Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with virus, "The requested resource is in use"


  • This topic is locked This topic is locked
25 replies to this topic

#1 Smileyjuice7

Smileyjuice7

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 17 April 2017 - 08:21 PM

I apologize in advance if I am in the wrong forum topic, I'm relatively new to the site.

I accidentally downloaded some malware from an ad, and my computer started showing symptoms: browser homepage changed, computer increasingly slower, antiviruses disabled, etc.

Upon startup, all of my anti-viruses showed this error: "The requested resource is in use." I searched online, and realized I had a rootkit installed on my computer, so I tried installing malwarebytes anti-rootkit, but that too was affected, as it showed the same error message: "The requested resource is in use."

I went reboot into safe mode and tried several more anti-rootkit software, but they too showed the same error message.

 

What can I do to get rid of this Trojan virus and restore my computer to it's previous state?

 

Thanks,

Darius



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 17 April 2017 - 08:23 PM

Hi Smileyjuice7 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder).

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 18 April 2017 - 05:35 AM

Thanks for the response, Yoan.
When I try to run the mbar exe, it tells me to extract it, but after that it just creates a folder titles mbar on my desktop. Inside there are many different assets, as well as an mbar.exe, but when I try to run it, it gives me the same error, that the requested resource is in use.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 April 2017 - 07:08 AM

Can you double-click on the mbar.cmd file inside the MBAR folder, and see if MBAR is launched? See the screenshot above if needed.

https://support.malwarebytes.com/customer/portal/attachments/498840

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 18 April 2017 - 01:47 PM

Alright, so when i double click mbar.cmd, a command prompt shows up asking me whether it's okay to start the application [Y/N]:. I typed "Y", and the cmd closed, but the application did not run, or show any signs of working. Am I doing something wrong?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 April 2017 - 02:08 PM

