extension: (Google Sheets) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Steam Theme) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm [2016-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Enhanced Steam) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-08-04]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-08-25]
CHR Extension: (Click&Clean App) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-08-16]
CHR Extension: (Gmail) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-07-28] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249320 2016-01-05] (DTS, Inc)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [232208 2016-06-22] (EasyAntiCheat Ltd)
R2 EslWireHelper; H:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2016-04-12] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-10-08] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.)
S4 LolScreenSaverService; h:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-30] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S4 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-13] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-08-14] (Overwolf LTD)
S4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-05-15] ()
S4 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2016-05-13] ()
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-19] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S4 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; H:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-07-28] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 ESEADriver2; C:\Users\danie\AppData\Local\Temp\ESEADriver2.sys [315016 2016-07-09] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R0 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2015-07-07] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [38088 2014-12-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [43472 2016-06-08] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinRing0_1_2_0; H:\SteamLibrary\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [14536 2016-01-09] (OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [35880 2016-07-26] (Wellbia.com Co., Ltd.)
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-27 03:04 - 2016-08-27 03:04 - 00000000 ____D C:\Users\danie\Downloads\FRST-OlderVersion
2016-08-27 02:29 - 2016-08-27 02:29 - 00000000 _____ C:\WINDOWS\cd_127
2016-08-26 18:10 - 2016-08-26 18:15 - 00000000 ____D C:\AdwCleaner
2016-08-26 18:10 - 2016-08-26 18:10 - 03826240 _____ C:\Users\danie\Downloads\AdwCleaner.exe
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\Users\danie\Documents\Deus Ex -  Mankind Divided
2016-08-25 11:44 - 2016-08-25 11:44 - 00000000 ____D C:\Users\danie\AppData\Roaming\Eidos Montreal
2016-08-25 10:20 - 2016-08-26 02:11 - 00130522 _____ C:\Users\danie\Downloads\Shortcut.txt
2016-08-25 10:19 - 2016-08-26 02:11 - 00135956 _____ C:\Users\danie\Downloads\Addition.txt
2016-08-25 10:18 - 2016-08-27 03:05 - 00028676 _____ C:\Users\danie\Downloads\FRST.txt
2016-08-25 10:18 - 2016-08-27 03:05 - 00000000 ____D C:\FRST
2016-08-25 10:18 - 2016-08-27 03:04 - 02396160 _____ (Farbar) C:\Users\danie\Downloads\FRST64.exe
2016-08-25 10:05 - 2016-08-25 10:17 - 00000000 ____D C:\Users\danie\Desktop\mbar
2016-08-25 10:05 - 2016-08-25 10:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-25 10:05 - 2016-08-25 10:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\danie\Downloads\mbar-1.09.3.1001.exe
2016-08-25 10:02 - 2016-08-25 10:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\danie\Downloads\rkill.exe
2016-08-25 10:02 - 2016-08-25 10:02 - 00004136 _____ C:\Users\danie\Desktop\Rkill.txt
2016-08-25 09:55 - 2016-08-27 02:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-25 09:55 - 2016-08-25 10:05 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-25 09:55 - 2016-08-25 09:55 - 22851472 _____ (Malwarebytes ) C:\Users\danie\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-25 09:55 - 2016-08-25 09:55 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-25 09:55 - 2016-08-25 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-25 09:55 - 2016-08-25 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-25 09:55 - 2016-08-25 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-25 09:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-25 09:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-25 01:59 - 2016-08-25 01:59 - 01171585 _____ C:\Users\danie\Downloads\betaaccountkeygen.exe
2016-08-25 01:58 - 2016-08-25 01:59 - 00000676 _____ C:\Users\danie\Desktop\Steam.lnk
2016-08-25 01:58 - 2016-08-25 01:58 - 01833984 _____ C:\Users\danie\Downloads\setup.exe
2016-08-23 09:23 - 2016-08-23 09:23 - 17392199 _____ C:\Users\danie\Downloads\dmcheater.dem
2016-08-22 01:48 - 2016-08-22 01:48 - 10746849 _____ C:\Users\danie\Desktop\152b6025778b7e3d22dd843fb1fdc2a6.psd
2016-08-21 03:57 - 2016-08-21 03:58 - 03001040 _____ C:\Users\danie\Desktop\ts3_recording_16_08_21_3_57_54.wav
2016-08-19 21:05 - 2016-08-19 21:05 - 00000164 _____ C:\Users\danie\Downloads\Alts_Service.txt
2016-08-19 04:12 - 2016-08-19 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unravel™
2016-08-17 01:39 - 2016-08-17 01:39 - 00000000 ____D C:\Users\danie\AppData\Roaming\MPC-HC
2016-08-17 01:38 - 2016-08-17 01:38 - 00001747 _____ C:\Users\danie\Desktop\MPC-HC x64.lnk
2016-08-17 01:38 - 2016-08-17 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2016-08-17 01:38 - 2016-08-17 01:38 - 00000000 ____D C:\Program Files\MPC-HC
2016-08-17 01:37 - 2016-08-17 01:37 - 13395440 _____ (MPC-HC Team ) C:\Users\danie\Downloads\MPC-HC.1.7.10.x64.exe
2016-08-15 20:18 - 2016-08-15 20:18 - 01827920 _____ C:\Users\danie\Desktop\ts3_recording_16_08_15_20_18_27.wav
2016-08-15 20:18 - 2016-08-15 20:18 - 00985040 _____ C:\Users\danie\Desktop\ts3_recording_16_08_15_20_18_18.wav
2016-08-15 17:49 - 2016-08-15 18:15 - 00497664 _____ C:\Users\danie\Desktop\steam-idle.exe
2016-08-15 17:49 - 2016-08-15 17:49 - 01849344 _____ C:\Users\danie\Desktop\IdleMaster.exe
2016-08-15 17:49 - 2016-08-15 17:49 - 01412032 _____ C:\Users\danie\Downloads\idle_master.zip
2016-08-15 17:49 - 2016-08-15 17:49 - 00000000 ____D C:\Users\danie\Desktop\Languages
2016-08-15 17:49 - 2015-10-25 10:23 - 00003243 _____ C:\Users\danie\Desktop\IdleMaster.exe.config
2016-08-15 17:49 - 2015-02-10 22:49 - 00142528 _____ (Valve Corporation) C:\Users\danie\Desktop\steam_api.dll
2016-08-15 17:49 - 2015-02-10 22:49 - 00116736 _____ (Riley Labrecque) C:\Users\danie\Desktop\CSteamworks.dll
2016-08-15 17:49 - 2015-02-09 19:28 - 00513536 _____ (Newtonsoft) C:\Users\danie\Desktop\Newtonsoft.Json.dll
2016-08-15 17:49 - 2015-01-14 20:52 - 00134656 _____ (Simon Mourier) C:\Users\danie\Desktop\HtmlAgilityPack.dll
2016-08-15 17:47 - 2016-08-15 17:48 - 00000000 ____D C:\Users\danie\AppData\Local\Deployment
2016-08-15 17:47 - 2016-08-15 17:47 - 01200529 _____ C:\Users\danie\Downloads\idle_master-master.zip
2016-08-15 17:47 - 2016-08-15 17:47 - 00000000 ____D C:\Users\danie\AppData\Local\Apps\2.0
2016-08-15 17:47 - 2015-07-24 17:41 - 00207360 _____ (Riley Labrecque) C:\Users\danie\Desktop\Steamworks.NET.dll
2016-08-15 05:20 - 2016-08-15 05:20 - 00255736 _____ C:\Users\danie\Downloads\steam.design.zip
2016-08-15 05:15 - 2016-08-26 10:09 - 00000000 ____D C:\Users\danie\AppData\Local\Warframe
2016-08-14 21:30 - 2016-08-14 21:30 - 173849252 _____ C:\Users\danie\Desktop\Main_1.mp4
2016-08-14 19:46 - 2016-08-14 19:46 - 07589125 _____ C:\Users\danie\Downloads\Samo Sans Pro.zip
2016-08-14 03:51 - 2016-08-14 03:52 - 00000000 ____D C:\Users\danie\Documents\Need For Speed
2016-08-14 02:14 - 2016-08-14 02:14 - 00000612 _____ C:\Users\danie\Desktop\SinusBot 0.9.13.lnk
2016-08-14 02:13 - 2016-08-14 02:13 - 20782384 _____ (Michael Friese) C:\Users\danie\Downloads\sinusbot-0.9.13.exe
2016-08-14 02:12 - 2016-08-14 02:12 - 00394754 _____ C:\Users\danie\Downloads\soundboard-1.0b5-win64.ts3_plugin
2016-08-14 01:04 - 2016-08-14 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™
2016-08-13 22:17 - 2016-08-13 22:17 - 00732864 _____ C:\Users\danie\Desktop\biceps 16x16 - Google Search.html
2016-08-13 22:17 - 2016-08-13 22:17 - 00000000 ____D C:\Users\danie\Desktop\biceps 16x16 - Google Search_files
2016-08-12 23:15 - 2016-08-12 23:15 - 03540560 _____ C:\Users\danie\Desktop\ts3_recording_16_08_12_23_15_36.wav
2016-08-12 04:55 - 2016-08-12 04:55 - 162380126 _____ C:\Users\danie\Desktop\Main.mp4
2016-08-11 05:36 - 2016-08-11 05:36 - 00009662 _____ C:\Users\danie\Desktop\^73BAF353966243F09CCC7C67473AA9402FCB1C2671D5FD9CF7^pimgpsh_thumbnail_win_distr.jpg