If you're following my instructions, then it isn't your fault, don't worry. Alright, follow the instructions below to get some logs and let's see if I can make MBAR work somehow.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 18 April 2017 - 02:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by dariu (administrator) on DESKTOP-5JPONF1 (18-04-2017 15:35:57)
Running from C:\Users\dariu\Desktop
Loaded Profiles: dariu (Available Profiles: dariu)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13877464 2015-05-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-20] (Microsoft Corporation)
HKLM\...\Run: [R.A.T.TE] => C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe [195072 2015-09-18] (Mad Catz Inc)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [13178064 2017-01-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\RunOnce: [ExpressZipUninstall] => cmd.exe /C rmdir /S /Q "C:\Program Files (x86)\NCH Software\ExpressZip"
HKLM-x32\...\RunOnce: [ExpressZipUninstall2] => cmd.exe /C rmdir /Q "C:\Program Files (x86)\NCH Software\ExpressZip"
HKLM-x32\...\RunOnce: [ExpressZipUninstall3] => cmd.exe /C rmdir /S /Q "C:\Users\dariu\AppData\Roaming\NCH Software\Program Files\ExpressZip"
HKLM-x32\...\RunOnce: [ExpressZipUninstall4] => cmd.exe /C rmdir /Q "C:\Users\dariu\AppData\Roaming\NCH Software\Program Files"
HKLM-x32\...\RunOnce: [ExpressZipUninstall5] => cmd.exe /C rmdir /Q "C:\Users\dariu\AppData\Roaming\NCH Software"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-07-29] (Disc Soft Ltd)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Discord] => C:\Users\dariu\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Spotify Web Helper] => C:\Users\dariu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-17] (Spotify Ltd)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Spotify] => C:\Users\dariu\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-17] (Spotify Ltd)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-03-28] (Nota Inc.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [f.lux] => C:\Users\dariu\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [peidso] => rundll32.exe "C:\Users\dariu\AppData\Local\peidso.dll",peidso <===== ATTENTION
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{62a2a1f0-d66c-415b-b66e-89298f014056}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-11] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-11] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-11] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-11] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-11] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=ga5zftpbl0cshmoau,89645622-60fc-4954-9196-afcad075752f,
CHR StartupUrls: Default -> "chrome://newtab/"
CHR NewTab: Default ->  Active:"chrome-extension://nljldecpbfgbiaejapakffolddomlooi/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=ga5zftpbl0cshmoau,89645622-60fc-4954-9196-afcad075752f,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Easy Auto Refresh) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-04-18]
CHR Extension: (Google Slides) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-07]
CHR Extension: (Google Docs) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-07]
CHR Extension: (Google Drive) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-07]
CHR Extension: (YouTube) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-07]
CHR Extension: (Adblock Plus) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Sword Art Online Sunset Theme) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfiihpjmboknfjljocplobffangmahg [2017-01-08]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-08-07]
CHR Extension: (Hide Most Visited Pages Reloaded) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhphmpoekpoecdbjeionimpiceigkeil [2017-02-25]
CHR Extension: (Google Sheets) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-07]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-01-08]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-04-17]
CHR Extension: (Google Hangouts) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-18]
CHR Extension: (RadioRage) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi [2017-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (My Chrome Theme) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-08-07]
CHR Extension: (Gmail) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-03-16]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-08]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-04-17]
CHR Extension: (Google Slides) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-08]
CHR Extension: (Google Docs) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-08]
CHR Extension: (Google Drive) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-08]
CHR Extension: (YouTube) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-08]
CHR Extension: (Hide Most Visited Pages Reloaded) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhphmpoekpoecdbjeionimpiceigkeil [2017-01-08]
CHR Extension: (Google Sheets) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-08]
CHR Extension: (Minimalistic - Blue Blue) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knckaefnahggefjmhiilmgifninknbhf [2017-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
S2 Dataup; C:\Users\dariu\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed]
S2 realtek_amd64; C:\Users\dariu\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-04-16] () [File not signed] <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S2 Wallpaper Engine Service; D:\Steam Games\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [25600 2017-03-05] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [54256 2016-12-11] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [29168 2016-12-11] (Corsair)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-08] (Disc Soft Ltd)
R3 KillerEth; C:\WINDOWS\System32\drivers\e24w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys [14569528 2017-02-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-09-18] (Saitek)
S3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-09-18] (Saitek)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 _hid_0738_1704; C:\WINDOWS\system32\DRIVERS\_hid_0738_1704.sys [180928 2015-09-18] (Saitek)
R3 _usb_0738_1704; C:\WINDOWS\System32\drivers\_usb_0738_1704.sys [46528 2015-09-18] (Saitek)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-18 15:14 - 2017-04-18 15:36 - 00021447 _____ C:\Users\dariu\Desktop\FRST.txt
2017-04-18 15:14 - 2017-04-18 15:35 - 00000000 ____D C:\FRST
2017-04-18 15:14 - 2017-04-18 15:14 - 02424832 _____ (Farbar) C:\Users\dariu\Downloads\FRST64.exe
2017-04-18 15:14 - 2017-04-18 15:14 - 02424832 _____ (Farbar) C:\Users\dariu\Desktop\FRST64.exe
2017-04-18 14:44 - 2017-04-18 14:44 - 00000000 ____D C:\Users\dariu\Desktop\mbar
2017-04-18 14:43 - 2017-04-18 14:44 - 16564750 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.4.1001 (1).exe
2017-04-18 06:30 - 2017-04-18 06:31 - 16564750 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.4.1001.exe
2017-04-17 21:23 - 2017-04-17 21:23 - 00005356 _____ C:\Users\dariu\Downloads\mbar-log-2017-04-17 (18-40-43).txt
2017-04-17 21:04 - 2017-04-17 21:04 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (4).exe
2017-04-17 20:46 - 2017-04-17 20:46 - 01027896 _____ (Symantec Corporation) C:\Users\dariu\Downloads\NortonNSDownloader.exe
2017-04-17 20:13 - 2017-04-17 20:13 - 165461640 _____ (Sophos Limited) C:\Users\dariu\Downloads\Sophos Virus Removal Tool.exe
2017-04-17 20:11 - 2017-04-17 20:12 - 00230472 _____ C:\Users\dariu\Downloads\RootkitRevealer.zip
2017-04-17 20:09 - 2017-04-17 20:10 - 166356456 _____ (Kaspersky Lab) C:\Users\dariu\Downloads\kis16.0.1.445en_full.exe
2017-04-17 20:03 - 2017-04-18 15:22 - 01240548 _____ C:\WINDOWS\ntbtlog.txt
2017-04-17 19:57 - 2017-04-17 19:57 - 00000000 ____D C:\Users\dariu\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2017-04-17 19:54 - 2017-04-17 20:47 - 00000000 ____D C:\Program Files\Plumbytes Software
2017-04-17 19:53 - 2017-04-17 19:53 - 00881904 _____ (Plumbytes Software) C:\Users\dariu\Downloads\antimalwaresetup.exe
2017-04-17 19:49 - 2017-04-17 21:12 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-04-17 19:49 - 2017-04-17 19:49 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-04-17 19:49 - 2017-04-17 19:49 - 00001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-04-17 19:49 - 2017-04-17 19:49 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-04-17 19:48 - 2017-04-17 19:48 - 02984912 _____ C:\Users\dariu\Downloads\SecurityTaskManager_Setup.exe
2017-04-17 19:45 - 2017-04-17 19:46 - 151221184 _____ C:\Users\dariu\Downloads\s7ntredj.exe
2017-04-17 19:43 - 2017-04-17 19:43 - 01472131 _____ C:\Users\dariu\Downloads\vba32arkit.zip
2017-04-17 19:42 - 2017-04-17 19:42 - 00464491 _____ C:\Users\dariu\Downloads\RootRepeal.zip
2017-04-17 19:16 - 2017-04-17 19:16 - 00380928 _____ C:\Users\dariu\Downloads\ulinijg0.exe
2017-04-17 19:15 - 2017-04-17 19:15 - 04737440 _____ (Avira Operations GmbH & Co. KG) C:\Users\dariu\Downloads\avira_en_fass0_58f546e53d19c__ws.exe
2017-04-17 19:12 - 2017-04-17 19:12 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (3).exe
2017-04-17 19:10 - 2017-04-17 19:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (2).exe
2017-04-17 19:07 - 2017-04-17 19:07 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-04-17 19:07 - 2017-04-17 19:07 - 00000000 ____D C:\sh4ldr
2017-04-17 19:07 - 2017-04-17 19:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-04-17 19:06 - 2017-04-17 19:07 - 04615856 _____ (Enigma Software Group USA, LLC.) C:\Users\dariu\Downloads\SpyHunter-Installer.exe
2017-04-17 19:04 - 2017-04-17 19:04 - 04089296 _____ C:\Users\dariu\Downloads\AdwCleaner.exe
2017-04-17 19:03 - 2017-04-17 19:03 - 05766464 _____ (Zemana Ltd. ) C:\Users\dariu\Downloads\eXplorer.exe
2017-04-17 19:01 - 2017-04-17 19:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\dariu\Downloads\iExplore.exe
2017-04-17 19:01 - 2017-04-17 19:01 - 00912452 _____ C:\Users\dariu\Downloads\rkill.zip
2017-04-17 18:59 - 2017-04-17 18:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (1).exe
2017-04-17 18:57 - 2017-04-17 18:57 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001.exe
2017-04-17 18:56 - 2017-04-17 18:56 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103 (2).exe
2017-04-17 18:41 - 2017-04-17 18:41 - 00000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2017-04-17 18:40 - 2017-04-17 18:40 - 00000000 ____D C:\WINDOWS\pss
2017-04-17 18:28 - 2017-04-18 15:12 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-17 18:20 - 2017-04-17 18:20 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103 (1).exe
2017-04-17 17:41 - 2017-04-17 18:22 - 00000000 ____D C:\Users\dariu\AppData\Local\llssoft
2017-04-17 17:41 - 2017-04-17 17:41 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-17 17:41 - 2017-04-17 17:41 - 00000000 ____D C:\Users\dariu\AppData\Local\ntuserlitelist
2017-04-17 17:34 - 2017-04-17 18:32 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-17 17:34 - 2017-04-17 17:36 - 00000000 ____D C:\Users\dariu\AppData\Local\bkchel
2017-04-17 17:34 - 2017-04-17 17:34 - 00000000 ____D C:\Users\dariu\AppData\Roaming\c
2017-04-17 17:34 - 2017-04-17 17:34 - 00000000 ____D C:\Users\dariu\AppData\Local\ucmenwvar
2017-04-17 17:33 - 2017-04-17 18:32 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-04-17 17:33 - 2017-04-17 17:38 - 00000000 ____D C:\Users\dariu\AppData\Local\WeatherBuddy
2017-04-17 17:33 - 2017-04-17 17:33 - 00014336 _____ C:\Users\dariu\AppData\Local\peidso.dll
2017-04-17 17:33 - 2017-04-17 17:33 - 00002048 _____ C:\Users\dariu\AppData\Local\uninstallro.exe
2017-04-17 17:33 - 2017-04-17 17:33 - 00000062 _____ C:\WINDOWS\WeatherBuddy.INI
2017-04-17 17:33 - 2017-04-17 17:33 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Microleaves
2017-04-17 17:33 - 2017-04-17 17:33 - 00000000 ____D C:\Users\dariu\AppData\Roaming\AGData
2017-04-17 17:33 - 2017-04-17 17:33 - 00000000 ____D C:\Users\dariu\AppData\Local\AdvinstAnalytics
2017-04-17 17:33 - 2017-04-17 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-04-17 15:50 - 2017-04-17 15:50 - 22178704 _____ C:\Users\dariu\Downloads\no circle0000-0160.avi
2017-04-17 12:11 - 2017-04-17 12:11 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig (3).blend
2017-04-17 12:11 - 2017-04-17 12:11 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig (2).blend
2017-04-17 12:11 - 2017-04-17 12:11 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig (1).blend
2017-04-16 23:24 - 2017-04-16 23:24 - 00000000 ____D C:\Users\dariu\AppData\Local\Red Giant
2017-04-16 22:52 - 2017-04-16 22:52 - 00942570 _____ C:\Users\dariu\Downloads\SaberInstaller_1.0.39_Win_2017.zip
2017-04-16 22:48 - 2017-04-16 22:48 - 00000000 ____D C:\Users\dariu\AppData\Local\LooksBuilder
2017-04-16 22:42 - 2017-04-16 22:42 - 00000000 ____D C:\Program Files\Red Giant
2017-04-16 22:42 - 2017-04-16 22:42 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2017-04-16 22:42 - 2015-07-01 15:43 - 41249792 _____ (Red Giant LLC) C:\WINDOWS\system32\MBLooksUI_x64.dll
2017-04-16 22:42 - 2015-06-26 13:09 - 12966400 _____ (Red Giant Software) C:\WINDOWS\system32\Gpu_Shader_Engine_x64.dll
2017-04-16 22:42 - 2015-06-26 13:09 - 05828096 _____ (Noesis Technologies) C:\WINDOWS\system32\noesis.dll
2017-04-16 22:39 - 2017-04-16 22:39 - 00000000 ____D C:\Users\dariu\Documents\Red Giant Magic Bullet Suite
2017-04-16 22:38 - 2017-04-16 22:39 - 90692100 _____ C:\Users\dariu\Downloads\MagicBulletSuite12 (SERIALS).rar
2017-04-16 22:30 - 2017-04-16 22:32 - 00000000 ____D C:\Users\dariu\Documents\Twitch
2017-04-16 22:30 - 2017-04-16 22:30 - 00583033 _____ C:\Users\dariu\Downloads\Twitch.rar
2017-04-16 22:25 - 2017-04-16 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReelSmart Motion Blur 4, After Effects-compatible plugin set
2017-04-16 22:25 - 2008-01-30 18:36 - 00090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2017-04-16 22:22 - 2017-04-16 22:22 - 00000000 ____D C:\Program Files (x86)\REVisionEffects
2017-04-16 22:21 - 2017-04-16 22:21 - 14830778 _____ C:\Users\dariu\Downloads\RSMB (MARK I).rar
2017-04-16 22:18 - 2017-04-16 22:21 - 00000000 ____D C:\Users\dariu\AppData\Roaming\MAXON
2017-04-16 22:17 - 2017-04-16 22:17 - 00000000 ____D C:\Users\dariu\Documents\Cinema 4D R17 -MXVII
2017-04-16 22:15 - 2017-04-16 22:15 - 137922601 _____ C:\Users\dariu\Downloads\Cinema 4D R17 -MXVII.rar
2017-04-16 22:05 - 2017-03-26 00:50 - 00000000 ____D C:\Users\dariu\Documents\Optical Flares (PC) V2
2017-04-16 22:04 - 2017-04-16 22:04 - 86299264 _____ C:\Users\dariu\Downloads\Optical Flares (PC) V2.rar
2017-04-16 21:59 - 2017-04-16 21:59 - 00003752 _____ C:\WINDOWS\System32\Tasks\Red Giant Link
2017-04-16 21:59 - 2017-04-16 21:59 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Red Giant
2017-04-16 21:58 - 2017-04-16 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-04-16 21:58 - 2017-04-16 22:42 - 00000000 ____D C:\Program Files (x86)\Red Giant
2017-04-16 21:58 - 2017-04-16 21:59 - 00000000 ____D C:\ProgramData\Red Giant
2017-04-16 21:58 - 2017-04-16 21:59 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2017-04-16 21:58 - 2016-08-09 08:36 - 15576576 _____ (Trapcode AB) C:\WINDOWS\system32\TCParticleBuilder.dll
2017-04-16 21:52 - 2017-04-16 21:52 - 00000000 ____D C:\ProgramData\RedGiant
2017-04-16 21:50 - 2017-04-16 21:50 - 00000000 ____D C:\Users\dariu\Documents\Trapcode Particular
2017-04-16 21:47 - 2017-04-16 21:48 - 517125932 _____ C:\Users\dariu\Downloads\TCSuite_Win_Full.zip
2017-04-16 20:34 - 2017-04-16 20:34 - 00000000 ____D C:\Users\dariu\Documents\VideoCopilot
2017-04-16 20:24 - 2017-04-16 20:44 - 00000000 ____D C:\Users\dariu\Documents\Element 3D v2.2 BY Rana Hunjan
2017-04-16 20:20 - 2017-04-16 20:21 - 305873898 _____ C:\Users\dariu\Downloads\Element 3D v2.2 BY Rana Hunjan.rar
2017-04-16 16:32 - 2017-04-16 16:32 - 00000000 ____D C:\ProgramData\REVisionEffects
2017-04-16 16:32 - 2017-04-16 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REVisionEffects
2017-04-16 16:31 - 2017-04-16 16:31 - 09382580 _____ C:\Users\dariu\Downloads\Twixtor.rar
2017-04-16 16:31 - 2016-02-02 00:34 - 00000000 ____D C:\Users\dariu\Documents\Twixtor
2017-04-13 20:42 - 2017-04-13 22:40 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Rocket Chat
2017-04-13 20:42 - 2017-04-13 20:42 - 00001083 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket Chat.lnk
2017-04-13 20:42 - 2017-04-13 20:42 - 00000000 ____D C:\Program Files (x86)\Rocket Chat
2017-04-13 20:41 - 2017-04-13 20:42 - 02189312 _____ C:\Users\dariu\Downloads\RocketChatInstaller.exe
2017-04-13 18:41 - 2017-04-13 18:41 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig.blend
2017-04-13 18:25 - 2017-04-13 18:25 - 00676386 _____ C:\Users\dariu\Downloads\78949_Wasip_Full_Rig_1.1.zip
2017-04-10 16:02 - 2017-04-10 16:02 - 23692458 _____ C:\Users\dariu\Downloads\CUE1_LegacyPack (1).zip
2017-04-10 15:59 - 2017-04-10 16:00 - 11209300 _____ C:\Users\dariu\Downloads\SuperSaiyan (1).zip
2017-04-10 15:56 - 2017-04-10 15:56 - 11209300 _____ C:\Users\dariu\Downloads\SuperSaiyan.zip
2017-04-08 19:15 - 2017-04-16 20:38 - 00000000 ____D C:\ProgramData\VideoCopilot
2017-04-08 19:13 - 2016-07-14 08:24 - 00000000 ____D C:\Users\dariu\Downloads\Element 3D V2.0.7 FINAL(PC)
2017-04-08 18:58 - 2017-04-08 19:11 - 4066426640 _____ C:\Users\dariu\Downloads\Element 3D V2.0.7 FINAL(PC).zip
2017-04-08 12:43 - 2017-04-08 12:43 - 00842930 _____ C:\Users\dariu\Downloads\Clapperboard.mp4
2017-04-07 21:15 - 2017-04-07 21:15 - 00026118 _____ C:\Users\dariu\Downloads\code.zip
2017-04-07 21:14 - 2017-04-07 21:14 - 00344344 _____ C:\Users\dariu\Downloads\AbrahamLincoln_Personal_License.zip
2017-04-07 21:14 - 2017-04-07 21:14 - 00081100 _____ C:\Users\dariu\Downloads\nexa.zip
2017-04-07 21:12 - 2017-04-07 21:12 - 00449435 _____ C:\Users\dariu\Downloads\bebas_neue.zip
2017-04-07 20:41 - 2017-04-07 20:41 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-04-07 20:30 - 2017-04-07 20:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-07 20:30 - 2017-04-07 20:30 - 00001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2017-04-07 20:28 - 2017-04-07 20:29 - 44162824 _____ C:\Users\dariu\Downloads\ADOBE Update Management Tool 8.0.rar
2017-04-07 20:27 - 2017-04-07 20:27 - 00000000 ___HD C:\$SysReset
2017-04-04 20:10 - 2017-04-04 20:10 - 00006474 _____ C:\Users\dariu\Downloads\pt_shiftlayers_v2.31.zip
2017-04-02 20:05 - 2017-04-02 20:05 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Blender Foundation
2017-04-02 20:03 - 2017-04-02 20:03 - 05509633 _____ C:\Users\dariu\Downloads\83270__little_green_alien.zip
2017-04-02 19:54 - 2017-04-02 19:54 - 00000000 ____D C:\Users\dariu\.thumbnails
2017-04-01 20:57 - 2017-04-01 20:57 - 00789329 _____ C:\Users\dariu\Downloads\video.mov
2017-04-01 12:17 - 2017-04-01 12:17 - 00106219 _____ C:\Users\dariu\Downloads\gogoposterpunch.zip
2017-03-31 19:43 - 2017-03-31 19:43 - 06153810 _____ C:\Users\dariu\Downloads\Glitch-Effect-in-Premiere-Pro-Cinecom.zip
2017-03-30 16:12 - 2017-03-30 16:37 - 00000000 ____D C:\Users\dariu\AppData\Roaming\WhatsApp
2017-03-30 16:12 - 2017-03-30 16:12 - 92775696 _____ (WhatsApp) C:\Users\dariu\Downloads\WhatsAppSetup.exe
2017-03-30 16:12 - 2017-03-30 16:12 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-03-30 16:12 - 2017-03-30 16:12 - 00000000 ____D C:\Users\dariu\AppData\Local\WhatsApp
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-28 15:17 - 2017-03-28 15:17 - 00001056 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-03-28 14:49 - 2017-04-17 15:10 - 00000000 ____D C:\Users\dariu\AppData\Local\join.me
2017-03-27 19:43 - 2017-03-27 19:43 - 08021848 _____ C:\Users\dariu\Downloads\[Chroma Key] The Pumpkin Dance - Green Screen.mp4
2017-03-27 18:27 - 2017-03-27 18:27 - 00007807 _____ C:\Users\dariu\Downloads\tender (3).mid
2017-03-27 18:27 - 2017-03-27 18:27 - 00005859 _____ C:\Users\dariu\Downloads\mozart (9).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00007807 _____ C:\Users\dariu\Downloads\tender (2).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00005859 _____ C:\Users\dariu\Downloads\mozart (8).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00004488 _____ C:\Users\dariu\Downloads\icecream (1).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00002421 _____ C:\Users\dariu\Downloads\hitchcock.mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00002421 _____ C:\Users\dariu\Downloads\hitchcock (1).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00002245 _____ C:\Users\dariu\Downloads\furelise (2).mid
2017-03-27 18:21 - 2017-03-27 18:21 - 00005859 _____ C:\Users\dariu\Downloads\mozart (7).mid
2017-03-27 18:21 - 2017-03-27 18:21 - 00005859 _____ C:\Users\dariu\Downloads\mozart (6).mid
2017-03-27 18:21 - 2017-03-27 18:21 - 00002245 _____ C:\Users\dariu\Downloads\furelise (1).mid
2017-03-27 18:19 - 2017-03-27 18:19 - 00005859 _____ C:\Users\dariu\Downloads\mozart (5).mid
2017-03-27 18:19 - 2017-03-27 18:19 - 00004488 _____ C:\Users\dariu\Downloads\icecream.mid
2017-03-27 18:17 - 2017-03-27 18:17 - 00005859 _____ C:\Users\dariu\Downloads\mozart (4).mid
2017-03-27 18:17 - 2017-03-27 18:17 - 00005859 _____ C:\Users\dariu\Downloads\mozart (3).mid
2017-03-27 18:17 - 2017-03-27 18:17 - 00002245 _____ C:\Users\dariu\Downloads\furelise.mid
2017-03-27 18:16 - 2017-03-27 18:16 - 00005859 _____ C:\Users\dariu\Downloads\mozart (2).mid
2017-03-27 16:00 - 2017-03-27 16:00 - 17977160 _____ (CyberGhost S.R.L. ) C:\Users\dariu\Downloads\CG_6.1.0_44376.exe
2017-03-27 15:16 - 2017-03-27 15:16 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-03-27 15:14 - 2017-03-27 15:14 - 04127544 _____ (Microsoft Corporation) C:\Users\dariu\Downloads\Setup.X86.en-us_O365ProPlusRetail_03adb4e0-4ec9-4895-9f6f-f53201ef4b8d_TX_PR_b_32_.exe
2017-03-27 15:14 - 2017-03-27 15:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-26 11:51 - 2017-03-26 11:51 - 00005461 _____ C:\Users\dariu\Downloads\5crgVXB6BIw.swf
2017-03-26 10:07 - 2017-03-26 10:07 - 10273369 _____ C:\Users\dariu\Downloads\lvllqo (1).zip
2017-03-25 22:17 - 2017-03-25 22:17 - 10273369 _____ C:\Users\dariu\Downloads\lvllqo.zip
2017-03-25 22:15 - 2017-03-25 22:17 - 123767943 _____ C:\Users\dariu\Downloads\[60 FPS] Skywars Hacking on Hypickle #7 Testing a new meme [Skorge].mp4
2017-03-25 21:56 - 2017-03-25 21:56 - 00001030 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-03-25 21:55 - 2017-04-17 13:23 - 00000000 ____D C:\Users\dariu\AppData\Local\osu!
2017-03-25 21:55 - 2017-03-25 21:55 - 04475584 _____ (ppy) C:\Users\dariu\Downloads\osu!install.exe
2017-03-25 21:07 - 2017-03-25 21:07 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk
2017-03-25 21:05 - 2017-03-25 21:05 - 00001384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator (Preview).lnk
2017-03-25 16:40 - 2017-03-25 16:40 - 38042285 _____ C:\Users\dariu\Downloads\rainbowwavemlg.mp4
2017-03-25 16:00 - 2017-03-25 16:00 - 00023963 _____ C:\Users\dariu\Downloads\Hitmarker.mp4
2017-03-25 15:27 - 2017-03-25 15:27 - 00017838 _____ C:\Users\dariu\Downloads\hitmarker sound and animation.mp4
2017-03-25 15:08 - 2017-03-25 15:08 - 00010231 _____ C:\Users\dariu\Downloads\Hitmarker with sound for use in MLG montage parodies.mp4
2017-03-25 14:22 - 2017-03-25 14:23 - 11956877 _____ C:\Users\dariu\Downloads\WOW.mp4
2017-03-25 12:52 - 2017-03-25 12:52 - 08788124 _____ C:\Users\dariu\Downloads\SUPA HOT (OHHHH SOUND EFFECT).mp4
2017-03-24 21:38 - 2017-03-24 21:38 - 01138947 _____ C:\Users\dariu\Downloads\Facepalming people - screen download.mp4
2017-03-24 21:34 - 2017-03-24 21:34 - 57469415 _____ C:\Users\dariu\Downloads\Sound FX Pack.zip
2017-03-24 21:02 - 2017-03-24 21:03 - 28702013 _____ C:\Users\dariu\Downloads\DOMINUS GT UNBOXING WITH 1 CRATE.mp4
2017-03-24 19:50 - 2017-03-24 19:51 - 125890081 _____ C:\Users\dariu\Downloads\DJ Khaled Another one loop 15 minutes.mp4
2017-03-24 19:09 - 2017-03-24 19:09 - 00364939 _____ C:\Users\dariu\Downloads\SMPTE Hd Color Bars - Beep.mp4
2017-03-24 18:28 - 2017-03-24 18:28 - 00027022 _____ C:\Users\dariu\Downloads\kg_what_the_teacher_wants.zip
2017-03-24 18:24 - 2017-03-24 18:24 - 00590307 _____ C:\Users\dariu\Downloads\Steve Carell NO GOD! NO GOD, PLEASE NO, NO, NO, NOOOOO (HD).mp4
2017-03-23 20:53 - 2017-03-23 20:53 - 113001480 _____ (obsproject.com) C:\Users\dariu\Downloads\OBS-Studio-18.0.1-Full-Installer.exe
2017-03-23 20:52 - 2017-03-23 20:52 - 167025023 _____ C:\Users\dariu\Downloads\OBS-Studio-18.0.1-Full.zip
2017-03-21 20:57 - 2017-03-21 20:57 - 01084488 _____ C:\Users\dariu\Downloads\Air-for-Steam-2017-0312.zip
2017-03-19 15:23 - 2017-03-22 21:45 - 00000000 ____D C:\Users\dariu\Documents\Sound recordings
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-18 15:35 - 2016-08-07 22:09 - 00000000 ____D C:\Users\dariu\AppData\Roaming\uTorrent
2017-04-18 15:18 - 2016-08-07 22:07 - 03948294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-18 15:12 - 2016-07-16 02:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-04-17 20:50 - 2016-09-05 17:10 - 00000000 ____D C:\ProgramData\NCH Software
2017-04-17 20:16 - 2017-02-10 17:07 - 00000000 ____D C:\Users\dariu\AppData\Local\CrashDumps
2017-04-17 19:26 - 2016-09-20 18:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-17 18:55 - 2017-01-20 16:31 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-17 18:51 - 2016-09-20 18:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-17 18:51 - 2016-08-07 22:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-17 18:48 - 2016-09-20 18:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-17 18:33 - 2016-09-10 09:57 - 00000000 ____D C:\Users\dariu\AppData\Local\ElevatedDiagnostics
2017-04-17 18:04 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration
2017-04-17 18:03 - 2016-09-20 18:04 - 00000000 ____D C:\Users\dariu
2017-04-17 17:53 - 2016-10-05 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-17 17:38 - 2016-08-07 22:04 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-17 17:25 - 2016-11-17 18:41 - 00000000 ____D C:\Users\dariu\AppData\Local\Spotify
2017-04-17 17:22 - 2016-08-14 13:27 - 00000000 ____D C:\Users\dariu\AppData\LocalLow\uTorrent
2017-04-17 17:00 - 2016-11-17 18:40 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Spotify
2017-04-17 15:01 - 2017-02-02 19:19 - 00000000 ____D C:\Users\dariu\AppData\Roaming\obs-studio
2017-04-17 10:31 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-17 09:35 - 2016-08-08 13:14 - 00000000 ____D C:\Users\dariu\AppData\Local\Adobe
2017-04-17 09:34 - 2016-09-16 15:45 - 00000000 ____D C:\Users\dariu\AppData\Roaming\discord
2017-04-16 22:42 - 2016-08-08 13:15 - 00000000 ____D C:\Program Files\Adobe
2017-04-14 10:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-13 23:19 - 2016-08-13 11:13 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Skype
2017-04-13 09:55 - 2016-08-08 09:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-13 09:54 - 2016-08-08 09:04 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-13 08:14 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-11 08:53 - 2016-08-07 22:38 - 00000000 ___RD C:\Users\dariu\Desktop\Games
2017-04-11 08:51 - 2016-10-05 20:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 08:51 - 2016-10-05 20:11 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 17:14 - 2016-11-06 20:48 - 00000000 ____D C:\Users\dariu\AppData\Roaming\.minecraft
2017-04-10 16:02 - 2017-01-31 22:12 - 00000000 ____D C:\Users\dariu\Downloads\Corsair RGB Profiles
2017-04-09 22:49 - 2016-08-07 22:04 - 00000000 ___RD C:\Users\dariu\OneDrive
2017-04-09 15:55 - 2017-01-26 18:30 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-09 15:55 - 2016-08-07 22:04 - 00002374 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-08 09:00 - 2016-08-08 09:05 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-07 21:33 - 2016-09-20 18:03 - 05029344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-07 20:47 - 2016-08-07 22:02 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Adobe
2017-04-07 20:44 - 2016-08-08 13:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-04-07 20:37 - 2016-08-08 13:15 - 00001626 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-04-07 18:36 - 2016-08-08 13:16 - 00000000 ____D C:\Users\dariu\Documents\Adobe
2017-04-07 16:10 - 2017-02-17 20:18 - 00000000 ____D C:\Users\dariu\BrawlhallaReplays
2017-04-05 20:22 - 2016-10-05 20:11 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 16:13 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-05 16:12 - 2016-10-05 17:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-04 20:47 - 2016-09-07 20:17 - 00000000 ____D C:\Users\dariu\AppData\Roaming\HpUpdate
2017-04-03 16:09 - 2017-03-10 19:30 - 00003544 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-04-03 16:09 - 2017-03-10 19:30 - 00003408 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-04-03 16:09 - 2017-03-10 19:30 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-04-02 19:54 - 2016-12-26 18:41 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-02 10:57 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-01 14:52 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 14:52 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-31 19:44 - 2016-08-08 18:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-30 16:12 - 2016-08-07 22:07 - 00000000 ____D C:\Users\dariu\AppData\Local\SquirrelTemp
2017-03-27 15:14 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-25 21:07 - 2016-08-08 13:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-24 13:50 - 2017-01-11 18:51 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-03-24 13:50 - 2016-08-07 22:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-23 22:25 - 2016-08-07 22:21 - 00000000 ____D C:\Users\dariu\AppData\Local\Steam
2017-03-23 20:18 - 2016-08-14 22:27 - 00000000 ____D C:\Users\dariu\Downloads\PopcornTime
2017-03-20 19:36 - 2016-08-12 09:52 - 00000000 ____D C:\Users\dariu\AppData\Local\Battle.net
2017-03-20 18:06 - 2016-08-12 09:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2016-10-05 18:40 - 2016-10-05 18:40 - 0989337 _____ () C:\Users\dariu\AppData\Roaming\FWaLi.au3
2016-08-31 19:48 - 2017-02-17 20:09 - 0002577 _____ () C:\Users\dariu\AppData\Roaming\SpeedRunnersLog.txt
2016-09-05 17:10 - 2016-09-05 17:10 - 0001167 _____ () C:\Users\dariu\AppData\Roaming\trace_FilterInstaller.1.txt
2016-09-05 17:10 - 2016-10-05 20:07 - 0000905 _____ () C:\Users\dariu\AppData\Roaming\trace_FilterInstaller.txt
2016-09-05 17:10 - 2016-10-05 20:07 - 0000000 _____ () C:\Users\dariu\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-04-17 17:33 - 2017-04-17 17:33 - 0014336 _____ () C:\Users\dariu\AppData\Local\peidso.dll
2016-10-05 18:40 - 2016-10-05 18:40 - 0000000 _____ () C:\Users\dariu\AppData\Local\run.txt
2016-10-05 18:42 - 2016-10-05 18:42 - 0000001 _____ () C:\Users\dariu\AppData\Local\setupsuccessful.txt
2016-10-05 18:40 - 2016-10-05 18:42 - 0000000 _____ () C:\Users\dariu\AppData\Local\stxtname.txt
2017-04-17 17:33 - 2017-04-17 17:33 - 0002048 _____ () C:\Users\dariu\AppData\Local\uninstallro.exe
2016-09-07 20:17 - 2016-09-07 20:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-20 18:04 - 2016-09-20 18:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-04-17 17:32 - 2017-04-17 17:32 - 1110528 _____ () C:\Users\dariu\AppData\Local\Temp\CodecFixDivx.exe
2017-04-17 20:13 - 2017-04-17 20:13 - 0584576 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\DBDQHKVJ.exe
2017-04-17 17:32 - 2017-04-17 17:32 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\dariu\AppData\Local\Temp\fox.exe
2017-04-17 20:16 - 2017-04-17 20:16 - 0404352 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\KMCABRQV.exe
2017-04-17 20:11 - 2017-04-17 20:11 - 0580480 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\MLHCETKZKGWY.exe
2017-04-17 20:13 - 2017-04-17 20:13 - 0539520 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\NUUTYPDABZF.exe
2017-04-17 19:54 - 2017-04-17 19:54 - 22095264 _____ (Plumbytes Software) C:\Users\dariu\AppData\Local\Temp\pai79A4.tmp5.exe
2017-04-17 17:32 - 2017-04-17 17:32 - 2626924 _____ () C:\Users\dariu\AppData\Local\Temp\pi.exe
2017-04-17 20:12 - 2017-04-17 20:12 - 0498560 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\SXUKWT.exe
2017-04-17 20:15 - 2017-04-17 20:15 - 0592768 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\ZRZCAXON.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-08 20:10
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by dariu (18-04-2017 15:36:12)
Running from C:\Users\dariu\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-20 22:08:09)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1267553863-4023176294-1839226829-500 - Administrator - Disabled)
dariu (S-1-5-21-1267553863-4023176294-1839226829-1001 - Administrator - Enabled) => C:\Users\dariu
DefaultAccount (S-1-5-21-1267553863-4023176294-1839226829-503 - Limited - Disabled)
Guest (S-1-5-21-1267553863-4023176294-1839226829-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
Assassins Creed Syndicate (HKLM-x32\...\Assassins Creed Syndicate_is1) (Version:  - )
Batman Episode 1 (HKLM-x32\...\Batman Episode 1_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version:  - The Behemoth)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blender 2.78 (HKLM\...\Steam App 365670) (Version:  - Blender Foundation)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
Corsair Utility Engine (HKLM-x32\...\{A95A2CA8-D121-4F63-B513-C94AEDDD35C4}) (Version: 2.9.53 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0193 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
DragonBoost (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Flux) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM\...\Steam App 322170) (Version:  - RobTop Games)
Goat Simulator (HKLM\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Gyazo 3.3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\JoinMe) (Version: 3.1.0.4665 - LogMeIn, Inc.)
League client alpha (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Mac OS X Cursors (HKLM-x32\...\48AEB547-6B1C-4CFC-957B-E11C22C8A25F) (Version: 1.1 - www.46palermo.com)
Magic Bullet Suite v12.0.6 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.0.6 - Red Giant, LLC)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\Steam App 376870) (Version:  - Telltale Games)
Mortal Kombat X (HKLM\...\Steam App 307780) (Version:  - NetherRealm Studios)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nidhogg (HKLM\...\Steam App 94400) (Version:  - Messhof)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Octodad: Dadliest Catch (HKLM\...\Steam App 224480) (Version:  - Young Horses)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online Application Installer (x32 Version: 2.0.0 - Microleaves) Hidden <==== ATTENTION
osu! (HKLM-x32\...\{0c43a6ca-f097-4d9a-9667-876f06aa77ef}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
R.A.T.TE (HKLM\...\{A8AFFB99-8FC9-4B2E-99A1-C3D5D391ADAE}) (Version: 7.0.43.0 - Mad Catz Inc)
R.A.T.TE Game Profiles (HKLM-x32\...\{85CC37AC-5734-4C2F-9779-D6BB5D6CF92C}) (Version: 1.0.0.0 - Mad Catz Inc)
RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version:  - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
Scribblenauts Unmasked (HKLM\...\Steam App 249870) (Version:  - 5th Cell Media)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Serato DJ  (HKLM-x32\...\{aab0492e-ad59-454a-8bbd-62a9524306b2}) (Version: 1.9.0.2353 - )
Serato DJ  (x32 Version: 1.9.0.2353 - Serato) Hidden
Serato DJ (HKLM-x32\...\Serato DJ) (Version: 1.9.0 - Serato DJ)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