2016-08-10 20:48 - 2016-08-10 20:48 - 04086577 _____ C:\Users\danie\Downloads\forge-1.8.9-11.15.1.1902-1.8.9-installer.jar
2016-08-10 20:45 - 2016-08-10 20:46 - 297229998 _____ C:\Users\danie\Downloads\Pixelmon-1.8.9-4.2.7-universal.jar
2016-08-10 17:36 - 2016-08-10 17:36 - 00214185 _____ C:\Users\danie\Downloads\MCBans.jar
2016-08-10 17:36 - 2016-08-10 17:36 - 00010411 _____ C:\Users\danie\Downloads\MCBansProxy.jar
2016-08-10 17:32 - 2016-08-10 17:32 - 00213371 _____ C:\Users\danie\Desktop\MVC.jar
2016-08-10 17:31 - 2016-08-10 17:32 - 00213371 _____ C:\Users\danie\Downloads\MVC.jar
2016-08-10 17:22 - 2016-08-10 17:22 - 00601473 _____ C:\Users\danie\Downloads\inf-20100618.jar
2016-08-10 17:22 - 2016-08-10 17:22 - 00026704 _____ C:\Users\danie\Downloads\rd-132211.jar
2016-08-10 17:09 - 2016-08-10 17:09 - 04770430 _____ C:\Users\danie\Downloads\bukkit-1.3.2-R3.0.jar
2016-08-10 16:49 - 2016-08-10 16:49 - 01345610 _____ C:\Users\danie\Downloads\minecraft_server.jar
2016-08-10 16:30 - 2016-08-10 16:30 - 00185402 _____ C:\Users\danie\Downloads\Space_Battleship_Yamato.schematic
2016-08-10 16:22 - 2016-08-10 16:22 - 00020470 _____ C:\Users\danie\Downloads\bismarckag52.schematic
2016-08-10 12:39 - 2016-08-10 12:41 - 00000000 ____D C:\Users\danie\AppData\Roaming\.pixelmon-beta
2016-08-10 12:39 - 2016-08-10 12:39 - 00000950 _____ C:\Users\Public\Desktop\Pixelmon Launcher.lnk
2016-08-10 12:39 - 2016-08-10 12:39 - 00000000 ____D C:\ProgramData\Ikara Software Limited
2016-08-10 12:39 - 2016-08-10 12:39 - 00000000 ____D C:\ProgramData\Caphyon
2016-08-10 12:38 - 2016-08-10 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixelmon Launcher (Beta)
2016-08-10 12:38 - 2016-08-10 12:38 - 20799568 _____ (Ikara Software Limited) C:\Users\danie\Desktop\PixelmonLauncherBeta-2.0.23.exe
2016-08-10 12:38 - 2016-08-10 12:38 - 19819961 _____ C:\Users\danie\Downloads\PixelmonLauncherBeta-2.0.23.zip
2016-08-10 12:38 - 2016-08-10 12:38 - 00000000 ____D C:\Users\danie\AppData\Roaming\Ikara Software Limited
2016-08-10 12:36 - 2016-08-10 12:36 - 00000000 ____D C:\Users\danie\Desktop\Astro Mod Network
2016-08-10 03:44 - 2016-08-10 03:44 - 00000650 _____ C:\Users\danie\AppData\Roaming\jd-gui.cfg
2016-08-10 02:58 - 2016-08-10 02:58 - 00042319 _____ C:\Users\danie\Downloads\mranto1_spawn.schematic
2016-08-10 02:55 - 2016-08-10 02:55 - 00009896 _____ C:\Users\danie\Downloads\rustic-small-town.schematic
2016-08-09 20:48 - 2016-08-14 01:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-09 20:48 - 2016-08-09 20:48 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-09 20:48 - 2016-08-09 20:48 - 00001106 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-08-09 20:47 - 2016-08-09 20:47 - 09751184 _____ (TeamViewer GmbH) C:\Users\danie\Downloads\TeamViewer_Setup_en.exe
2016-08-09 19:59 - 2016-08-09 20:00 - 08764679 _____ C:\Users\danie\Downloads\jd-gui-1.4.0.jar
2016-08-09 19:24 - 2016-08-09 19:24 - 00592340 _____ C:\Users\danie\Downloads\jd-eclipse-site-1.0.0-RC2.zip
2016-08-09 19:16 - 2016-08-09 19:16 - 00605207 _____ C:\Users\danie\Downloads\Screamer_MC1.7.2_V2.0.zip
2016-08-09 18:01 - 2016-08-09 18:01 - 00580071 _____ C:\Users\danie\Downloads\world-trade-center.schematic
2016-08-09 15:28 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 15:28 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 15:28 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 15:28 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 15:28 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 15:28 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 15:28 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 15:28 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 15:28 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 15:28 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 15:28 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 15:28 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 15:28 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 15:28 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 15:28 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 15:28 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 15:28 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 15:28 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 15:28 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 15:28 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 15:28 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 15:28 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 15:28 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 15:28 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 15:28 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 15:28 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 15:28 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 15:28 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 15:28 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 15:28 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 15:28 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 15:28 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 15:28 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 15:28 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 15:28 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 15:28 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 15:28 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 15:28 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 15:28 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 15:28 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 15:28 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 15:28 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 15:28 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 15:28 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 15:28 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 15:28 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 15:28 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 15:28 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 15:28 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 15:28 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 15:28 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 15:28 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 15:28 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 15:28 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 15:28 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 15:28 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 15:28 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 15:28 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 15:28 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 15:28 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 15:28 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 15:28 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 15:28 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 15:28 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 15:28 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 15:28 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 15:28 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 15:28 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 15:28 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 15:28 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 15:28 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 15:28 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 15:28 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 15:28 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 15:28 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 15:28 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 15:28 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 15:28 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 15:28 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 15:28 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 15:28 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 15:28 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 15:28 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 15:28 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 15:28 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 15:28 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 15:28 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 15:28 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 15:28 