SpeedRunners (HKLM\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
The Legend of Korra™ (HKLM\...\Steam App 281690) (Version:  - PlatinumGames)
Tomb Raider (HKLM\...\Steam App 203160) (Version:  - Crystal Dynamics)
Trapcode Suite v13.1.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.1.1 - Red Giant, LLC)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version:  - Kristjan Skutta)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WhatsApp (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\WhatsApp) (Version: 0.2.3699 - WhatsApp)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D7401B8-90E6-4410-91D6-D4124768D3E5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {24586275-959D-48BE-8B7C-A45DEC8F32C2} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe 
Task: {30D0B146-1EED-47AE-9786-8C107B54994C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {357AFE7B-6279-4385-891D-F110EECF214D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {35AD69BF-F2C3-4D6D-B02C-76F418109FF2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4FC1DE13-9F11-4D24-9B10-E260F8528FDE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {58D365ED-FB1F-4082-9448-1F766907F824} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe 
Task: {5CC4C979-33A8-43E2-801D-EE62B176A736} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {6005D199-B39D-4BB4-8565-783E555D4616} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {7FB11FA8-A2A0-407B-8D62-359FAA753BA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {B84D0034-CA8E-4AC5-84E2-8B2ACC6EB846} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {BEE58566-1F70-4696-B0F0-769997178450} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {C69BA362-4C08-4BB5-A986-F13200DC7882} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {ED4FE7AB-9DB5-4EBD-8253-6C7AED093D5D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-dariuskianersi@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {EE6F7DA4-B1CB-4A59-98DF-5A844A430F31} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\dariu\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {F7BD62A4-AC86-4F84-8676-A09BA861995C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=ga5zftpbl0cshmoau,89645622-60fc-4954-9196-afcad075752f,
ShortcutWithArgument: C:\Users\dariu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\School - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\dariu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\FCPS - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-03-27 15:16 - 2017-02-26 15:32 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\sharepoint.com -> hxxps://fcps-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-08-08 01:51 - 2017-03-25 21:37 - 00000961 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_979FC746C9511F6DD10EC7B35E44C58E"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "peidso"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2FF14369-012D-44EC-A9AA-6393C0DAFDB0}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{87CF3299-480D-4132-8B9B-07E587A0310E}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6C3C4FA4-AF64-404C-9118-D776F294039E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{73012EE4-FA07-41E2-8CEA-EE4C2B5F8765}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{80A1020D-AF7A-4885-A706-5D656E9C2D0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{D32DC326-63B1-49B3-AEC6-525D8677965A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{33506BA2-45C6-4A4B-B26E-4095F0ABE47A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{F68A6F30-2C8E-4F9C-8F23-EF3C01891DB0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [UDP Query User{9444AB4F-4FFE-490F-B40C-29D5561BA487}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7BC7F7AB-389C-4E8D-A418-8288B43917C9}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{B4A68246-C878-4EEA-94B8-EE60D7138920}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0AA1B474-7775-485F-B778-9EE7D23FB22A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6C1A37E-89B6-4CA1-A1DC-6FBEBD9E6514}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{129B2100-D1CD-4E70-8F53-F225EA30C3AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{A494725C-34A2-4074-8BD9-E09E6EC25D97}D:\jennys games\grand theft auto v\gta5.exe] => (Allow) D:\jennys games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{BC63DEE3-8BB2-43B9-922D-A75799733DC1}D:\jennys games\grand theft auto v\gta5.exe] => (Allow) D:\jennys games\grand theft auto v\gta5.exe
FirewallRules: [{38CEEB52-05A9-4FE4-BA81-A00616CD5AC6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{E0EBDBC4-4782-4652-A842-CDE64341E676}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A71217D8-3CB9-4D54-88B8-28696F60D2D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{50A9F02D-56A9-4526-A12E-845259BC0F0B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{EE8369D9-2881-413C-B67E-42E27FC1D556}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F7DB1A03-C29D-4FAD-9A73-0EAE273F352A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{64141266-BB23-49C5-8586-672715DE5BAC}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{E93A1378-AF7B-41D9-8057-387D3C7CC395}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [{0FBD6614-5507-4F39-84FC-335439825B1C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{6EE2FD03-FF81-459C-ADD6-76CF21A58D07}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{1E13032C-C5FE-4EAA-B3E6-612159497CEB}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe
FirewallRules: [{70F37B0F-A42A-4418-9571-E481E1A9CB50}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{90F28174-02D6-42B3-B850-0CC8AE905AC8}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{08A37065-4814-4BDD-8DE6-B1F7F0F62095}] => (Allow) D:\Steam Games\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{9E0E74E2-1DED-4437-9CE1-4A8E16438A3C}] => (Allow) D:\Steam Games\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{B88D0018-9BFD-4F2B-A299-6215FE0F60FB}] => (Allow) D:\Steam Games\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{72E31AB3-D15D-4373-AABA-C05A7CE44C75}] => (Allow) D:\Steam Games\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{185E4C36-8FC5-4C66-8DF2-4B08C2CACCD0}] => (Allow) D:\Steam Games\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{A9AB197F-80A4-4A88-8CC5-3550DD9836D3}] => (Allow) D:\Steam Games\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{033E45AF-3FE1-465E-AE89-8BD514568BF5}] => (Allow) D:\Steam Games\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1F3CC65B-66EA-4AB2-BA9E-9478427E23DF}] => (Allow) D:\Steam Games\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AD5E2217-8EE2-4CC6-A90B-41742C74809D}] => (Allow) D:\Steam Games\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0DF1D25D-9264-41F4-8078-BA5B9F3CD194}] => (Allow) D:\Steam Games\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3442ABBD-A1C2-4D6B-BF3A-F93ACB372109}] => (Allow) D:\Steam Games\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{DDA5E966-E4F9-44A5-92C4-A45CE176E857}] => (Allow) D:\Steam Games\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{245AEBFC-69DD-4125-B696-385923D0FD72}] => (Allow) D:\Steam Games\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{4EB18F26-5598-4D9E-95CB-91914B10C5F5}] => (Allow) D:\Steam Games\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A9F1DFF6-814E-4710-B36A-3904C0FA1A87}] => (Allow) D:\Steam Games\steamapps\common\The Legend of Korra\LoK.exe
FirewallRules: [{A15EAF67-EDFB-40F6-A86C-2BB877F24157}] => (Allow) D:\Steam Games\steamapps\common\The Legend of Korra\LoK.exe
FirewallRules: [{EAF2824E-3E48-4C85-945A-2CA393019456}] => (Allow) D:\Steam Games\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{287BC736-8077-43EE-8AAE-5C900DD26B0D}] => (Allow) D:\Steam Games\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{5EB2F438-CD9A-48CA-ABBF-4BB2DB459597}] => (Allow) D:\Steam Games\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{DDD0DB9D-5917-48EB-B347-F52684BF43EB}] => (Allow) D:\Steam Games\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{8744D6B9-4078-4432-93E7-DDBDD99F151B}] => (Allow) D:\Steam Games\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{5C7A8DDA-E795-404E-A897-68FD96CE20CC}] => (Allow) D:\Steam Games\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{423E51FF-B9EA-4BFF-83CC-85A0FCE34968}] => (Allow) D:\Steam Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{9FD7AF7F-6E23-4CE9-BDD8-DC5FBDF25151}] => (Allow) D:\Steam Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{96CE01CC-9985-4F95-A71F-BBB17944D9D4}] => (Allow) D:\Steam Games\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9D161693-EF24-47D7-99CE-92F40715559F}] => (Allow) D:\Steam Games\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{A8D76C3C-F6D6-4569-A3FE-4922D9062F09}] => (Allow) D:\Steam Games\steamapps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{72606C12-C56C-4967-A01D-908C6E8D563E}] => (Allow) D:\Steam Games\steamapps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{218FFA79-9845-47E4-AF52-ABBD8C037C6E}] => (Allow) D:\Steam Games\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{CD9171A3-3D26-413D-A46C-FE4BC7AC45B8}] => (Allow) D:\Steam Games\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{65961BC6-DAF2-479F-BCC1-74C507961A0C}] => (Allow) D:\Steam Games\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{48C97485-8E92-493E-B5EB-52CE960FA6CD}] => (Allow) D:\Steam Games\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{8756DC1E-026A-433E-B9DC-CC53288424C5}] => (Allow) D:\Steam Games\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{07289D4F-7231-443F-8AE7-F2BF5B43474D}] => (Allow) D:\Steam Games\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{53B8DDFE-DD1E-4550-AED0-9256C565731D}] => (Allow) D:\Steam Games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{6D4EA61A-AD06-4E73-918A-645B6897C1A7}] => (Allow) D:\Steam Games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{E095A1B6-77F5-4F69-A141-7DF3C60A043A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7847472-4276-4AE8-A423-E72339D75635}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C423E5F2-D402-4D5F-B55F-E3C0391FCFE6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{862FBFE6-2B83-4468-9D7D-23348BF178A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E4EF29C-ECA4-4B7D-8056-5A7B424C6996}] => (Allow) C:\Users\dariu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BC16A7EE-38BD-4A84-8103-2AF948A0689B}] => (Allow) C:\Users\dariu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9170875A-8067-4B5C-B2BB-96F6ED9B61F2}] => (Allow) C:\Users\dariu\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [TCP Query User{D2863482-6330-4E1D-8E76-9B00A4791BC2}C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Allow) C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe
FirewallRules: [UDP Query User{6B593C5E-8218-4D8E-9957-0953D92A0B7B}C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Allow) C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe
FirewallRules: [TCP Query User{032E6424-1B8D-49BF-8CCD-D37F86C1969A}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A0C9DB23-FFD2-4555-949C-B4AF2EDB9602}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4694ED9E-DAD0-4D3F-9A3A-0E177F5AEAEE}C:\users\dariu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dariu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E9205630-F58A-4ED6-9DC7-4187C2633C6B}C:\users\dariu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dariu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2572B33-E2D4-4A7E-8083-A5BFD8AAC3D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D88E2057-C69F-4FEF-974E-4A4417A95DB7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D9CF85D-45F3-4BB8-87D1-47B599E16437}] => (Allow) D:\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{62A19897-5840-45BC-99D1-1B2980B3F81A}] => (Allow) D:\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{85665C9F-D0A3-4DB0-AEE8-AFE9884E23DA}D:\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{21E9F7FB-FC8F-4580-B3DB-ABCED6063B47}D:\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C8DAE1BD-950F-4DBA-8446-FDD10B92DC0A}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{0BD371AA-8270-40AE-8BB8-42332719E42D}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{7236CE09-5647-4E4D-B600-6BA8A67957C5}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{6D135673-6656-4B29-9BAB-A1A6382339E6}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [TCP Query User{A72F6B42-EFAF-47E3-8A06-FCC78F20C11B}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BD9A5391-8006-401A-B52C-A4DE45F38CF1}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9D5B72B6-E4FC-467E-9665-7665FE9409C1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0C44D98E-8B08-4DD0-A610-85A06195BEA1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{52BA2471-F5F1-4065-9886-249C417B885E}C:\programdata\oracle\java\javapath_target_16419000\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_16419000\java.exe
FirewallRules: [UDP Query User{F3790C43-4394-4603-8E49-395032FD9B8B}C:\programdata\oracle\java\javapath_target_16419000\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_16419000\java.exe
FirewallRules: [{7095F73A-82CA-4D70-B0AD-C1A1FAB65BF2}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C3F67FF7-4064-4C63-975E-69A69E6D8375}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{4572AD38-0F23-44AF-91C2-E1FA891C6F6F}] => (Allow) D:\Steam Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{90EADC69-4EA3-45D4-B1B7-41340F4A321B}] => (Allow) D:\Steam Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{AEC57868-614D-4E0E-B0BD-A48FD2343E53}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8839C5F2-C639-450D-AD5D-26ED83B7820D}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{3DB13024-6033-4B70-A87B-A5822FBEAA7B}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EE6C08D5-518E-404A-A622-F9B0D34108E2}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5F3CD00B-D778-4004-AEA1-54FC8EB87533}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{CE6AE00E-7083-471C-9A37-013F1903ADF5}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{B9F702FD-42A8-4AA8-877E-B5A436CED1D2}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9E02C1DD-08CF-4881-BC40-162C68F813E9}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5D7023E8-C752-405B-9A68-6B7C3690C8E9}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EBD1E509-EC4D-4E8E-905B-93AE3CB8ED7D}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1C070719-5C88-49F4-A40B-DD2823F7D75A}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{077E920C-539B-4528-9658-D28D1D87B600}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{26A8C0BA-285A-48A6-A7BB-C659F9B29263}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{C60AFD61-C544-4BA0-83B2-681680D8DC25}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{8298FC5B-B4CA-42DB-9A2F-A45A6228C208}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F6BA91C2-C9C0-44E4-B518-35A0F91F4945}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{772603A3-57A8-48FA-AD31-AEE977564824}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{98E2BC40-8E72-4481-BEFE-E5F57B354032}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{D40C80CA-29B1-419D-A37E-FE0B0D3CBB15}] => (Allow) D:\Steam Games\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{5EC9410C-270D-482C-9392-3264589BCFC3}] => (Allow) D:\Steam Games\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{2DF069DC-309D-4FB2-9A92-C9483EAF8427}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6C6AFCE9-CE0B-461B-A2C9-FCEF7FE87D59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7A7C3A2B-83CB-4375-B162-9841D676CAE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4124997E-19B4-4E44-B687-1F81398E7776}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10CE306E-7937-48E9-921F-E2E0E3DE3E88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9FB09F9D-CA4D-48F6-8FAC-92A0BC8114E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{170164A0-3D3D-46B1-B122-2BA55168D32F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{542B3712-A644-400D-9EC0-E64DA6A24AB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CA05C17D-92E2-4522-93F1-7A7F7537CA1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2FF002D-A3E0-43BE-9320-A1FB2E13B20C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B9C40544-2292-4665-B5FF-44725ABFEEE8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{70E3BCBB-2C5E-4495-9D46-EF327B133B27}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F8D09B38-BB8A-4CDC-B0C0-43D071070E11}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8AEF5E78-C2F6-4B48-9043-D2B1232D757F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{68820BC8-1CCF-4BA2-92D3-6427C6631876}] => (Allow) D:\Steam Games\steamapps\common\Blender\blender.exe
FirewallRules: [{D0F7477C-7220-4EA9-B9D4-8A3B7A3A306D}] => (Allow) D:\Steam Games\steamapps\common\Blender\blender.exe
FirewallRules: [{BCF3F939-AFFF-4695-B9CC-BDB5709A0F9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{63248A32-B6A9-4E42-BB24-0A8965A6953C}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C68DAE5B-D855-4DD6-A540-009C812CF991}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{3D155A97-94A6-4A7A-A76C-0C0649DB85A8}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [UDP Query User{D45B1553-AC1E-4310-BFFB-C618F29C92A1}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [TCP Query User{BB296DA7-C542-44CA-B076-06127D31DD7F}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{3D52C264-378A-4BD7-BE05-A1391EF726C3}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [{873BFB80-EE84-4021-ADBC-BB34E2D28B9A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
 
==================== Restore Points =========================
 
08-04-2017 20:08:47 Windows Update
13-04-2017 09:54:02 Windows Update
16-04-2017 21:58:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-04-2017 18:02:38 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/18/2017 03:12:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/18/2017 02:48:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.ZuneVideo_10.17022.10311.0_x64__8wekyb3d8bbwe:Microsoft.ZuneVideo.AppX33njnjhzx79sr2vn13w10ca357txr5yn.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/18/2017 02:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/18/2017 06:37:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/18/2017 06:29:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/17/2017 08:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x11fc
Faulting application start time: 0x01d2b7d8f6d8b532
Faulting application path: C:\Users\dariu\Desktop\RootkitRevealer.exe
Faulting module path: C:\Users\dariu\Desktop\RootkitRevealer.exe
Report Id: 34bbc71d-b72d-43b7-a469-c7eee278a311
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2017 08:15:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x9cc
Faulting application start time: 0x01d2b7d8ec926c6b
Faulting application path: C:\Users\dariu\AppData\Local\Temp\Rar$EXa0.221\RootkitRevealer.exe
Faulting module path: C:\Users\dariu\AppData\Local\Temp\Rar$EXa0.221\RootkitRevealer.exe
Report Id: 739e1cbd-8e64-4ef9-8d7b-6c62d5ab3861
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2017 08:13:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x12f4
Faulting application start time: 0x01d2b7d8959790f4
Faulting application path: C:\Users\dariu\Desktop\RootkitRevealer.exe
Faulting module path: C:\Users\dariu\Desktop\RootkitRevealer.exe
Report Id: 8b37c30e-55fe-425d-8200-463267321f76
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2017 08:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xfd8
Faulting application start time: 0x01d2b7d892b185ba
Faulting application path: C:\Users\dariu\Desktop\RootkitRevealer.exe
Faulting module path: C:\Users\dariu\Desktop\RootkitRevealer.exe
Report Id: cd420f05-2c7e-4418-8d31-e3fdaaae64de
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/17/2017 08:12:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x13b4
Faulting application start time: 0x01d2b7d86b32ed01
Faulting application path: C:\Users\dariu\AppData\Local\Temp\Rar$EXa0.468\RootkitRevealer.exe
Faulting module path: C:\Users\dariu\AppData\Local\Temp\Rar$EXa0.468\RootkitRevealer.exe
Report Id: 71b5d43d-ab9d-47af-b98b-46da670fdf95
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/18/2017 03:36:13 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:36:13 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:36:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:36:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:36:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/18/2017 03:35:57 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:35:57 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:35:57 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/18/2017 03:35:55 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (04/18/2017 03:35:55 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-5JPONF1)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
CodeIntegrity:
===================================
  Date: 2017-04-16 22:50:51.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:25:50.430
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:03:05.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:03:05.146
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:01:05.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 21:59:58.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-12 21:28:02.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-04-08 17:12:20.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 18%
Total physical RAM: 16332.16 MB
Available physical RAM: 13356.84 MB
Total Virtual: 18764.16 MB
Available Virtual: 15717.52 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:237.22 GB) (Free:25.66 GB) NTFS
Drive d: (Games) (Fixed) (Total:1863.01 GB) (Free:1205.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 40DB2BEB)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D439EF31)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


Edited by Smileyjuice7, 18 April 2017 - 04:33 PM.


#8 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 19 April 2017 - 01:25 PM

I am very sorry for the inconvenience, I tried running the mbar.cmd, this time while I wasn't in safe mode, and the software started.


Edited by Smileyjuice7, 19 April 2017 - 02:26 PM.


#9 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 19 April 2017 - 04:03 PM

This is the mbar-log-2017-04-19 (16-13-48).txt after I scanned, and removed the threats with the software.

Attached Files



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 19 April 2017 - 06:46 PM

Awesome :) Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 19 April 2017 - 08:20 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/19/17
Scan Time: 9:11 PM
Logfile: mb log.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1763
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-5JPONF1\dariu
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388710
Time Elapsed: 2 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 1
PUP.Optional.WindowService, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\WS\REALTEK_AMD64.EXE, Quarantined, [1575], [384877],1.0.1763
 
Module: 4
PUP.Optional.WindowService, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\WS\REALTEK_AMD64.EXE, Quarantined, [1575], [384877],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\Newtonsoft.Json.dll, Quarantined, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\NLog.dll, Quarantined, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\realtek_amd64.lib.dll, Quarantined, [1575], [384876],1.0.1763
 
Registry Key: 13
PUP.Optional.InstallCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON Tools Lite, Delete-on-Reboot, [3], [368845],1.0.1763
PUP.Optional.WindowService, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\realtek_amd64_RASAPI32, Delete-on-Reboot, [1575], [388264],1.0.1763
PUP.Optional.WindowService, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\realtek_amd64_RASMANCS, Delete-on-Reboot, [1575], [388264],1.0.1763
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\REALTEK_AMD64, Delete-on-Reboot, [1575], [384877],1.0.1763
PUP.Optional.ProxyGate, HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DragonBoost, Delete-on-Reboot, [909], [375419],1.0.1763
PUP.Optional.Plumbytes, HKLM\SOFTWARE\Plumbytes Software, Delete-on-Reboot, [8996], [262040],1.0.1763
PUP.Optional.SearchModule, HKLM\SOFTWARE\SearchModule, Delete-on-Reboot, [597], [388629],1.0.1763
PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserairExec.exe, Delete-on-Reboot, [1450], [335431],1.0.1763
PUP.Optional.SearchModule, HKLM\SOFTWARE\WOW6432NODE\SearchModule, Delete-on-Reboot, [597], [388629],1.0.1763
PUP.Optional.BrowserAir, HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserairExec.exe, Delete-on-Reboot, [1450], [335429],1.0.1763
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [1060], [-1],0.0.0
PUP.Optional.SpyHunter, HKLM\SOFTWARE\ENIGMASOFTWAREGROUP\SpyHunter, Delete-on-Reboot, [1287], [331803],1.0.1763
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FBC4F2A6-54CB-413F-A1B5-BE5594B96C78}, Delete-on-Reboot, [511], [321304],1.0.1763
 
Registry Value: 6
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\REALTEK_AMD64|IMAGEPATH, Delete-on-Reboot, [1575], [384877],1.0.1763
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1060], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1060], [-1],0.0.0
PUP.Optional.AnonymizerGadget.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [1060], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FBC4F2A6-54CB-413F-A1B5-BE5594B96C78}|CONTACT, Delete-on-Reboot, [511], [333852],1.0.1763
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FBC4F2A6-54CB-413F-A1B5-BE5594B96C78}|URLINFOABOUT, Delete-on-Reboot, [511], [321304],1.0.1763
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 106
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\OnlineApplication, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\TrafficExchange, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\USERS\DARIU\APPDATA\ROAMING\Microleaves\Online Application Installer, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer 2.0.0\install, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\USERS\DARIU\APPDATA\ROAMING\Microleaves\Online Application Installer 2.0.0, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.WeatherBuddy, C:\USERS\DARIU\APPDATA\LOCAL\WeatherBuddy, Delete-on-Reboot, [1449], [383210],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Downloads, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\USERS\DARIU\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYHUNTER, Delete-on-Reboot, [1287], [331712],1.0.1763
PUP.Optional.InterStat, C:\Users\dariu\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_357\Logs, Delete-on-Reboot, [1308], [373566],1.0.1763
PUP.Optional.InterStat, C:\USERS\DARIU\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\Interstatnogui_357, Delete-on-Reboot, [1308], [373566],1.0.1763
PUP.Optional.AnonymizerGadget, C:\USERS\DARIU\APPDATA\ROAMING\AGDATA, Delete-on-Reboot, [1460], [338259],1.0.1763
PUP.Optional.AnonymizerGadget, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET, Delete-on-Reboot, [1460], [364596],1.0.1763
PUP.Optional.S5Mark, C:\PROGRAM FILES (X86)\S5, Delete-on-Reboot, [944], [383706],1.0.1763
PUP.Optional.BundleInstaller, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\25999484, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.WindowService, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\WS, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\abstractbutton\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\thirdparty\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\uninstall\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\weather\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\weather\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\weather\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\generic\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\alert\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\link\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\weather, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\abstractbutton, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\rss\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\rss\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare\icons, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\images, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\rss, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\radioWrapper, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\thirdparty, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\foreground, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\uninstall, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\generic, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\weather, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\background, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\alert, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\link, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\rss, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\window, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\adapter, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\libs, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\_metadata, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLJLDECPBFGBIAEJAPAKFFOLDDOMLOOI, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET, Delete-on-Reboot, [1060], [329210],1.0.1763
 