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 15:28 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 15:28 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 15:28 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 15:28 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 15:28 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 15:28 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 15:28 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 15:28 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 15:28 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 15:28 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 15:28 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 15:28 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 15:28 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 15:28 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 15:28 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 15:28 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 15:28 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 15:28 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 15:28 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 15:28 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 15:28 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 15:28 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 15:28 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 15:28 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 15:28 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 15:28 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:28 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 15:27 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 15:27 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 15:27 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 15:27 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 15:27 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 15:27 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 15:27 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 15:27 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 15:27 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 15:27 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 15:27 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 15:27 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 15:27 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 15:27 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 15:27 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 15:27 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 15:27 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 15:27 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 15:25 - 2016-08-09 15:25 - 00691510 _____ C:\Users\danie\Downloads\BungeeTabListPlus-2.5.4.zip
2016-08-08 23:39 - 2016-08-08 23:39 - 00014270 _____ C:\Users\danie\Downloads\choptree3.3.1.jar
2016-08-08 23:36 - 2016-08-08 23:36 - 00033710 _____ C:\Users\danie\Downloads\RandomTP.jar
2016-08-08 21:01 - 2016-08-08 21:01 - 03632776 _____ C:\Users\danie\Downloads\VoxelSniper-5.171.0-SNAPSHOT.jar
2016-08-08 19:56 - 2016-08-08 19:56 - 00757881 _____ C:\Users\danie\Downloads\citizens-2.0.9-SNAPSHOT.jar
2016-08-08 19:38 - 2016-08-08 19:37 - 1589290298 _____ C:\Users\danie\Desktop\2012.zip
2016-08-08 19:26 - 2016-08-08 19:37 - 1589290298 _____ C:\Users\danie\Downloads\2012.zip
2016-08-08 16:55 - 2016-08-08 16:55 - 00064654 _____ C:\Users\danie\Downloads\BetterChairs.jar
2016-08-08 16:53 - 2016-08-08 16:53 - 00117616 _____ C:\Users\danie\Downloads\PacketListenerAPI_v3.4.4.jar
2016-08-08 16:53 - 2016-08-08 16:53 - 00116119 _____ C:\Users\danie\Downloads\MapManager_v1.2.0.jar
2016-08-08 16:50 - 2016-08-08 16:50 - 00528188 _____ C:\Users\danie\Downloads\AnimatedFrames_v4.3.3.jar
2016-08-08 16:41 - 2016-08-08 16:42 - 00366851 _____ C:\Users\danie\Downloads\ImageOnMap-3.0.jar
2016-08-08 15:24 - 2016-08-08 15:24 - 00022362 _____ C:\Users\danie\Downloads\Hive_JumpPads_v.2.17.jar
2016-08-08 15:16 - 2016-08-08 15:16 - 00071952 _____ C:\Users\danie\Downloads\Advanced-Portals-0.0.21-snapshot.jar
2016-08-07 23:50 - 2016-08-07 23:50 - 01140427 _____ C:\Users\danie\Downloads\Citizens.jar
2016-08-07 18:44 - 2016-08-07 18:44 - 00120122 _____ C:\Users\danie\Downloads\EssentialsXGeoIP-2.0.1.jar
2016-08-07 18:44 - 2016-08-07 18:44 - 00017975 _____ C:\Users\danie\Downloads\EssentialsXSpawn-2.0.1.jar
2016-08-07 16:50 - 2016-08-07 16:50 - 01252055 _____ C:\Users\danie\Downloads\worldguard-6.1.2.jar
2016-08-07 16:49 - 2016-08-07 16:49 - 00019475 _____ C:\Users\danie\Downloads\BungeePortals.jar
2016-08-07 16:42 - 2016-08-07 16:42 - 00007113 _____ C:\Users\danie\Downloads\JoinMessagePlus-2.2.jar
2016-08-07 16:14 - 2016-08-07 16:23 - 00001065 _____ C:\Users\danie\Downloads\permissions(2).yml
2016-08-07 15:19 - 2016-08-07 15:19 - 00134972 _____ C:\Users\danie\Downloads\Herochat.jar
2016-08-07 15:02 - 2016-08-07 15:02 - 00296909 _____ C:\Users\danie\Downloads\Vault.jar
2016-08-07 14:40 - 2016-08-07 14:40 - 00024151 _____ C:\Users\danie\Downloads\SpigotBan.jar
2016-08-07 14:33 - 2016-08-07 14:33 - 00035100 _____ C:\Users\danie\Downloads\HideandCustomPlugins.jar
2016-08-07 14:27 - 2016-08-07 14:27 - 00188307 _____ C:\Users\danie\Downloads\Statz-1.3.jar
2016-08-07 14:12 - 2016-08-07 14:12 - 00027641 _____ C:\Users\danie\Downloads\CanelaAnti-PluginSteal.jar
2016-08-07 14:11 - 2016-08-07 14:11 - 00025704 _____ C:\Users\danie\Downloads\party-bungeecord-1.0-RELEASE.jar
2016-08-07 14:10 - 2016-08-07 14:10 - 00045398 _____ C:\Users\danie\Downloads\netevents-1.0.jar
2016-08-07 14:09 - 2016-08-07 14:10 - 00722895 _____ C:\Users\danie\Downloads\PermissionsEx-1.23.4.jar
2016-08-07 00:46 - 2016-08-07 00:46 - 00263932 _____ C:\Users\danie\Downloads\CoreProtect_2.13.1.jar
2016-08-07 00:36 - 2016-08-07 00:36 - 00026545 _____ C:\Users\danie\Downloads\TitleMotd-1.4.0.jar
2016-08-07 00:29 - 2016-08-07 00:29 - 01635151 _____ C:\Users\danie\Downloads\Multiverse-Core-2.5-b717.jar
2016-08-07 00:28 - 2016-08-07 00:28 - 00446128 _____ C:\Users\danie\Downloads\SuperHub.jar
2016-08-07 00:28 - 2016-08-07 00:28 - 00012145 _____ C:\Users\danie\Downloads\PingAPI.jar
2016-08-07 00:27 - 2016-08-07 00:27 - 00021410 _____ C:\Users\danie\Downloads\AntiVoid.jar
2016-08-07 00:18 - 2016-08-07 00:18 - 01710017 _____ C:\Users\danie\Downloads\worldedit-bukkit-6.1.3.jar
2016-08-07 00:09 - 2016-08-07 00:09 - 00018649 _____ C:\Users\danie\Downloads\VoxelightPlace.jar
2016-08-06 23:57 - 2016-08-06 23:57 - 00088252 _____ C:\Users\danie\Downloads\securimage_play.php
2016-08-06 17:53 - 2016-08-06 17:53 - 01119528 _____ C:\Users\danie\Downloads\EssentialsX-2.0.1.jar
2016-08-06 17:19 - 2016-08-06 17:19 - 21088537 _____ C:\Users\danie\Downloads\spigot-latest.jar
2016-08-06 16:58 - 2016-08-06 16:58 - 09885982 _____ C:\Users\danie\Downloads\BungeeCord.jar
2016-08-06 16:57 - 2016-08-10 20:57 - 00000000 ____D C:\Users\danie\Desktop\PumpkinCraft
2016-08-04 21:42 - 2016-08-04 21:42 - 00304531 _____ C:\Users\danie\Downloads\XRay-33.jar
2016-08-04 21:40 - 2016-08-04 21:40 - 04361965 _____ C:\Users\danie\Downloads\forge-1.10.2-12.18.1.2011-installer.jar
2016-08-04 14:22 - 2016-08-04 14:22 - 00000000 ____D C:\Users\danie\.android
2016-08-04 14:19 - 2016-08-04 14:22 - 09311232 _____ C:\Users\danie\Desktop\Impactor.exe
2016-08-04 14:19 - 2016-08-04 14:19 - 14016013 _____ C:\Users\danie\Desktop\Impactor_0.9.31.zip
2016-08-04 14:19 - 2016-08-02 04:27 - 02803475 _____ C:\Users\danie\Desktop\Impactor.dat
2016-08-04 14:19 - 2016-08-02 03:18 - 08864768 _____ (libusb.info) C:\Users\danie\Desktop\Impactor.dll
2016-08-04 14:19 - 2016-07-31 00:23 - 00097792 _____ (Google, inc) C:\Users\danie\Desktop\AdbWinApi.dll
2016-08-04 14:19 - 2016-07-31 00:23 - 00062976 _____ (Google, inc) C:\Users\danie\Desktop\AdbWinUsbApi.dll
2016-08-04 14:19 - 2011-01-08 06:28 - 00943616 _____ (winsparkle.org) C:\Users\danie\Desktop\WinSparkle.dll
2016-08-04 14:18 - 2016-08-04 14:19 - 22217739 _____ C:\Users\danie\Desktop\NvwaStone_1.1.ipa
2016-08-04 14:18 - 2016-08-04 14:19 - 14016013 _____ C:\Users\danie\Downloads\Impactor_0.9.31.zip
2016-08-04 10:33 - 2016-08-04 10:33 - 00225556 _____ C:\Users\danie\Desktop\Reflector Recording.mp4
2016-07-30 16:13 - 2016-08-25 06:27 - 00002239 _____ C:\Users\danie\Desktop\Discord.lnk
2016-07-30 16:13 - 2016-08-25 06:27 - 00000000 ____D C:\Users\danie\AppData\Local\Discord
2016-07-30 16:13 - 2016-07-30 16:13 - 50209976 _____ (Hammer & Chisel, Inc.) C:\Users\danie\Downloads\DiscordSetup.exe
2016-07-28 07:20 - 2016-07-28 07:26 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-07-28 07:20 - 2016-07-28 07:26 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-07-28 07:20 - 2016-07-28 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-07-28 07:20 - 2016-07-28 07:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-07-28 05:01 - 2016-07-28 05:01 - 00914912 _____ (Overwolf Ltd.) C:\Users\danie\Downloads\Replay HUD-OverwolfInstaller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-27 02:47 - 2016-01-09 03:41 - 00000000 ____D C:\Users\danie\AppData\Roaming\Spotify
2016-08-27 02:42 - 2016-01-09 03:42 - 00000000 ____D C:\Users\danie\AppData\Local\Spotify
2016-08-27 02:35 - 2016-01-09 02:51 - 00005954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-27 02:33 - 2016-01-09 03:18 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-27 02:33 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 02:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 02:32 - 2016-01-28 04:33 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E58D7027-450A-4B01-AEDA-F416E80D3082}
2016-08-27 02:31 - 2016-06-11 21:23 - 00000000 ____D C:\Users\danie\AppData\Local\LogMeIn Hamachi
2016-08-27 02:31 - 2016-01-09 03:01 - 00000000 ____D C:\Users\danie\AppData\Roaming\TS3Client
2016-08-27 02:30 - 2016-01-09 02:55 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-27 02:30 - 2016-01-09 02:51 - 00000000 ____D C:\Users\danie
2016-08-27 02:29 - 2016-01-09 02:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-27 02:28 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-26 19:15 - 2016-01-09 02:55 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-26 18:10 - 2016-01-09 15:47 - 00000000 ____D C:\Users\danie\AppData\Roaming\Skype
2016-08-25 10:56 - 2016-05-27 02:44 - 00000000 ____D C:\Users\danie\AppData\Roaming\MusicBee
2016-08-25 10:54 - 2016-07-09 19:00 - 00000860 _____ C:\Users\danie\Desktop\ESEA Client.lnk
2016-08-25 09:49 - 2016-03-01 04:00 - 00000000 ____D C:\Users\danie\AppData\Local\Eclipse
2016-08-25 09:49 - 2016-03-01 03:56 - 00000000 ____D C:\Users\danie\.p2
2016-08-25 06:27 - 2016-05-17 00:04 - 00000000 ____D C:\Users\danie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-25 06:27 - 2016-05-17 00:04 - 00000000 ____D C:\Users\danie\AppData\Roaming\discord
2016-08-24 02:21 - 2016-02-25 21:56 - 00000000 ____D C:\Users\danie\AppData\Local\CrashDumps
2016-08-23 08:55 - 2016-02-05 03:37 - 00000000 ____D C:\ProgramData\Origin
2016-08-23 03:32 - 2016-01-28 05:32 - 00000000 ____D C:\Users\danie\AppData\Roaming\OBS
2016-08-23 03:29 - 2016-01-28 05:31 - 00000000 ____D C:\Program Files\OBS
2016-08-22 22:20 - 2016-01-09 04:20 - 00000000 ____D C:\Users\danie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-22 19:03 - 2016-07-10 18:24 - 00001136 _____ C:\Users\danie\Desktop\nativelog.txt
2016-08-22 19:03 - 2016-01-15 21:37 - 00000000 ____D C:\Users\danie\AppData\Roaming\.minecraft
2016-08-21 04:28 - 2016-04-24 08:04 - 00000000 ____D C:\Users\danie\AppData\Local\Purplizer
2016-08-20 21:44 - 2016-04-24 08:01 - 00000000 ____D C:\Users\danie\AppData\Local\Overwolf
2016-08-20 03:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-19 07:26 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-18 22:57 - 2016-05-12 15:09 - 00000000 ____D C:\Users\danie\AppData\Local\Battle.net
2016-08-17 02:02 - 2016-04-24 08:02 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-08-15 17:49 - 2016-05-25 02:41 - 00000000 ____D C:\Users\danie\AppData\Local\IdleMaster
2016-08-15 17:47 - 2016-03-01 13:07 - 00000000 ____D C:\Users\danie\Documents\Visual Studio 2015
2016-08-14 21:48 - 2016-04-14 01:46 - 00000000 ____D C:\Users\danie\Desktop\DannyRA
2016-08-14 21:29 - 2016-02-07 06:10 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-13 02:19 - 2016-05-06 18:20 - 00000000 ____D C:\Users\danie\AppData\Local\PAYDAY 2
2016-08-12 18:53 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 16:23 - 2016-06-21 16:44 - 00001003 _____ C:\Users\Public\Desktop\STAR WARS Battlefront.lnk
2016-08-11 02:11 - 2016-01-09 02:52 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 02:09 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 02:09 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 02:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-11 02:08 - 2016-07-06 02:34 - 05052728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-11 01:51 - 2016-01-09 02:52 - 00000000 ____D C:\Users\danie\AppData\Local\Packages
2016-08-10 21:26 - 2016-07-09 18:18 - 00000000 ____D C:\Users\danie\Desktop\am_matera r
2016-08-10 12:55 - 2016-05-12 15:29 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-09 18:21 - 2016-01-09 03:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 18:21 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-09 18:21 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-09 18:17 - 2016-01-09 03:30 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 17:17 - 2016-01-09 02:55 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 17:17 - 2016-01-09 02:55 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 16:13 - 2016-03-25 02:03 - 00000000 ____D C:\Users\danie\AppData\Local\Reflector 2
2016-08-04 14:30 - 2016-02-06 23:51 - 00000000 ____D C:\Users\danie\AppData\Roaming\Apple Computer
2016-08-04 11:54 - 2016-06-11 12:59 - 00000000 ____D C:\Users\danie\AppData\Roaming\Adobe
2016-07-31 08:26 - 2016-01-09 15:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-31 08:26 - 2016-01-09 15:47 - 00000000 ____D C:\ProgramData\Skype
2016-07-30 16:13 - 2016-05-17 00:04 - 00000000 ____D C:\Users\danie\AppData\Local\SquirrelTemp
2016-07-28 17:10 - 2016-01-09 02:55 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 17:10 - 2016-01-09 02:55 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2016-08-10 03:44 - 2016-08-10 03:44 - 0000650 _____ () C:\Users\danie\AppData\Roaming\jd-gui.cfg
2016-01-25 10:59 - 2016-01-25 10:59 - 0937776 _____ (AutoIt Team) C:\Users\danie\AppData\Roaming\JNbiPhRKMDIMGNGTYT.exe
2016-01-25 10:59 - 2016-01-25 10:59 - 0222224 _____ () C:\Users\danie\AppData\Roaming\PiKbXdabRTGWeUXGN
2016-06-08 03:25 - 2016-06-08 03:25 - 0001167 _____ () C:\Users\danie\AppData\Roaming\trace_FilterInstaller.txt
2016-06-08 03:25 - 2016-06-08 03:25 - 0000000 _____ () C:\Users\danie\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-01-25 10:59 - 2016-01-25 10:59 - 0052230 _____ () C:\Users\danie\AppData\Roaming\WDiNXgWLLiAdGZNSOQL.au3
2016-07-09 16:58 - 2016-07-09 16:58 - 0001468 _____ () C:\Users\danie\AppData\Local\recently-used.xbel
2016-06-04 02:15 - 2016-06-04 02:15 - 0000017 _____ () C:\Users\danie\AppData\Local\resmon.resmoncfg
2016-01-09 03:20 - 2016-01-09 03:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\danie\AppData\Local\Temp\150dbf0cf8fe05980e41471ea521e045.dll
C:\Users\danie\AppData\Local\Temp\6af2c49ebf1d552bee0798ef86fd2626.dll
C:\Users\danie\AppData\Local\Temp\EslWireSetup-1.19.0.8220-x64.exe
C:\Users\danie\AppData\Local\Temp\Installer.exe
C:\Users\danie\AppData\Local\Temp\jansi-64-2540473174907254795.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-2702643582128472192.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-4630730884887114154.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-5061410240827437613.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-519714169889670491.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-6895629530094046004.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-7184197823329525451.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-7330067684608231369.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-7747806466845917773.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-7825870167973501972.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-7943378708203392099.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-8046549084447757037.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-8333741869908358668.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-8406211194151711168.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-8437464487287843195.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-1080105227821425639.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-1770151848528018497.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-1798309774977532152.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-2008528721894824600.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-2139508305507042377.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-2238461846514977631.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-2326258400405380663.