File: 337
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\OnlineApplication\asic-Installer2.6.0LIMITED.exe, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\TrafficExchange\Special-Installer2.6.0.exe, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\aipackagechainer.exe, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.OnlineIO, C:\Users\dariu\AppData\Roaming\Microleaves\Online Application Installer\prerequisites\aipackagechainer.ini, Delete-on-Reboot, [511], [391385],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data\dns.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs\cmp_2017041701.def, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20170417_201725.log, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\German.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Brazilian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Chinese(Simplified).lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Chinese(Traditional).lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Common.dll, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\cos.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Croatian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Czech.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Danish.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Dutch.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\English.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Finnish.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\French.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gas.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gil.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Greek.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Indonesian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Italian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Japanese.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\license.txt, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Lithuanian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\native.exe, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Norwegian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Polish.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Portuguese.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\purl.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Romanian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Russian.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\safeol.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\scanlog.log, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\shortcuts.txt, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Slovene.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Spanish.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\supportlog.txt, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Swedish.lng, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\unkcache.dat, Delete-on-Reboot, [1287], [331702],1.0.1763
PUP.Optional.SpyHunter, C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk, Delete-on-Reboot, [1287], [331712],1.0.1763
PUP.Optional.SpyHunter, C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk, Delete-on-Reboot, [1287], [331712],1.0.1763
PUP.Optional.SpyHunter, C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall.lnk, Delete-on-Reboot, [1287], [331712],1.0.1763
PUP.Optional.AnonymizerGadget, C:\USERS\DARIU\APPDATA\ROAMING\AGDATA\CONFIG.JSON, Delete-on-Reboot, [1460], [338259],1.0.1763
PUP.Optional.AnonymizerGadget, C:\Users\dariu\AppData\Roaming\AGData\add.json, Delete-on-Reboot, [1460], [338259],1.0.1763
PUP.Optional.AnonymizerGadget, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\AGUTILS.DLL, Delete-on-Reboot, [1460], [364596],1.0.1763
PUP.Optional.S5Mark, C:\PROGRAM FILES (X86)\S5\U.EXE, Delete-on-Reboot, [944], [383706],1.0.1763
PUP.Optional.InstallCore, C:\PROGRAM FILES\DAEMON TOOLS LITE\UNINST.EXE, Delete-on-Reboot, [3], [368845],1.0.1763
Trojan.Clicker, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\1492464843\S5M_INSTALL_325.ZIP, Delete-on-Reboot, [26], [387412],1.0.1763
PUP.Optional.BundleInstaller, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\25999484\IC-0.5BC59EA5852A0C.EXE, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\dlreport, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\ic-0.05c6d691dda01.exe, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\ic-0.655693ca95019.exe, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\ic-0.6acaf818f560e.exe, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\ic-0.84a53ce87a9f1.exe, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\ic-0.a6e1f52d9eb328.exe, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.BundleInstaller, C:\Users\dariu\AppData\Local\Temp\25999484\ic-0.d95f68bd60df1.exe, Delete-on-Reboot, [25], [341983],1.0.1763
PUP.Optional.Plumbytes, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\PAI79A4.TMP5.EXE, Delete-on-Reboot, [8996], [123575],1.0.1763
Trojan.Clicker, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\1492464843\S5-20170325.ZIP, Delete-on-Reboot, [26], [387411],1.0.1763
PUP.Optional.Plumbytes, C:\USERS\DARIU\DOWNLOADS\ANTIMALWARESETUP.EXE, Delete-on-Reboot, [8996], [123575],1.0.1763
PUP.Optional.MindSpark, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_radiorage.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [258], [240306],1.0.1763
PUP.Optional.MindSpark, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_radiorage.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [258], [240306],1.0.1763
PUP.Optional.NewTabTV, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, Delete-on-Reboot, [2516], [359410],1.0.1763
PUP.Optional.NewTabTV, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, Delete-on-Reboot, [2516], [359410],1.0.1763
PUP.Optional.WindowService, C:\USERS\DARIU\APPDATA\LOCAL\TEMP\WS\REALTEK_AMD64.EXE, Delete-on-Reboot, [1575], [384877],1.0.1763
PUP.Optional.ProxyGate, C:\USERS\DARIU\APPDATA\LOCAL\UNINSTALLRO.EXE, Delete-on-Reboot, [909], [375420],1.0.1763
PUP.Optional.SpyHunter, C:\USERS\DARIU\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Delete-on-Reboot, [1287], [345850],1.0.1763
PUP.Optional.NewTabTV, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage, Delete-on-Reboot, [2516], [359416],1.0.1763
PUP.Optional.NewTabTV, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage-journal, Delete-on-Reboot, [2516], [359416],1.0.1763
PUP.Optional.MindSpark, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_radiorage.dl.myway.com_0.localstorage, Delete-on-Reboot, [258], [240305],1.0.1763
PUP.Optional.MindSpark, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_radiorage.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [258], [240305],1.0.1763
PUP.Optional.WeatherBuddy, C:\WINDOWS\WEATHERBUDDY.INI, Delete-on-Reboot, [1449], [388256],1.0.1763
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\18DAA12.MSI, Delete-on-Reboot, [511], [337831],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\128x128.png, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\6E6C6758AC28AE475E185BD0F079870A, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\ati_upd.dll, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\InstallUtil.InstallLog, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\Newtonsoft.Json.dll, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\Newtonsoft.Json.xml, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\NLog.config, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\NLog.dll, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\NLog.xml, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\realtek_amd64.InstallLog, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\realtek_amd64.InstallState, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\realtek_amd64.lib.dll, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.WindowService, C:\Users\dariu\AppData\Local\Temp\WS\state, Delete-on-Reboot, [1575], [384876],1.0.1763
PUP.Optional.MindSpark, C:\USERS\DARIU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLJLDECPBFGBIAEJAPAKFFOLDDOMLOOI\12.600.11.23905_0\MANIFEST.JSON, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\adapter\adapterUtil.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\adapter\widget-adapter.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\abstractbutton\background\abstractButton.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\alert\background\alertButton.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\background\embedHtmlWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\html\embedHtmlTemplate.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedhtml\js\embedHtmlUI.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\background\embedScriptWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\html\embedScriptTemplate.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\embedscript\js\embedScriptUI.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare\background\FlareWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare\icons\Icon_Flare_blue.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare\icons\Icon_Flare_pink.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\flare\icons\Thumbs.db, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\generic\background\GenericWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\link\background\linkButton.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\background\menuButton.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\css\menuframe.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\html\menuframe.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\images\right_arrow.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\images\right_arrow_white.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\js\jquery-1.7.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\js\menuframe.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\js\query-string.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\js\underscore-1.3.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\menu\README.txt, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\rss\background\RssWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\thirdparty\background\thirdPartyWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\uninstall\background\uninstallButton.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\components\weather\background\weatherButton.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\bs.30.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\common.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\dynamic.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\enableDetect.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\eventListening.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\global.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\jquery-1.7.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\list-interaction.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\messageEventListener.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\navRedirector.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\paramReplacer.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\PartnerId.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\set.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\underscore-1.3.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\underscore-1.5.2.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\js\unifiedLogging.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common\common.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common\eventListening.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common\list-interaction.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common\set.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\css\radio-widget.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\js\radio-custom.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\js\radio-parser.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\js\radio-widget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\radio\radio-widget.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\rss\js\rss-widget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\rss\rssWidget.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\invalid.json, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\jquery.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\qunit.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\qunit.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\resource.json, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\resource.xml, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\testWidget.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\test\testWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\css\widget.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\js\topapps-config.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\js\widget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\topapps\widget.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\weather\css\weatherButton.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\weather\js\weather.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widgets\weather\weatherButton.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\common\widget-api\widget-context-1.0.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\background\ApiBasedWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\background\widget-api-impl.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\window\hiddenWidgetWindow.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\window\hiddenWidgetWindow.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\window\hiddenWidgetWindowInit.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\window\widgetWindow.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\api\window\widgetWindow.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\background\updateSearch.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\background\updateSearchPromptBg.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\07_buttons2.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\08_buttons2.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\defaultSearchModal.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\tvf_btn_ok.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\tvf_restart_icon.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\background\MovieReviewsWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\css\movieReviews.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\html\movieReviews.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\moviereviews\js\movieReviews.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\background\RadioWidget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\css\toolbar-item.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\foreground\button.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\radioWrapper\radioWrapper.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\radio\radioWrapper\radioWrapper.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\background\searchBox.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\html\searchSuggestions.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\html\searchSuggestions.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\html\searchSuggestions.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\search\html\searchSuggestionsInit.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\css\supertab.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\html\supertab.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js\newtabfork.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js\reporting.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js\srchsugg.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js\supertab.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js\unifiedLogging.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\components\supertab\js\__utm.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\arrowSprite.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\icon128.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\icon16.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\icon19disabled.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\icon19on.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\icon48.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\icons\tb_icon_search_disappearing_ask.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756723.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756768.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756784.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756788.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756794.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756818.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756823.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\223756873.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\down_arrow.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\IDR_PRODUCT_LOGO_16.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\IDR_WEBSTORE_ICON.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\magnifying_glass.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\RadioPlayerSprite.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\search_button.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\tvf_icon_guide.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\tvf_logo.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\images\wrench.png, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\scriptInjector.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\chromeStorage.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\chromeUtils.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\companionSWUtils.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\exeManager.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\exeManagerNMD.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\exePackageManager.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\focusManager.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\globalBlacklistManager.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\messaging.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\mutation_summary-min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\mutation_summary.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\nativeMessagingDispatcher.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\newTabInfo.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\newTabInitialize.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\options.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\readLocalStorage.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\reservespacefortoolbar.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\reservespaceifenabled.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\searchContext.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\settingsOverrides.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\toolbarCookieParser.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\toolbarPreinit.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\underscore-1.3.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\URILoaderContentScript.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\webTooltabAPI.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\Widget.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\widgetContentScriptInjectee.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\widgetFactory.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\js\widgetWindowManager.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\libs\jquery-1.7.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\libs\jquery-1.9.1.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\libs\underscore-1.5.2.min.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\cache.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\ce.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\debug.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\native\ss.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\activePing.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\buttonLogger.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\competitorDnsList.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\console.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\FFPreferencesPersister.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\httpTransport.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\HttpURL.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\internationalSearch.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\LocalStoragePersister.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\MindsparkGlobal.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\MindsparkGlobal.unitTest.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\MindsparkGlobalNotes.txt, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\rsvp-latest.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\searchSuggestLocale.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\testHttpTransport.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\unifiedLogger.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\unifiedLogging.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\universalConsole.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\shared\utils.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\_metadata\computed_hashes.json, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\_metadata\verified_contents.json, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\bg.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\buildVars, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\buildVars.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\companionSW.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\config.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\contentScript.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\contentScript.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\debug.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\debug.jade, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\extension_toolbar_api.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\initWidgetWindow.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\newTabContentScript.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\options.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spent.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spent.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spent.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spent2.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spent2.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spentJ.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spentK.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\spentK.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\startup.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\stub.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\stubby.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\superFrame.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\toolbar.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\toolbar.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\toolbarUI.css, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\toolbarUI.html, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\toolbarUI.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\url.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\urlFragmentActions.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.MindSpark, C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi\12.600.11.23905_0\webtooltab.cs.js, Delete-on-Reboot, [258], [301932],1.0.1763
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET\ANONYMIZERGADGET.LNK, Delete-on-Reboot, [1060], [329210],1.0.1763
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 19 April 2017 - 08:59 PM

Good :) Now let's run a sweep with JRT and AdwCleaner to clean up this infection's remnants.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 20 April 2017 - 05:16 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by dariu (Administrator) on Thu 04/20/2017 at  6:06:12.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Users\dariu\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} (Empty Folder)
Successfully deleted: C:\Users\dariu\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\dariu\AppData\Roaming\microleaves (Folder) 
Successfully deleted: C:\Users\dariu\AppData\Roaming\speedrunnerslog.txt (File) 
Successfully repaired: C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk (Shortcut)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/20/2017 at  6:08:12.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v6.045 - Logfile created 20/04/2017 at 06:13:07
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-19.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : dariu - DESKTOP-5JPONF1
# Running from : C:\Users\dariu\Downloads\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Update service
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\dariu\AppData\Local\AdvinstAnalytics
[-] Folder deleted: C:\Users\dariu\AppData\Local\llssoft
[-] Folder deleted: C:\Program Files\Yhid
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\Program Files\Plumbytes Software
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\Program Files (x86)\Note-up
[#] Folder deleted on reboot: C:\Program Files (x86)\Note-UP
[-] Folder deleted: C:\uninst
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\dariu\AppData\Local\Microsoft\Internet Explorer\DOMStore\YEFUNNUS\www.mytransitguide[1].xml
[-] File deleted: C:\Users\dariu\AppData\Local\Microsoft\Internet Explorer\DOMStore\3DUO0CQO\mytransitguide.dl.myway[1].xml
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Users\dariu\AppData\Local\Temp\EsgScanner.sys
[-] File deleted: C:\WINDOWS\rsrcs.dll
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: igjjkeeamkpihpncmmbgdkhdnjpcfmfb
[-] [C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: khcceooakamlehbimaepcldnnlnkcmfk
[-] [C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www-searching.com/?pid=s&s=ga5zftpbl0cshmoau,89645622-60fc-4954-9196-afcad075752f,
[-] [C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2739 Bytes] - [20/04/2017 06:13:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [2879 Bytes] - [20/04/2017 06:11:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2885 Bytes] ##########
 


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 20 April 2017 - 07:39 AM

Awesome :) Now please run a new scan with FRST, and provide me a new set of logs (FRST.txt and Addition.txt), so I can check if there's anything left that needs to be removed.

https://www.bleepingcomputer.com/forums/t/644655/computer-infected-with-virus-the-requested-resource-is-in-use/#entry4222972