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-2438568334242646821.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-2897249210011243916.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-3438762935746420799.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-3595740153281337866.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-4295785109456860969.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-4345136162268066529.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-448703739828299195.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-468288707335931785.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-4790703261124100503.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-4806650385005364637.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-5373694757353269535.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-5607402320357032186.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-5926581491202786524.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-5943060032212159604.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-6002299647374330472.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-6023710122249026524.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-6289149440219839678.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-6710817148735797646.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-6779206462209820815.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-692799226425191973.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-7583731620861495603.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-7649453361326320377.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-7839312433223570739.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-8236556670872924716.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-8572749863732118630.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-8939111512921497718.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-9071632199772839417.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-BungeeCord-979731154144310315.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-27-gdc25312-b2815jnks.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-1-g988f599-b2919jnks.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1053082009033211146.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1098194698011143679.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1204327277818193469.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1720151956693179603.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1870307150053565032.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1953027066901447306.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-1977425877284976096.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2124389379792087416.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2155167376846277499.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2267005715184922011.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2331602116078489354.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-246101940635329404.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2587462862069706203.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2645873315897850497.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-2764442911836875495.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-283740330852044141.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3012406741874444524.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3218406603707287199.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3288029354708929799.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3426566143529458273.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3482033247340369045.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3706547258757292732.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-3791977554754535609.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4049464690092393942.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4122023432140812761.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4206402263200324815.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4253364825464594420.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-427799427112896307.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4312407647363310165.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4352617072640690563.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-437242518223670328.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4546425115446878182.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4611418052206483655.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4636752606589959198.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4735101287214793494.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4747431961638073444.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-4890052438566095605.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-493824126923599379.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-5297714928672291627.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-5516937181180966258.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-559988160158518923.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-5962099204916136464.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-5997204790752174796.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6068003217314384545.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-614294402147481201.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6282143416201527131.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6322157418295543926.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6442241033623099195.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6640040412830310447.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6715859402765207200.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6811850603576299291.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6841760251339651741.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6873072178716180638.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6888268176313726307.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-6994878616269634365.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7028889582743141436.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7079058152454671460.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7091860858654447578.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7167126779963411397.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-717739770894150593.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7249630869922868432.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7427354586053390973.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7441743108915435982.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7501972064648959037.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7625036155752953501.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7874034090838185872.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-793965881147869210.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7968121622919655674.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-7974927265019428593.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8060961532848530073.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8234608087582697425.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8239336181839121814.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8538281805773480199.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8587969942953819747.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8622659947733734942.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-8772378920908809018.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-9001480041831332783.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-9102788429440516576.dll
C:\Users\danie\AppData\Local\Temp\jansi-64-git-Spigot-90f61bc-29e1d72-9141895550184761764.dll
C:\Users\danie\AppData\Local\Temp\libeay32.dll
C:\Users\danie\AppData\Local\Temp\msvcr120.dll
C:\Users\danie\AppData\Local\Temp\npp.6.9.2.Installer.exe
C:\Users\danie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\danie\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\danie\AppData\Local\Temp\sqlite3.dll
C:\Users\danie\AppData\Local\Temp\Steam.exe
C:\Users\danie\AppData\Local\Temp\Uninstall.exe
C:\Users\danie\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-25 08:36
 
==================== End of FRST.txt ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 27 August 2016 - 06:51 AM

Hi,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    File: C:\Users\danie\AppData\Roaming\JNbiPhRKMDIMGNGTYT.exe
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Edited by deeprybka, 27 August 2016 - 06:52 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 27 August 2016 - 12:39 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Daniel (27-08-2016 13:34:11) Run:1
Running from C:\Users\danie\Downloads
Loaded Profiles: Daniel (Available Profiles: Daniel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
File: C:\Users\danie\AppData\Roaming\JNbiPhRKMDIMGNGTYT.exe
EmptyTemp:
*****************
 
Processes closed successfully.
 
========================= File: C:\Users\danie\AppData\Roaming\JNbiPhRKMDIMGNGTYT.exe ========================
 
File is digitally signed
MD5: B06E67F9767E5023892D9698703AD098
Creation and modification date: 2016-01-25 10:59 - 2016-01-25 10:59
Size: 0937776
Attributes: ----A
Company Name: AutoIt Team
Internal Name: AutoIt3.exe
Original Name: AutoIt3.exe
Product: AutoIt v3 Script
Description: AutoIt v3 Script
File Version: 3, 3, 14, 2
Product Version: 3, 3, 14, 2
Copyright: ©1999-2015 Jonathan Bennett & AutoIt Team
 