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Smileyjuice7

Smileyjuice7
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 20 April 2017 - 01:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by dariu (administrator) on DESKTOP-5JPONF1 (20-04-2017 14:55:16)
Running from C:\Users\dariu\Desktop
Loaded Profiles: dariu (Available Profiles: dariu)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() D:\Steam Games\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() D:\Steam Games\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() D:\Steam Games\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
() D:\Steam Games\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
() D:\Steam Games\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hammer & Chisel, Inc.) C:\Users\dariu\AppData\Local\Discord\app-0.0.297\Discord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\dariu\AppData\Local\Discord\app-0.0.297\Discord.exe
(Spotify Ltd) C:\Users\dariu\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hammer & Chisel, Inc.) C:\Users\dariu\AppData\Local\Discord\app-0.0.297\Discord.exe
(Flux Software LLC) C:\Users\dariu\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13877464 2015-05-15] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-20] (Microsoft Corporation)
HKLM\...\Run: [R.A.T.TE] => C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe [195072 2015-09-18] (Mad Catz Inc)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [13178064 2017-01-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-07-29] (Disc Soft Ltd)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Discord] => C:\Users\dariu\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Spotify Web Helper] => C:\Users\dariu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-17] (Spotify Ltd)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Spotify] => C:\Users\dariu\AppData\Roaming\Spotify\Spotify.exe [7072880 2017-04-17] (Spotify Ltd)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-03-28] (Nota Inc.)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Run: [f.lux] => C:\Users\dariu\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{62a2a1f0-d66c-415b-b66e-89298f014056}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-11] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-11] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-11] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-11] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-11] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "chrome://newtab/","hxxp://google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://nljldecpbfgbiaejapakffolddomlooi/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=ga5zftpbl0cshmoau,89645622-60fc-4954-9196-afcad075752f,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default [2017-04-20]
CHR Extension: (Easy Auto Refresh) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-04-18]
CHR Extension: (Google Slides) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-07]
CHR Extension: (Google Docs) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-07]
CHR Extension: (Google Drive) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-07]
CHR Extension: (YouTube) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-07]
CHR Extension: (Adblock Plus) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Sword Art Online Sunset Theme) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfiihpjmboknfjljocplobffangmahg [2017-01-08]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-08-07]
CHR Extension: (Hide Most Visited Pages Reloaded) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhphmpoekpoecdbjeionimpiceigkeil [2017-02-25]
CHR Extension: (Google Sheets) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-07]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-01-08]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-04-17]
CHR Extension: (Google Hangouts) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-18]
CHR Extension: (RadioRage) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljldecpbfgbiaejapakffolddomlooi [2017-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (My Chrome Theme) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-08-07]
CHR Extension: (Gmail) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-07]
CHR Extension: (Chrome Media Router) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-03-16]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-08]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-04-20]
CHR Extension: (Google Slides) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-08]
CHR Extension: (Google Docs) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-08]
CHR Extension: (Google Drive) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-08]
CHR Extension: (YouTube) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-08]
CHR Extension: (Hide Most Visited Pages Reloaded) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhphmpoekpoecdbjeionimpiceigkeil [2017-01-08]
CHR Extension: (Google Sheets) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-08]
CHR Extension: (Minimalistic - Blue Blue) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knckaefnahggefjmhiilmgifninknbhf [2017-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\dariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR Profile: C:\Users\dariu\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-29] (Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 Wallpaper Engine Service; D:\Steam Games\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [25600 2017-03-05] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [54256 2016-12-11] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [29168 2016-12-11] (Corsair)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-08] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e24w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-20] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys [14569528 2017-02-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2015-09-18] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2015-09-18] (Saitek)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 _hid_0738_1704; C:\WINDOWS\system32\DRIVERS\_hid_0738_1704.sys [180928 2015-09-18] (Saitek)
R3 _usb_0738_1704; C:\WINDOWS\System32\drivers\_usb_0738_1704.sys [46528 2015-09-18] (Saitek)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-20 14:55 - 2017-04-20 14:55 - 00023365 _____ C:\Users\dariu\Desktop\FRST.txt
2017-04-20 06:09 - 2017-04-20 06:13 - 00000000 ____D C:\AdwCleaner
2017-04-20 06:09 - 2017-04-20 06:09 - 04089296 _____ C:\Users\dariu\Downloads\AdwCleaner (1).exe
2017-04-20 06:08 - 2017-04-20 06:08 - 00001029 _____ C:\Users\dariu\Desktop\JRT.txt
2017-04-20 06:07 - 2017-04-20 06:07 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-04-20 06:06 - 2017-04-20 06:06 - 01663672 _____ (Malwarebytes) C:\Users\dariu\Desktop\JRT.exe
2017-04-20 06:05 - 2017-04-20 06:05 - 01663672 _____ (Malwarebytes) C:\Users\dariu\Downloads\JRT.exe
2017-04-19 21:17 - 2017-04-19 21:17 - 00093153 _____ C:\Users\dariu\Desktop\mb log.txt
2017-04-19 21:08 - 2017-04-20 06:14 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-19 21:08 - 2017-04-20 06:14 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-19 21:08 - 2017-04-20 06:14 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-19 21:08 - 2017-04-19 21:08 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-19 21:08 - 2017-04-19 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-19 21:08 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-19 21:07 - 2017-04-19 21:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-19 20:44 - 2017-04-19 20:44 - 00712895 _____ C:\Users\dariu\Downloads\video (2).mov
2017-04-19 20:43 - 2017-04-19 20:43 - 07032299 _____ C:\Users\dariu\Downloads\2017-04-19_20-41-16.mp4
2017-04-19 20:22 - 2017-04-19 20:22 - 00712895 _____ C:\Users\dariu\Downloads\video (1).mov
2017-04-19 17:59 - 2017-04-19 17:59 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103 (3).exe
2017-04-19 17:55 - 2017-04-19 17:55 - 00078721 _____ C:\Users\dariu\Downloads\DIT Movie_1.prproj
2017-04-19 17:54 - 2017-04-19 17:54 - 00087798 _____ C:\Users\dariu\Downloads\DIT Movie.prproj
2017-04-19 17:54 - 2017-04-19 17:54 - 00087798 _____ C:\Users\dariu\Downloads\DIT Movie (1).prproj
2017-04-19 17:48 - 2017-04-19 17:48 - 00000000 ____D C:\Users\dariu\Desktop\FRST-OlderVersion
2017-04-19 17:39 - 2017-04-19 17:39 - 00026607 _____ C:\Users\dariu\Desktop\Untitled.prproj
2017-04-19 17:35 - 2017-04-19 17:35 - 132576344 _____ C:\Users\dariu\Downloads\DIT ANIMATION DARUYS SAM.mp4
2017-04-19 15:15 - 2017-04-20 06:14 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-19 15:15 - 2017-04-19 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-19 15:14 - 2017-04-19 21:08 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-18 21:57 - 2017-04-18 21:57 - 00000000 ____D C:\WINDOWS\Panther
2017-04-18 17:25 - 2017-04-18 17:25 - 00150375 _____ C:\Users\dariu\Downloads\FRST_30-03-2017 10.56.05.txt
2017-04-18 17:23 - 2017-04-18 17:23 - 00068411 _____ C:\Users\dariu\Downloads\Addition.txt
2017-04-18 15:14 - 2017-04-20 14:55 - 00000000 ____D C:\FRST
2017-04-18 15:14 - 2017-04-19 17:48 - 02424832 _____ (Farbar) C:\Users\dariu\Desktop\FRST64.exe
2017-04-18 15:14 - 2017-04-18 19:04 - 02424832 _____ (Farbar) C:\Users\dariu\Downloads\FRST64.exe
2017-04-18 14:44 - 2017-04-19 16:50 - 00000000 ____D C:\Users\dariu\Desktop\mbar
2017-04-18 14:43 - 2017-04-18 14:44 - 16564750 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.4.1001 (1).exe
2017-04-18 06:30 - 2017-04-18 06:31 - 16564750 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.4.1001.exe
2017-04-17 21:23 - 2017-04-17 21:23 - 00005356 _____ C:\Users\dariu\Downloads\mbar-log-2017-04-17 (18-40-43).txt
2017-04-17 21:04 - 2017-04-17 21:04 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (4).exe
2017-04-17 20:46 - 2017-04-17 20:46 - 01027896 _____ (Symantec Corporation) C:\Users\dariu\Downloads\NortonNSDownloader.exe
2017-04-17 20:13 - 2017-04-17 20:13 - 165461640 _____ (Sophos Limited) C:\Users\dariu\Downloads\Sophos Virus Removal Tool.exe
2017-04-17 20:11 - 2017-04-17 20:12 - 00230472 _____ C:\Users\dariu\Downloads\RootkitRevealer.zip
2017-04-17 20:09 - 2017-04-17 20:10 - 166356456 _____ (Kaspersky Lab) C:\Users\dariu\Downloads\kis16.0.1.445en_full.exe
2017-04-17 20:03 - 2017-04-20 14:54 - 01594590 _____ C:\WINDOWS\ntbtlog.txt
2017-04-17 19:49 - 2017-04-17 21:12 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-04-17 19:49 - 2017-04-17 19:49 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-04-17 19:49 - 2017-04-17 19:49 - 00001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-04-17 19:49 - 2017-04-17 19:49 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-04-17 19:48 - 2017-04-17 19:48 - 02984912 _____ C:\Users\dariu\Downloads\SecurityTaskManager_Setup.exe
2017-04-17 19:45 - 2017-04-17 19:46 - 151221184 _____ C:\Users\dariu\Downloads\s7ntredj.exe
2017-04-17 19:43 - 2017-04-17 19:43 - 01472131 _____ C:\Users\dariu\Downloads\vba32arkit.zip
2017-04-17 19:42 - 2017-04-17 19:42 - 00464491 _____ C:\Users\dariu\Downloads\RootRepeal.zip
2017-04-17 19:16 - 2017-04-17 19:16 - 00380928 _____ C:\Users\dariu\Downloads\ulinijg0.exe
2017-04-17 19:15 - 2017-04-17 19:15 - 04737440 _____ (Avira Operations GmbH & Co. KG) C:\Users\dariu\Downloads\avira_en_fass0_58f546e53d19c__ws.exe
2017-04-17 19:12 - 2017-04-17 19:12 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (3).exe
2017-04-17 19:10 - 2017-04-17 19:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (2).exe
2017-04-17 19:04 - 2017-04-17 19:04 - 04089296 _____ C:\Users\dariu\Downloads\AdwCleaner.exe
2017-04-17 19:03 - 2017-04-17 19:03 - 05766464 _____ (Zemana Ltd. ) C:\Users\dariu\Downloads\eXplorer.exe
2017-04-17 19:01 - 2017-04-17 19:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\dariu\Downloads\iExplore.exe
2017-04-17 19:01 - 2017-04-17 19:01 - 00912452 _____ C:\Users\dariu\Downloads\rkill.zip
2017-04-17 18:59 - 2017-04-17 18:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001 (1).exe
2017-04-17 18:57 - 2017-04-17 18:57 - 16563352 _____ (Malwarebytes Corp.) C:\Users\dariu\Downloads\mbar-1.09.3.1001.exe
2017-04-17 18:56 - 2017-04-17 18:56 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103 (2).exe
2017-04-17 18:41 - 2017-04-17 18:41 - 00000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2017-04-17 18:40 - 2017-04-17 18:40 - 00000000 ____D C:\WINDOWS\pss
2017-04-17 18:28 - 2017-04-19 16:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-17 18:20 - 2017-04-17 18:20 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103 (1).exe
2017-04-17 17:41 - 2017-04-17 17:41 - 60107896 _____ (Malwarebytes ) C:\Users\dariu\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-17 17:34 - 2017-04-19 16:56 - 00000000 ____D C:\Users\dariu\AppData\Local\ucmenwvar
2017-04-17 17:34 - 2017-04-17 17:36 - 00000000 ____D C:\Users\dariu\AppData\Local\bkchel
2017-04-17 17:34 - 2017-04-17 17:34 - 00000000 ____D C:\Users\dariu\AppData\Roaming\c
2017-04-17 15:50 - 2017-04-17 15:50 - 22178704 _____ C:\Users\dariu\Downloads\no circle0000-0160.avi
2017-04-17 12:11 - 2017-04-17 12:11 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig (3).blend
2017-04-17 12:11 - 2017-04-17 12:11 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig (2).blend
2017-04-17 12:11 - 2017-04-17 12:11 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig (1).blend
2017-04-16 23:24 - 2017-04-16 23:24 - 00000000 ____D C:\Users\dariu\AppData\Local\Red Giant
2017-04-16 22:52 - 2017-04-16 22:52 - 00942570 _____ C:\Users\dariu\Downloads\SaberInstaller_1.0.39_Win_2017.zip
2017-04-16 22:48 - 2017-04-16 22:48 - 00000000 ____D C:\Users\dariu\AppData\Local\LooksBuilder
2017-04-16 22:42 - 2017-04-16 22:42 - 00000000 ____D C:\Program Files\Red Giant
2017-04-16 22:42 - 2017-04-16 22:42 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2017-04-16 22:42 - 2015-07-01 15:43 - 41249792 _____ (Red Giant LLC) C:\WINDOWS\system32\MBLooksUI_x64.dll
2017-04-16 22:42 - 2015-06-26 13:09 - 12966400 _____ (Red Giant Software) C:\WINDOWS\system32\Gpu_Shader_Engine_x64.dll
2017-04-16 22:42 - 2015-06-26 13:09 - 05828096 _____ (Noesis Technologies) C:\WINDOWS\system32\noesis.dll
2017-04-16 22:39 - 2017-04-16 22:39 - 00000000 ____D C:\Users\dariu\Documents\Red Giant Magic Bullet Suite
2017-04-16 22:38 - 2017-04-16 22:39 - 90692100 _____ C:\Users\dariu\Downloads\MagicBulletSuite12 (SERIALS).rar
2017-04-16 22:30 - 2017-04-16 22:32 - 00000000 ____D C:\Users\dariu\Documents\Twitch
2017-04-16 22:30 - 2017-04-16 22:30 - 00583033 _____ C:\Users\dariu\Downloads\Twitch.rar
2017-04-16 22:25 - 2017-04-16 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReelSmart Motion Blur 4, After Effects-compatible plugin set
2017-04-16 22:25 - 2008-01-30 18:36 - 00090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2017-04-16 22:22 - 2017-04-16 22:22 - 00000000 ____D C:\Program Files (x86)\REVisionEffects
2017-04-16 22:21 - 2017-04-16 22:21 - 14830778 _____ C:\Users\dariu\Downloads\RSMB (MARK I).rar
2017-04-16 22:18 - 2017-04-16 22:21 - 00000000 ____D C:\Users\dariu\AppData\Roaming\MAXON
2017-04-16 22:17 - 2017-04-16 22:17 - 00000000 ____D C:\Users\dariu\Documents\Cinema 4D R17 -MXVII
2017-04-16 22:15 - 2017-04-16 22:15 - 137922601 _____ C:\Users\dariu\Downloads\Cinema 4D R17 -MXVII.rar
2017-04-16 22:05 - 2017-03-26 00:50 - 00000000 ____D C:\Users\dariu\Documents\Optical Flares (PC) V2
2017-04-16 22:04 - 2017-04-16 22:04 - 86299264 _____ C:\Users\dariu\Downloads\Optical Flares (PC) V2.rar
2017-04-16 21:59 - 2017-04-16 21:59 - 00003752 _____ C:\WINDOWS\System32\Tasks\Red Giant Link
2017-04-16 21:59 - 2017-04-16 21:59 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Red Giant
2017-04-16 21:58 - 2017-04-16 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-04-16 21:58 - 2017-04-16 22:42 - 00000000 ____D C:\Program Files (x86)\Red Giant
2017-04-16 21:58 - 2017-04-16 21:59 - 00000000 ____D C:\ProgramData\Red Giant
2017-04-16 21:58 - 2017-04-16 21:59 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2017-04-16 21:58 - 2016-08-09 08:36 - 15576576 _____ (Trapcode AB) C:\WINDOWS\system32\TCParticleBuilder.dll
2017-04-16 21:52 - 2017-04-16 21:52 - 00000000 ____D C:\ProgramData\RedGiant
2017-04-16 21:50 - 2017-04-16 21:50 - 00000000 ____D C:\Users\dariu\Documents\Trapcode Particular
2017-04-16 21:47 - 2017-04-16 21:48 - 517125932 _____ C:\Users\dariu\Downloads\TCSuite_Win_Full.zip
2017-04-16 20:34 - 2017-04-16 20:34 - 00000000 ____D C:\Users\dariu\Documents\VideoCopilot
2017-04-16 20:24 - 2017-04-16 20:44 - 00000000 ____D C:\Users\dariu\Documents\Element 3D v2.2 BY Rana Hunjan
2017-04-16 20:20 - 2017-04-16 20:21 - 305873898 _____ C:\Users\dariu\Downloads\Element 3D v2.2 BY Rana Hunjan.rar
2017-04-16 16:32 - 2017-04-16 16:32 - 00000000 ____D C:\ProgramData\REVisionEffects
2017-04-16 16:32 - 2017-04-16 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REVisionEffects
2017-04-16 16:31 - 2017-04-16 16:31 - 09382580 _____ C:\Users\dariu\Downloads\Twixtor.rar
2017-04-16 16:31 - 2016-02-02 00:34 - 00000000 ____D C:\Users\dariu\Documents\Twixtor
2017-04-13 20:42 - 2017-04-13 22:40 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Rocket Chat
2017-04-13 20:42 - 2017-04-13 20:42 - 00001083 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket Chat.lnk
2017-04-13 20:42 - 2017-04-13 20:42 - 00000000 ____D C:\Program Files (x86)\Rocket Chat
2017-04-13 20:41 - 2017-04-13 20:42 - 02189312 _____ C:\Users\dariu\Downloads\RocketChatInstaller.exe
2017-04-13 18:41 - 2017-04-13 18:41 - 03788824 _____ C:\Users\dariu\Downloads\Wasip Rig.blend
2017-04-13 18:25 - 2017-04-13 18:25 - 00676386 _____ C:\Users\dariu\Downloads\78949_Wasip_Full_Rig_1.1.zip
2017-04-10 16:02 - 2017-04-10 16:02 - 23692458 _____ C:\Users\dariu\Downloads\CUE1_LegacyPack (1).zip
2017-04-10 15:59 - 2017-04-10 16:00 - 11209300 _____ C:\Users\dariu\Downloads\SuperSaiyan (1).zip
2017-04-10 15:56 - 2017-04-10 15:56 - 11209300 _____ C:\Users\dariu\Downloads\SuperSaiyan.zip
2017-04-08 19:15 - 2017-04-16 20:38 - 00000000 ____D C:\ProgramData\VideoCopilot
2017-04-08 19:13 - 2016-07-14 08:24 - 00000000 ____D C:\Users\dariu\Downloads\Element 3D V2.0.7 FINAL(PC)
2017-04-08 18:58 - 2017-04-08 19:11 - 4066426640 _____ C:\Users\dariu\Downloads\Element 3D V2.0.7 FINAL(PC).zip
2017-04-08 12:43 - 2017-04-08 12:43 - 00842930 _____ C:\Users\dariu\Downloads\Clapperboard.mp4
2017-04-07 21:15 - 2017-04-07 21:15 - 00026118 _____ C:\Users\dariu\Downloads\code.zip
2017-04-07 21:14 - 2017-04-07 21:14 - 00344344 _____ C:\Users\dariu\Downloads\AbrahamLincoln_Personal_License.zip
2017-04-07 21:14 - 2017-04-07 21:14 - 00081100 _____ C:\Users\dariu\Downloads\nexa.zip
2017-04-07 21:12 - 2017-04-07 21:12 - 00449435 _____ C:\Users\dariu\Downloads\bebas_neue.zip
2017-04-07 20:41 - 2017-04-07 20:41 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-04-07 20:30 - 2017-04-07 20:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-07 20:30 - 2017-04-07 20:30 - 00001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2017-04-07 20:28 - 2017-04-07 20:29 - 44162824 _____ C:\Users\dariu\Downloads\ADOBE Update Management Tool 8.0.rar
2017-04-07 20:27 - 2017-04-07 20:27 - 00000000 ___HD C:\$SysReset
2017-04-04 20:10 - 2017-04-04 20:10 - 00006474 _____ C:\Users\dariu\Downloads\pt_shiftlayers_v2.31.zip
2017-04-02 20:05 - 2017-04-02 20:05 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Blender Foundation
2017-04-02 20:03 - 2017-04-02 20:03 - 05509633 _____ C:\Users\dariu\Downloads\83270__little_green_alien.zip
2017-04-02 19:54 - 2017-04-02 19:54 - 00000000 ____D C:\Users\dariu\.thumbnails
2017-04-01 20:57 - 2017-04-01 20:57 - 00789329 _____ C:\Users\dariu\Downloads\video.mov
2017-04-01 12:17 - 2017-04-01 12:17 - 00106219 _____ C:\Users\dariu\Downloads\gogoposterpunch.zip
2017-03-31 19:43 - 2017-03-31 19:43 - 06153810 _____ C:\Users\dariu\Downloads\Glitch-Effect-in-Premiere-Pro-Cinecom.zip
2017-03-30 16:12 - 2017-03-30 16:37 - 00000000 ____D C:\Users\dariu\AppData\Roaming\WhatsApp
2017-03-30 16:12 - 2017-03-30 16:12 - 92775696 _____ (WhatsApp) C:\Users\dariu\Downloads\WhatsAppSetup.exe
2017-03-30 16:12 - 2017-03-30 16:12 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-03-30 16:12 - 2017-03-30 16:12 - 00000000 ____D C:\Users\dariu\AppData\Local\WhatsApp
2017-03-28 15:17 - 2017-03-28 15:17 - 00001056 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-03-28 14:49 - 2017-04-17 15:10 - 00000000 ____D C:\Users\dariu\AppData\Local\join.me
2017-03-27 19:43 - 2017-03-27 19:43 - 08021848 _____ C:\Users\dariu\Downloads\[Chroma Key] The Pumpkin Dance - Green Screen.mp4
2017-03-27 18:27 - 2017-03-27 18:27 - 00007807 _____ C:\Users\dariu\Downloads\tender (3).mid
2017-03-27 18:27 - 2017-03-27 18:27 - 00005859 _____ C:\Users\dariu\Downloads\mozart (9).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00007807 _____ C:\Users\dariu\Downloads\tender (2).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00005859 _____ C:\Users\dariu\Downloads\mozart (8).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00004488 _____ C:\Users\dariu\Downloads\icecream (1).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00002421 _____ C:\Users\dariu\Downloads\hitchcock.mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00002421 _____ C:\Users\dariu\Downloads\hitchcock (1).mid
2017-03-27 18:22 - 2017-03-27 18:22 - 00002245 _____ C:\Users\dariu\Downloads\furelise (2).mid
2017-03-27 18:21 - 2017-03-27 18:21 - 00005859 _____ C:\Users\dariu\Downloads\mozart (7).mid
2017-03-27 18:21 - 2017-03-27 18:21 - 00005859 _____ C:\Users\dariu\Downloads\mozart (6).mid
2017-03-27 18:21 - 2017-03-27 18:21 - 00002245 _____ C:\Users\dariu\Downloads\furelise (1).mid
2017-03-27 18:19 - 2017-03-27 18:19 - 00005859 _____ C:\Users\dariu\Downloads\mozart (5).mid
2017-03-27 18:19 - 2017-03-27 18:19 - 00004488 _____ C:\Users\dariu\Downloads\icecream.mid
2017-03-27 18:17 - 2017-03-27 18:17 - 00005859 _____ C:\Users\dariu\Downloads\mozart (4).mid
2017-03-27 18:17 - 2017-03-27 18:17 - 00005859 _____ C:\Users\dariu\Downloads\mozart (3).mid
2017-03-27 18:17 - 2017-03-27 18:17 - 00002245 _____ C:\Users\dariu\Downloads\furelise.mid
2017-03-27 18:16 - 2017-03-27 18:16 - 00005859 _____ C:\Users\dariu\Downloads\mozart (2).mid
2017-03-27 16:00 - 2017-03-27 16:00 - 17977160 _____ (CyberGhost S.R.L. ) C:\Users\dariu\Downloads\CG_6.1.0_44376.exe
2017-03-27 15:16 - 2017-03-27 15:16 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-03-27 15:16 - 2017-03-27 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-03-27 15:14 - 2017-03-27 15:14 - 04127544 _____ (Microsoft Corporation) C:\Users\dariu\Downloads\Setup.X86.en-us_O365ProPlusRetail_03adb4e0-4ec9-4895-9f6f-f53201ef4b8d_TX_PR_b_32_.exe
2017-03-27 15:14 - 2017-03-27 15:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-26 11:51 - 2017-03-26 11:51 - 00005461 _____ C:\Users\dariu\Downloads\5crgVXB6BIw.swf
2017-03-26 10:07 - 2017-03-26 10:07 - 10273369 _____ C:\Users\dariu\Downloads\lvllqo (1).zip
2017-03-25 22:17 - 2017-03-25 22:17 - 10273369 _____ C:\Users\dariu\Downloads\lvllqo.zip
2017-03-25 22:15 - 2017-03-25 22:17 - 123767943 _____ C:\Users\dariu\Downloads\[60 FPS] Skywars Hacking on Hypickle #7 Testing a new meme [Skorge].mp4
2017-03-25 21:56 - 2017-03-25 21:56 - 00001030 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-03-25 21:55 - 2017-04-17 13:23 - 00000000 ____D C:\Users\dariu\AppData\Local\osu!
2017-03-25 21:55 - 2017-03-25 21:55 - 04475584 _____ (ppy) C:\Users\dariu\Downloads\osu!install.exe
2017-03-25 21:07 - 2017-03-25 21:07 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk
2017-03-25 21:05 - 2017-03-25 21:05 - 00001384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator (Preview).lnk
2017-03-25 16:40 - 2017-03-25 16:40 - 38042285 _____ C:\Users\dariu\Downloads\rainbowwavemlg.mp4
2017-03-25 16:00 - 2017-03-25 16:00 - 00023963 _____ C:\Users\dariu\Downloads\Hitmarker.mp4
2017-03-25 15:27 - 2017-03-25 15:27 - 00017838 _____ C:\Users\dariu\Downloads\hitmarker sound and animation.mp4
2017-03-25 15:08 - 2017-03-25 15:08 - 00010231 _____ C:\Users\dariu\Downloads\Hitmarker with sound for use in MLG montage parodies.mp4
2017-03-25 14:22 - 2017-03-25 14:23 - 11956877 _____ C:\Users\dariu\Downloads\WOW.mp4
2017-03-25 12:52 - 2017-03-25 12:52 - 08788124 _____ C:\Users\dariu\Downloads\SUPA HOT (OHHHH SOUND EFFECT).mp4
2017-03-24 21:38 - 2017-03-24 21:38 - 01138947 _____ C:\Users\dariu\Downloads\Facepalming people - screen download.mp4
2017-03-24 21:34 - 2017-03-24 21:34 - 57469415 _____ C:\Users\dariu\Downloads\Sound FX Pack.zip
2017-03-24 21:02 - 2017-03-24 21:03 - 28702013 _____ C:\Users\dariu\Downloads\DOMINUS GT UNBOXING WITH 1 CRATE.mp4
2017-03-24 19:50 - 2017-03-24 19:51 - 125890081 _____ C:\Users\dariu\Downloads\DJ Khaled Another one loop 15 minutes.mp4
2017-03-24 19:09 - 2017-03-24 19:09 - 00364939 _____ C:\Users\dariu\Downloads\SMPTE Hd Color Bars - Beep.mp4
2017-03-24 18:28 - 2017-03-24 18:28 - 00027022 _____ C:\Users\dariu\Downloads\kg_what_the_teacher_wants.zip
2017-03-24 18:24 - 2017-03-24 18:24 - 00590307 _____ C:\Users\dariu\Downloads\Steve Carell NO GOD! NO GOD, PLEASE NO, NO, NO, NOOOOO (HD).mp4
2017-03-23 20:53 - 2017-03-23 20:53 - 113001480 _____ (obsproject.com) C:\Users\dariu\Downloads\OBS-Studio-18.0.1-Full-Installer.exe
2017-03-23 20:52 - 2017-03-23 20:52 - 167025023 _____ C:\Users\dariu\Downloads\OBS-Studio-18.0.1-Full.zip
2017-03-21 20:57 - 2017-03-21 20:57 - 01084488 _____ C:\Users\dariu\Downloads\Air-for-Steam-2017-0312.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-20 14:55 - 2016-08-07 22:07 - 04038544 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-20 14:55 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-20 14:54 - 2016-09-20 18:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-20 14:54 - 2016-08-07 22:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-20 06:14 - 2016-09-20 18:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-20 06:13 - 2016-07-16 02:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-04-20 06:09 - 2016-08-08 13:14 - 00000000 ____D C:\Users\dariu\AppData\Local\Adobe
2017-04-20 06:04 - 2017-02-10 17:07 - 00000000 ____D C:\Users\dariu\AppData\Local\CrashDumps
2017-04-20 06:04 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-19 21:24 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-19 21:14 - 2016-08-08 17:10 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-04-19 21:07 - 2016-08-29 19:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-19 21:06 - 2017-02-02 19:19 - 00000000 ____D C:\Users\dariu\AppData\Roaming\obs-studio
2017-04-19 19:44 - 2016-09-20 18:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-18 21:58 - 2016-09-05 17:10 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-04-18 15:35 - 2016-08-07 22:09 - 00000000 ____D C:\Users\dariu\AppData\Roaming\uTorrent
2017-04-17 20:50 - 2016-09-05 17:10 - 00000000 ____D C:\ProgramData\NCH Software
2017-04-17 18:55 - 2017-01-20 16:31 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-17 18:33 - 2016-09-10 09:57 - 00000000 ____D C:\Users\dariu\AppData\Local\ElevatedDiagnostics
2017-04-17 18:04 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration
2017-04-17 18:03 - 2016-09-20 18:04 - 00000000 ____D C:\Users\dariu
2017-04-17 17:53 - 2016-10-05 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-17 17:38 - 2016-08-07 22:04 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-17 17:25 - 2016-11-17 18:41 - 00000000 ____D C:\Users\dariu\AppData\Local\Spotify
2017-04-17 17:22 - 2016-08-14 13:27 - 00000000 ____D C:\Users\dariu\AppData\LocalLow\uTorrent
2017-04-17 17:00 - 2016-11-17 18:40 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Spotify
2017-04-17 09:34 - 2016-09-16 15:45 - 00000000 ____D C:\Users\dariu\AppData\Roaming\discord
2017-04-16 22:42 - 2016-08-08 13:15 - 00000000 ____D C:\Program Files\Adobe
2017-04-13 23:19 - 2016-08-13 11:13 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Skype
2017-04-13 09:55 - 2016-08-08 09:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-13 09:54 - 2016-08-08 09:04 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 08:53 - 2016-08-07 22:38 - 00000000 ___RD C:\Users\dariu\Desktop\Games
2017-04-11 08:51 - 2016-10-05 20:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 08:51 - 2016-10-05 20:11 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 17:14 - 2016-11-06 20:48 - 00000000 ____D C:\Users\dariu\AppData\Roaming\.minecraft
2017-04-10 16:02 - 2017-01-31 22:12 - 00000000 ____D C:\Users\dariu\Downloads\Corsair RGB Profiles
2017-04-09 22:49 - 2016-08-07 22:04 - 00000000 ___RD C:\Users\dariu\OneDrive
2017-04-09 15:55 - 2017-01-26 18:30 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-09 15:55 - 2016-08-07 22:04 - 00002374 _____ C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-08 09:00 - 2016-08-08 09:05 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-07 21:33 - 2016-09-20 18:03 - 05029344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-07 20:47 - 2016-08-07 22:02 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Adobe
2017-04-07 20:44 - 2016-08-08 13:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-04-07 20:37 - 2016-08-08 13:15 - 00001626 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-04-07 18:36 - 2016-08-08 13:16 - 00000000 ____D C:\Users\dariu\Documents\Adobe
2017-04-07 16:10 - 2017-02-17 20:18 - 00000000 ____D C:\Users\dariu\BrawlhallaReplays
2017-04-05 20:22 - 2016-10-05 20:11 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 16:13 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-05 16:12 - 2016-10-05 17:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-04 20:47 - 2016-09-07 20:17 - 00000000 ____D C:\Users\dariu\AppData\Roaming\HpUpdate
2017-04-03 16:09 - 2017-03-10 19:30 - 00003544 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-04-03 16:09 - 2017-03-10 19:30 - 00003408 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-04-03 16:09 - 2017-03-10 19:30 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-04-02 19:54 - 2016-12-26 18:41 - 00000000 ____D C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-02 10:57 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-01 14:52 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 14:52 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-31 19:44 - 2016-08-08 18:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-30 16:12 - 2016-08-07 22:07 - 00000000 ____D C:\Users\dariu\AppData\Local\SquirrelTemp
2017-03-27 15:14 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-25 21:07 - 2016-08-08 13:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-24 13:50 - 2017-01-11 18:51 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-03-24 13:50 - 2016-08-07 22:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-23 22:25 - 2016-08-07 22:21 - 00000000 ____D C:\Users\dariu\AppData\Local\Steam
2017-03-23 20:18 - 2016-08-14 22:27 - 00000000 ____D C:\Users\dariu\Downloads\PopcornTime
2017-03-22 21:45 - 2017-03-19 15:23 - 00000000 ____D C:\Users\dariu\Documents\Sound recordings
 