====== End of File: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 844857 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102385390 B
Java, Flash, Steam htmlcache => 374639941 B
Windows/system/drivers => 64715188 B
Edge => 3506665 B
Chrome => 711853072 B
Firefox => 213466586 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1071096 B
danie => 12096100806 B
 
RecycleBin => 0 B
EmptyTemp: => 12.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:34:26 ====


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 27 August 2016 - 12:47 PM

OK, please do the following now:

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

eset.gif

Edited by deeprybka, 27 August 2016 - 12:53 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 27 August 2016 - 01:25 PM

Alright. I'm now doing the long file scan.



#10 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 27 August 2016 - 11:03 PM

For ESET Online Scanner,

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fb0ce17f90114a4aaf041adc2a6c0d88
# end=init
# utc_time=2016-08-27 05:59:08
# local_time=2016-08-27 01:59:08 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 30560
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fb0ce17f90114a4aaf041adc2a6c0d88
# end=updated
# utc_time=2016-08-27 06:01:35
# local_time=2016-08-27 02:01:35 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fb0ce17f90114a4aaf041adc2a6c0d88
# engine=30560
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-08-27 10:00:52
# local_time=2016-08-27 06:00:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 25224195 0 0
# scanned=1074759
# found=14
# cleaned=0
# scan_time=14357
sh=5104FBD7789DD8C202F4A23AF786CE7510ED5DDE ft=0 fh=0000000000000000 vn="Win32/Obfuscated.Autoit.D trojan" ac=I fn="C:\Users\danie\AppData\Roaming\WDiNXgWLLiAdGZNSOQL.au3"
sh=AE3975E0FA9AE419B1E699D50DD7D9C755F7C214 ft=1 fh=6f4eb53ecc224607 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Addons\Rice_47DEFF4D.exe"
sh=B3E509EC843444C5D35A60B419F8E5961B8ACED7 ft=1 fh=0ebb3997d3120944 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.Sandbox.dll"
sh=ED98789DE4BD60A7CE0FC37FA69D1D6A38014693 ft=1 fh=f47fa559c47fdc9a vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.SDK.dll"
sh=DF8FDDA43EAB500EA5DA39DA62D6E04A6AB0CD7E ft=1 fh=75002c6af403a6c2 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\dAshe\bin\Debug\dAshe.exe"
sh=31788210F82565CCB8A74209F0D2F4A5CB02765C ft=1 fh=be222e6ac0679129 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\dAshe\bin\Debug\EloBuddy.SDK.dll"
sh=DF8FDDA43EAB500EA5DA39DA62D6E04A6AB0CD7E ft=1 fh=75002c6af403a6c2 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\dAshe\obj\Debug\dAshe.exe"
sh=B3E509EC843444C5D35A60B419F8E5961B8ACED7 ft=1 fh=0ebb3997d3120944 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\Rice\bin\Release\EloBuddy.Sandbox.dll"
sh=ED98789DE4BD60A7CE0FC37FA69D1D6A38014693 ft=1 fh=f47fa559c47fdc9a vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\Rice\bin\Release\EloBuddy.SDK.dll"
sh=AE3975E0FA9AE419B1E699D50DD7D9C755F7C214 ft=1 fh=6f4eb53ecc224607 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\Rice\bin\Release\Rice.exe"
sh=AE3975E0FA9AE419B1E699D50DD7D9C755F7C214 ft=1 fh=6f4eb53ecc224607 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="C:\Users\danie\AppData\Roaming\EloBuddy\Repositories\7DCAD446\Rice\obj\Release\Rice.exe"
sh=6896B0ADDE6F3A997B599C879E1C810F75A1B1D9 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.ANZ potentially unsafe application" ac=I fn="H:\Everything.zip"
sh=B3E509EC843444C5D35A60B419F8E5961B8ACED7 ft=1 fh=0ebb3997d3120944 vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="H:\Program Files (x86)\EloBuddy\System\EloBuddy.Sandbox.dll"
sh=ED98789DE4BD60A7CE0FC37FA69D1D6A38014693 ft=1 fh=f47fa559c47fdc9a vn="a variant of MSIL/GameHack.QL potentially unsafe application" ac=I fn="H:\Program Files (x86)\EloBuddy\System\EloBuddy.SDK.dll"
 
 
Now for Hitman,
HitmanPro 3.7.14.265
www.hitmanpro.com
 
   Computer name . . . . : DANIEL-PC
   Windows . . . . . . . : 10.0.0.10586.X64/12
   User name . . . . . . : DANIEL-PC\Daniel
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2016-08-27 13:52:23
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 16
 
   Objects scanned . . . : 2,712,477
   Files scanned . . . . : 102,030
   Remnants scanned  . . : 640,638 files / 1,969,809 keys
 
Malware _____________________________________________________________________
 
   C:\Users\danie\AppData\Local\NVIDIA\NvBackend\StreamingAssets\sniper_elite_3\automated_launch.exe
      Size . . . . . . . : 46,592 bytes
      Age  . . . . . . . : 151.0 days (2016-03-29 13:22:52)
      Entropy  . . . . . : 5.2
      SHA-256  . . . . . : C2436FAE74C8700B906D77C9C8E55F5A11FE49563C2D95B363E6B17500B5BEDB
      Product  . . . . . : OL
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.GenericKD.2079543
      Fuzzy  . . . . . . : 106.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\danie\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 951,497 bytes
      Age  . . . . . . . : 102.9 days (2016-05-16 17:09:51)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\danie\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 138,648 bytes
      Age  . . . . . . . : 135.4 days (2016-04-14 04:04:12)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\danie\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733,004 bytes
      Age  . . . . . . . : 105.7 days (2016-05-13 22:04:56)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\danie\Downloads\FRST64.exe
      Size . . . . . . . : 2,396,672 bytes
      Age  . . . . . . . : 0.0 days (2016-08-27 13:33:45)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 11B9B0D6AF172547DCE483C7C45072636F030B12DE1C40AF08B6E8D08D394EDC
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.5s C:\Users\danie\AppData\Local\Spotify\mercury.db-wal
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000072
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000073
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000074
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000075
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000076
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000077
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000078
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_000079
         -0.8s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_00007a
         -0.7s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_00007b
         -0.7s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_00007c
         -0.7s C:\Users\danie\AppData\Local\Spotify\Browser\Cache\f_00007d
          0.0s C:\Users\danie\Downloads\FRST64.exe
 
 
Cookies _____________________________________________________________________
 
   C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\danie\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\12OAHH3C.txt
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\3TKS8HLB.txt
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\CKTD70V6.txt
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\GMHBUX9R.txt
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\KG1ABFU5.txt
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\P64CTXB9.txt
   C:\Users\danie\AppData\Local\Microsoft\Windows\INetCookies\RN4KNILC.txt
 
 
 
Thanks!
 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 28 August 2016 - 05:00 AM

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 28 August 2016 - 11:39 AM

It seems that there are no more problems at the current moment. Thanks for your help and I'll reply here if anything occurs.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 29 August 2016 - 11:33 AM

I want you to upload the following file(s) to an online virus-scanner to reanalyse.

Step 1

Upload File(s) to virustotal.png

  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:
    C:\Users\danie\AppData\Roaming\JNbiPhRKMDIMGNGTYT.exe
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Copy and Paste the link of the result page in your reply.

Follow the procedure for the following file(s) too:
C:\Users\danie\AppData\Local\NVIDIA\NvBackend\StreamingAssets\sniper_elite_3\automated_launch.exe


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Kickens

Kickens
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 29 August 2016 - 01:15 PM

For the first scan,

https://www.virustotal.com/en/file/8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb/analysis/1472494132/

 

and for the second,

https://www.virustotal.com/en/file/c2436fae74c8700b906d77c9c8e55f5a11fe49563c2d95b363e6b17500b5bedb/analysis/1472494331/ .

 

Thanks



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:26 PM

Posted 30 August 2016 - 11:35 AM

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3053298624-2859590821-3115551304-1001\...\Run: [SMTP Host] => 
    File: "C:\Users\danie\AppData\Roaming\6CAABE52-2A18-4029-AD1B-AC1FE52FF811\SMTP Host\smtphost.exe"
    C:\Users\danie\AppData\Roaming\6CAABE52-2A18-4029-AD1B-AC1FE52FF811
    GroupPolicyScripts: Restriction 
    C:\Users\danie\AppData\Roaming\JNbiPhRKMDIMGNGTYT.exe
    C:\Users\danie\AppData\Roaming\WDiNXgWLLiAdGZNSOQL.au3
    AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
    AlternateDataStreams: C:\Users\danie\AppData\Local\NzxqAAMwRXmjgn:2WcjVN9KnH7h9IN4uvu [2454]
    AlternateDataStreams: C:\Users\danie\AppData\Local\Temp:guocVnEACktM0yrPYYP9MyW [2432]
    AlternateDataStreams: C:\Users\danie\AppData\Local\Temp:NGJuX7fTOBwLETpv5ycW [2072]
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users