==================== Files in the root of some directories =======
 
2016-09-05 17:10 - 2016-09-05 17:10 - 0001167 _____ () C:\Users\dariu\AppData\Roaming\trace_FilterInstaller.1.txt
2016-09-05 17:10 - 2016-10-05 20:07 - 0000905 _____ () C:\Users\dariu\AppData\Roaming\trace_FilterInstaller.txt
2016-09-05 17:10 - 2016-10-05 20:07 - 0000000 _____ () C:\Users\dariu\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-10-05 18:40 - 2016-10-05 18:40 - 0000000 _____ () C:\Users\dariu\AppData\Local\run.txt
2016-10-05 18:42 - 2016-10-05 18:42 - 0000001 _____ () C:\Users\dariu\AppData\Local\setupsuccessful.txt
2016-10-05 18:40 - 2016-10-05 18:42 - 0000000 _____ () C:\Users\dariu\AppData\Local\stxtname.txt
2016-09-07 20:17 - 2016-09-07 20:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-20 18:04 - 2016-09-20 18:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-04-17 20:13 - 2017-04-17 20:13 - 0584576 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\DBDQHKVJ.exe
2017-04-17 17:32 - 2017-04-17 17:32 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\dariu\AppData\Local\Temp\fox.exe
2017-04-17 20:16 - 2017-04-17 20:16 - 0404352 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\KMCABRQV.exe
2017-04-17 20:11 - 2017-04-17 20:11 - 0580480 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\MLHCETKZKGWY.exe
2017-04-17 20:13 - 2017-04-17 20:13 - 0539520 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\NUUTYPDABZF.exe
2017-04-17 17:32 - 2017-04-17 17:32 - 2626924 _____ () C:\Users\dariu\AppData\Local\Temp\pi.exe
2017-04-17 20:12 - 2017-04-17 20:12 - 0498560 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\SXUKWT.exe
2017-04-17 20:15 - 2017-04-17 20:15 - 0592768 _____ (Sysinternals - www.sysinternals.com) C:\Users\dariu\AppData\Local\Temp\ZRZCAXON.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-19 16:47
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by dariu (20-04-2017 14:56:10)
Running from C:\Users\dariu\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-20 22:08:09)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1267553863-4023176294-1839226829-500 - Administrator - Disabled)
dariu (S-1-5-21-1267553863-4023176294-1839226829-1001 - Administrator - Enabled) => C:\Users\dariu
DefaultAccount (S-1-5-21-1267553863-4023176294-1839226829-503 - Limited - Disabled)
Guest (S-1-5-21-1267553863-4023176294-1839226829-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
Assassins Creed Syndicate (HKLM-x32\...\Assassins Creed Syndicate_is1) (Version:  - )
Batman Episode 1 (HKLM-x32\...\Batman Episode 1_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version:  - The Behemoth)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blender 2.78 (HKLM\...\Steam App 365670) (Version:  - Blender Foundation)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
Corsair Utility Engine (HKLM-x32\...\{A95A2CA8-D121-4F63-B513-C94AEDDD35C4}) (Version: 2.9.53 - Corsair)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Discord (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Flux) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM\...\Steam App 322170) (Version:  - RobTop Games)
Goat Simulator (HKLM\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Gyazo 3.3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
join.me (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\JoinMe) (Version: 3.1.0.4665 - LogMeIn, Inc.)
League client alpha (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Mac OS X Cursors (HKLM-x32\...\48AEB547-6B1C-4CFC-957B-E11C22C8A25F) (Version: 1.1 - www.46palermo.com)
Magic Bullet Suite v12.0.6 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.0.6 - Red Giant, LLC)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\Steam App 376870) (Version:  - Telltale Games)
Mortal Kombat X (HKLM\...\Steam App 307780) (Version:  - NetherRealm Studios)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nidhogg (HKLM\...\Steam App 94400) (Version:  - Messhof)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Octodad: Dadliest Catch (HKLM\...\Steam App 224480) (Version:  - Young Horses)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7830.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{0c43a6ca-f097-4d9a-9667-876f06aa77ef}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
R.A.T.TE (HKLM\...\{A8AFFB99-8FC9-4B2E-99A1-C3D5D391ADAE}) (Version: 7.0.43.0 - Mad Catz Inc)
R.A.T.TE Game Profiles (HKLM-x32\...\{85CC37AC-5734-4C2F-9779-D6BB5D6CF92C}) (Version: 1.0.0.0 - Mad Catz Inc)
RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version:  - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games)
Scribblenauts Unmasked (HKLM\...\Steam App 249870) (Version:  - 5th Cell Media)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Serato DJ  (HKLM-x32\...\{aab0492e-ad59-454a-8bbd-62a9524306b2}) (Version: 1.9.0.2353 - )
Serato DJ  (x32 Version: 1.9.0.2353 - Serato) Hidden
Serato DJ (HKLM-x32\...\Serato DJ) (Version: 1.9.0 - Serato DJ)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
SpeedRunners (HKLM\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
The Legend of Korra™ (HKLM\...\Steam App 281690) (Version:  - PlatinumGames)
Tomb Raider (HKLM\...\Steam App 203160) (Version:  - Crystal Dynamics)
Trapcode Suite v13.1.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.1.1 - Red Giant, LLC)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version:  - Kristjan Skutta)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WhatsApp (HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\WhatsApp) (Version: 0.2.3699 - WhatsApp)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D7401B8-90E6-4410-91D6-D4124768D3E5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {24586275-959D-48BE-8B7C-A45DEC8F32C2} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe 
Task: {30D0B146-1EED-47AE-9786-8C107B54994C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {357AFE7B-6279-4385-891D-F110EECF214D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {35AD69BF-F2C3-4D6D-B02C-76F418109FF2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4FC1DE13-9F11-4D24-9B10-E260F8528FDE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {58D365ED-FB1F-4082-9448-1F766907F824} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe 
Task: {5CC4C979-33A8-43E2-801D-EE62B176A736} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {6005D199-B39D-4BB4-8565-783E555D4616} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {7FB11FA8-A2A0-407B-8D62-359FAA753BA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: {B84D0034-CA8E-4AC5-84E2-8B2ACC6EB846} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {BEE58566-1F70-4696-B0F0-769997178450} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {C69BA362-4C08-4BB5-A986-F13200DC7882} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {ED4FE7AB-9DB5-4EBD-8253-6C7AED093D5D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-dariuskianersi@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {EE6F7DA4-B1CB-4A59-98DF-5A844A430F31} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\dariu\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {F7BD62A4-AC86-4F84-8676-A09BA861995C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\dariu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\School - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\dariu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\FCPS - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-15 19:37 - 2017-02-23 14:32 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-03-15 19:37 - 2017-02-23 14:32 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-05 20:38 - 2017-03-05 20:31 - 00025600 _____ () D:\Steam Games\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2017-04-19 21:08 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-19 21:08 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-20 18:03 - 2017-02-23 04:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-05 20:30 - 2017-04-09 19:05 - 00731136 _____ () D:\Steam Games\steamapps\common\wallpaper_engine\wallpaper32.exe
2016-09-20 22:00 - 2016-09-20 22:00 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-03-27 15:16 - 2017-02-26 15:32 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-05 20:30 - 2017-04-09 19:05 - 00324608 _____ () D:\Steam Games\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
2016-09-20 22:00 - 2016-09-20 22:00 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2016-09-20 22:00 - 2016-09-20 22:00 - 01475584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll
2015-09-18 11:00 - 2015-09-18 11:00 - 12460032 _____ () C:\Program Files\Mad Catz\R.A.T.TE\Pr0fileEditor_Forms.dll
2015-09-18 11:03 - 2015-09-18 11:03 - 00004096 _____ () C:\Program Files\Mad Catz\R.A.T.TE\en-US\Pr0fileEditor_Forms.resources.dll
2015-09-18 11:03 - 2015-09-18 11:03 - 00007168 _____ () C:\Program Files\Mad Catz\R.A.T.TE\en\Pr0fileEditor_Forms.resources.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00236488 _____ () c:\windows\system32\WerEtw.dll
2017-03-15 19:37 - 2017-02-23 14:32 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-15 19:37 - 2017-02-23 14:32 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-03-15 19:37 - 2017-02-23 14:32 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-05 20:30 - 2017-03-05 20:31 - 67717632 _____ () D:\Steam Games\steamapps\common\wallpaper_engine\bin\libcef.dll
2017-03-05 20:30 - 2017-03-05 20:31 - 01922560 _____ () D:\Steam Games\steamapps\common\wallpaper_engine\bin\libglesv2.dll
2017-03-05 20:30 - 2017-03-05 20:31 - 00079872 _____ () D:\Steam Games\steamapps\common\wallpaper_engine\bin\libegl.dll
2016-08-07 22:21 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-07 22:21 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-07 22:21 - 2017-03-22 20:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-07 22:21 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-07 22:21 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-07 22:21 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-07 22:21 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-07 22:21 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-07 22:21 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-07 22:21 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-07 22:21 - 2017-03-30 18:46 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-07 22:21 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-15 19:37 - 2017-02-23 14:32 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-11 18:13 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\dariu\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 18:18 - 2017-01-11 18:18 - 01082880 _____ () \\?\C:\Users\dariu\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 18:18 - 2017-01-11 18:18 - 03750400 _____ () \\?\C:\Users\dariu\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 18:18 - 2017-01-11 18:18 - 00914432 _____ () \\?\C:\Users\dariu\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 18:18 - 2017-01-11 18:18 - 01127424 _____ () \\?\C:\Users\dariu\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-03-15 19:37 - 2017-02-23 10:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-03-15 19:37 - 2017-02-23 10:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-03-15 19:37 - 2017-02-23 10:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-03-15 19:37 - 2017-02-23 10:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-03-15 19:37 - 2017-02-23 10:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-03-15 19:37 - 2017-02-23 10:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-13 15:59 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-01-11 18:13 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\dariu\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 18:13 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\dariu\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-04-20 14:54 - 2017-04-20 14:54 - 00148992 _____ () \\?\C:\Users\dariu\AppData\Local\Temp\9DAC.tmp.node
2017-01-11 18:18 - 2017-01-11 18:18 - 02658304 _____ () \\?\C:\Users\dariu\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2017-01-12 17:07 - 2017-01-12 17:07 - 00211456 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-01-12 17:07 - 2017-01-12 17:07 - 00037376 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2017-01-12 17:06 - 2017-01-12 17:06 - 00093184 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2016-06-10 10:19 - 2016-06-10 10:19 - 00011264 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2016-06-10 10:19 - 2016-06-10 10:19 - 01990144 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\sharepoint.com -> hxxps://fcps-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-08-08 01:51 - 2017-04-18 16:36 - 00000961 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dariu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_979FC746C9511F6DD10EC7B35E44C58E"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1267553863-4023176294-1839226829-1001\...\StartupApproved\Run: => "peidso"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2FF14369-012D-44EC-A9AA-6393C0DAFDB0}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{87CF3299-480D-4132-8B9B-07E587A0310E}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6C3C4FA4-AF64-404C-9118-D776F294039E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{73012EE4-FA07-41E2-8CEA-EE4C2B5F8765}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{80A1020D-AF7A-4885-A706-5D656E9C2D0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{D32DC326-63B1-49B3-AEC6-525D8677965A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{33506BA2-45C6-4A4B-B26E-4095F0ABE47A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{F68A6F30-2C8E-4F9C-8F23-EF3C01891DB0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [UDP Query User{9444AB4F-4FFE-490F-B40C-29D5561BA487}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7BC7F7AB-389C-4E8D-A418-8288B43917C9}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{B4A68246-C878-4EEA-94B8-EE60D7138920}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0AA1B474-7775-485F-B778-9EE7D23FB22A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6C1A37E-89B6-4CA1-A1DC-6FBEBD9E6514}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{129B2100-D1CD-4E70-8F53-F225EA30C3AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{A494725C-34A2-4074-8BD9-E09E6EC25D97}D:\pirated games\grand theft auto v\gta5.exe] => (Allow) D:\pirated games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{BC63DEE3-8BB2-43B9-922D-A75799733DC1}D:\pirated games\grand theft auto v\gta5.exe] => (Allow) D:\pirated games\grand theft auto v\gta5.exe
FirewallRules: [{38CEEB52-05A9-4FE4-BA81-A00616CD5AC6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{E0EBDBC4-4782-4652-A842-CDE64341E676}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{A71217D8-3CB9-4D54-88B8-28696F60D2D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{50A9F02D-56A9-4526-A12E-845259BC0F0B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{EE8369D9-2881-413C-B67E-42E27FC1D556}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F7DB1A03-C29D-4FAD-9A73-0EAE273F352A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{64141266-BB23-49C5-8586-672715DE5BAC}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{E93A1378-AF7B-41D9-8057-387D3C7CC395}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [{0FBD6614-5507-4F39-84FC-335439825B1C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{6EE2FD03-FF81-459C-ADD6-76CF21A58D07}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{1E13032C-C5FE-4EAA-B3E6-612159497CEB}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe
FirewallRules: [{70F37B0F-A42A-4418-9571-E481E1A9CB50}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{90F28174-02D6-42B3-B850-0CC8AE905AC8}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{08A37065-4814-4BDD-8DE6-B1F7F0F62095}] => (Allow) D:\Steam Games\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{9E0E74E2-1DED-4437-9CE1-4A8E16438A3C}] => (Allow) D:\Steam Games\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{B88D0018-9BFD-4F2B-A299-6215FE0F60FB}] => (Allow) D:\Steam Games\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{72E31AB3-D15D-4373-AABA-C05A7CE44C75}] => (Allow) D:\Steam Games\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{185E4C36-8FC5-4C66-8DF2-4B08C2CACCD0}] => (Allow) D:\Steam Games\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{A9AB197F-80A4-4A88-8CC5-3550DD9836D3}] => (Allow) D:\Steam Games\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{033E45AF-3FE1-465E-AE89-8BD514568BF5}] => (Allow) D:\Steam Games\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1F3CC65B-66EA-4AB2-BA9E-9478427E23DF}] => (Allow) D:\Steam Games\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AD5E2217-8EE2-4CC6-A90B-41742C74809D}] => (Allow) D:\Steam Games\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0DF1D25D-9264-41F4-8078-BA5B9F3CD194}] => (Allow) D:\Steam Games\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3442ABBD-A1C2-4D6B-BF3A-F93ACB372109}] => (Allow) D:\Steam Games\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{DDA5E966-E4F9-44A5-92C4-A45CE176E857}] => (Allow) D:\Steam Games\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{245AEBFC-69DD-4125-B696-385923D0FD72}] => (Allow) D:\Steam Games\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{4EB18F26-5598-4D9E-95CB-91914B10C5F5}] => (Allow) D:\Steam Games\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A9F1DFF6-814E-4710-B36A-3904C0FA1A87}] => (Allow) D:\Steam Games\steamapps\common\The Legend of Korra\LoK.exe
FirewallRules: [{A15EAF67-EDFB-40F6-A86C-2BB877F24157}] => (Allow) D:\Steam Games\steamapps\common\The Legend of Korra\LoK.exe
FirewallRules: [{EAF2824E-3E48-4C85-945A-2CA393019456}] => (Allow) D:\Steam Games\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{287BC736-8077-43EE-8AAE-5C900DD26B0D}] => (Allow) D:\Steam Games\steamapps\common\Minecraft Story Mode - A Telltale Game Series\MinecraftStoryMode.exe
FirewallRules: [{5EB2F438-CD9A-48CA-ABBF-4BB2DB459597}] => (Allow) D:\Steam Games\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{DDD0DB9D-5917-48EB-B347-F52684BF43EB}] => (Allow) D:\Steam Games\steamapps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{8744D6B9-4078-4432-93E7-DDBDD99F151B}] => (Allow) D:\Steam Games\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{5C7A8DDA-E795-404E-A897-68FD96CE20CC}] => (Allow) D:\Steam Games\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{423E51FF-B9EA-4BFF-83CC-85A0FCE34968}] => (Allow) D:\Steam Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{9FD7AF7F-6E23-4CE9-BDD8-DC5FBDF25151}] => (Allow) D:\Steam Games\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{96CE01CC-9985-4F95-A71F-BBB17944D9D4}] => (Allow) D:\Steam Games\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9D161693-EF24-47D7-99CE-92F40715559F}] => (Allow) D:\Steam Games\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{A8D76C3C-F6D6-4569-A3FE-4922D9062F09}] => (Allow) D:\Steam Games\steamapps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{72606C12-C56C-4967-A01D-908C6E8D563E}] => (Allow) D:\Steam Games\steamapps\common\Scribblenauts Unmasked\Scribble.exe
FirewallRules: [{218FFA79-9845-47E4-AF52-ABBD8C037C6E}] => (Allow) D:\Steam Games\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{CD9171A3-3D26-413D-A46C-FE4BC7AC45B8}] => (Allow) D:\Steam Games\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{65961BC6-DAF2-479F-BCC1-74C507961A0C}] => (Allow) D:\Steam Games\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{48C97485-8E92-493E-B5EB-52CE960FA6CD}] => (Allow) D:\Steam Games\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{8756DC1E-026A-433E-B9DC-CC53288424C5}] => (Allow) D:\Steam Games\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{07289D4F-7231-443F-8AE7-F2BF5B43474D}] => (Allow) D:\Steam Games\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{53B8DDFE-DD1E-4550-AED0-9256C565731D}] => (Allow) D:\Steam Games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{6D4EA61A-AD06-4E73-918A-645B6897C1A7}] => (Allow) D:\Steam Games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{E095A1B6-77F5-4F69-A141-7DF3C60A043A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7847472-4276-4AE8-A423-E72339D75635}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C423E5F2-D402-4D5F-B55F-E3C0391FCFE6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{862FBFE6-2B83-4468-9D7D-23348BF178A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2E4EF29C-ECA4-4B7D-8056-5A7B424C6996}] => (Allow) C:\Users\dariu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BC16A7EE-38BD-4A84-8103-2AF948A0689B}] => (Allow) C:\Users\dariu\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9170875A-8067-4B5C-B2BB-96F6ED9B61F2}] => (Allow) C:\Users\dariu\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [TCP Query User{D2863482-6330-4E1D-8E76-9B00A4791BC2}C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Allow) C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe
FirewallRules: [UDP Query User{6B593C5E-8218-4D8E-9957-0953D92A0B7B}C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe] => (Allow) C:\users\dariu\appdata\roaming\utorrent\updates\3.4.8_42576.exe
FirewallRules: [TCP Query User{032E6424-1B8D-49BF-8CCD-D37F86C1969A}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A0C9DB23-FFD2-4555-949C-B4AF2EDB9602}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4694ED9E-DAD0-4D3F-9A3A-0E177F5AEAEE}C:\users\dariu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dariu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E9205630-F58A-4ED6-9DC7-4187C2633C6B}C:\users\dariu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dariu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2572B33-E2D4-4A7E-8083-A5BFD8AAC3D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D88E2057-C69F-4FEF-974E-4A4417A95DB7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D9CF85D-45F3-4BB8-87D1-47B599E16437}] => (Allow) D:\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{62A19897-5840-45BC-99D1-1B2980B3F81A}] => (Allow) D:\Steam Games\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{85665C9F-D0A3-4DB0-AEE8-AFE9884E23DA}D:\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{21E9F7FB-FC8F-4580-B3DB-ABCED6063B47}D:\steam games\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam games\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{C8DAE1BD-950F-4DBA-8446-FDD10B92DC0A}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{0BD371AA-8270-40AE-8BB8-42332719E42D}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{7236CE09-5647-4E4D-B600-6BA8A67957C5}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{6D135673-6656-4B29-9BAB-A1A6382339E6}] => (Allow) D:\Steam Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [TCP Query User{A72F6B42-EFAF-47E3-8A06-FCC78F20C11B}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BD9A5391-8006-401A-B52C-A4DE45F38CF1}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9D5B72B6-E4FC-467E-9665-7665FE9409C1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0C44D98E-8B08-4DD0-A610-85A06195BEA1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{52BA2471-F5F1-4065-9886-249C417B885E}C:\programdata\oracle\java\javapath_target_16419000\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_16419000\java.exe
FirewallRules: [UDP Query User{F3790C43-4394-4603-8E49-395032FD9B8B}C:\programdata\oracle\java\javapath_target_16419000\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_16419000\java.exe
FirewallRules: [{7095F73A-82CA-4D70-B0AD-C1A1FAB65BF2}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C3F67FF7-4064-4C63-975E-69A69E6D8375}] => (Allow) D:\Steam Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{4572AD38-0F23-44AF-91C2-E1FA891C6F6F}] => (Allow) D:\Steam Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{90EADC69-4EA3-45D4-B1B7-41340F4A321B}] => (Allow) D:\Steam Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{AEC57868-614D-4E0E-B0BD-A48FD2343E53}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8839C5F2-C639-450D-AD5D-26ED83B7820D}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{3DB13024-6033-4B70-A87B-A5822FBEAA7B}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EE6C08D5-518E-404A-A622-F9B0D34108E2}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5F3CD00B-D778-4004-AEA1-54FC8EB87533}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{CE6AE00E-7083-471C-9A37-013F1903ADF5}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{B9F702FD-42A8-4AA8-877E-B5A436CED1D2}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9E02C1DD-08CF-4881-BC40-162C68F813E9}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{5D7023E8-C752-405B-9A68-6B7C3690C8E9}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EBD1E509-EC4D-4E8E-905B-93AE3CB8ED7D}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1C070719-5C88-49F4-A40B-DD2823F7D75A}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{077E920C-539B-4528-9658-D28D1D87B600}] => (Allow) D:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{26A8C0BA-285A-48A6-A7BB-C659F9B29263}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{C60AFD61-C544-4BA0-83B2-681680D8DC25}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{8298FC5B-B4CA-42DB-9A2F-A45A6228C208}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F6BA91C2-C9C0-44E4-B518-35A0F91F4945}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{772603A3-57A8-48FA-AD31-AEE977564824}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{98E2BC40-8E72-4481-BEFE-E5F57B354032}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{D40C80CA-29B1-419D-A37E-FE0B0D3CBB15}] => (Allow) D:\Steam Games\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{5EC9410C-270D-482C-9392-3264589BCFC3}] => (Allow) D:\Steam Games\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{2DF069DC-309D-4FB2-9A92-C9483EAF8427}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6C6AFCE9-CE0B-461B-A2C9-FCEF7FE87D59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7A7C3A2B-83CB-4375-B162-9841D676CAE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4124997E-19B4-4E44-B687-1F81398E7776}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10CE306E-7937-48E9-921F-E2E0E3DE3E88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9FB09F9D-CA4D-48F6-8FAC-92A0BC8114E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{170164A0-3D3D-46B1-B122-2BA55168D32F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{542B3712-A644-400D-9EC0-E64DA6A24AB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CA05C17D-92E2-4522-93F1-7A7F7537CA1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2FF002D-A3E0-43BE-9320-A1FB2E13B20C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B9C40544-2292-4665-B5FF-44725ABFEEE8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{70E3BCBB-2C5E-4495-9D46-EF327B133B27}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F8D09B38-BB8A-4CDC-B0C0-43D071070E11}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8AEF5E78-C2F6-4B48-9043-D2B1232D757F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{68820BC8-1CCF-4BA2-92D3-6427C6631876}] => (Allow) D:\Steam Games\steamapps\common\Blender\blender.exe
FirewallRules: [{D0F7477C-7220-4EA9-B9D4-8A3B7A3A306D}] => (Allow) D:\Steam Games\steamapps\common\Blender\blender.exe
FirewallRules: [{BCF3F939-AFFF-4695-B9CC-BDB5709A0F9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{63248A32-B6A9-4E42-BB24-0A8965A6953C}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C68DAE5B-D855-4DD6-A540-009C812CF991}] => (Allow) D:\Steam Games\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{3D155A97-94A6-4A7A-A76C-0C0649DB85A8}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [UDP Query User{D45B1553-AC1E-4310-BFFB-C618F29C92A1}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [TCP Query User{BB296DA7-C542-44CA-B076-06127D31DD7F}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{3D52C264-378A-4BD7-BE05-A1391EF726C3}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [{873BFB80-EE84-4021-ADBC-BB34E2D28B9A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
 
==================== Restore Points =========================
 
16-04-2017 21:58:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-04-2017 18:02:38 Restore Operation
19-04-2017 16:48:14 Malwarebytes Anti-Rootkit Restore Point
20-04-2017 06:06:14 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/20/2017 06:06:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/20/2017 06:04:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: webwallpaper32.exe, version: 0.0.0.0, time stamp: 0x58eabcc8
Faulting module name: MSVCR120.dll, version: 12.0.40660.0, time stamp: 0x577e0f1e
Exception code: 0xc0000409
Fault offset: 0x000a7646
Faulting process id: 0x2e38
Faulting application start time: 0x01d2b9bd775dbf96
Faulting application path: D:\Steam Games\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Report Id: 7c6aeaf3-f236-4d82-ae3b-2965ff852216
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/19/2017 09:41:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/19/2017 09:17:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2017 09:08:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2017 04:48:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/19/2017 04:09:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/19/2017 03:46:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.4.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3874
 
Start Time: 01d2b94122e1615f
 
Termination Time: 60000
 
Application Path: C:\Users\dariu\Desktop\mbar\mbar.exe
 
Report Id: b545fd62-2538-11e7-87d9-d05099acdcd5
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/19/2017 02:57:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x5882001c
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x001f32b0
Faulting process id: 0x2544
Faulting application start time: 0x01d2b93d855339a6
Faulting application path: C:\Users\dariu\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\dariu\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: 0c89df28-d16e-422b-bad8-777c666169ff
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/18/2017 10:04:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5JPONF1)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/20/2017 02:54:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/20/2017 06:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/20/2017 06:14:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/20/2017 06:14:17 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5
 
Error: (04/20/2017 06:13:24 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (04/20/2017 06:12:59 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the NVIDIA LocalSystem Container service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (04/20/2017 06:12:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/20/2017 06:12:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/20/2017 06:12:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wallpaper Engine Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/20/2017 06:12:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-19 21:12:56.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:50:51.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:25:50.430
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:03:05.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:03:05.146
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 22:01:05.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-16 21:59:58.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-04-12 21:28:02.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-04-08 17:12:20.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 23%
Total physical RAM: 16332.16 MB
Available physical RAM: 12547.86 MB
Total Virtual: 18764.16 MB
Available Virtual: 14389.26 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:237.22 GB) (Free:23.07 GB) NTFS
Drive d: (Games) (Fixed) (Total:1863.01 GB) (Free:1174.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 40DB2BEB)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D439EF31)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users