Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Browser.exe Re-installs Itself


  • Please log in to reply
53 replies to this topic

#31 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 28 August 2014 - 05:48 PM

I know this company.Ok go there C:\Users\Ian\AppData\LocalLow\fnmpzji.dll

Send it to Virus Total.

Thank you!



BC AdBot (Login to Remove)

 


#32 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 28 August 2014 - 05:50 PM

Similar problem like yours have another two users here.



#33 1ian20

1ian20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:04:43 PM

Posted 28 August 2014 - 06:20 PM

I know this company.Ok go there C:\Users\Ian\AppData\LocalLow\fnmpzji.dll

Send it to Virus Total.

Thank you!

What if Norton has quarantined the file? Should I restore it and then scan it?



#34 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 28 August 2014 - 07:05 PM

Keep it there.Easy to restore it later if you have software from this company installed.Post the results from kaspersky Virus removal tool after scan is over and close it with X and will uninstall by itself.

 

Thank you!


Edited by Alex&Vanko, 28 August 2014 - 07:06 PM.


#35 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:43 PM

Posted 29 August 2014 - 05:57 AM

You mean this:
Malware _____________________________________________________________________
   C:\Users\Ian\AppData\LocalLow\fnmpzji.dll -> PendingDelete
      Size . . . . . . . : 326,656 bytes
      Age  . . . . . . . : 15.8 days (2014-08-11 22:53:49)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : D1588CD67B0E7629E3E0FA459050C5DCEAA5D44746EE8991243F436608A6CEA5
      Product  . . . . . : Borland Package Library
      Publisher  . . . . : Borland Software Corporation
      Description  . . . : Core Delphi VCL IDE Package
      Version  . . . . . : 7.0.4.453
      Copyright  . . . . : Copyright © 2001 Borland Software Corporation
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Trojan.GenericKD.1803017
 
I don`t think this is.Maybe false positive.

Not a false positive: https://www.virustotal.com/en/file/d1588cd67b0e7629e3e0fa459050c5dceaa5d44746ee8991243f436608a6cea5/analysis/
 
Also, browser.exe is not malicious (it's from Google, not a trick), it is just being used by malware which I believe was removed earlier. If it is not running currently and chrome pages are not coming up then there is nothing to worry about on that front.
 
Also;
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files. I would change any passwords on a clean computer.
 
xXToffeeXx~


Edited by xXToffeeXx, 29 August 2014 - 05:58 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#36 1ian20

1ian20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:04:43 PM

Posted 29 August 2014 - 06:14 AM

Keep it there.Easy to restore it later if you have software from this company installed.Post the results from kaspersky Virus removal tool after scan is over and close it with X and will uninstall by itself.

 

Thank you!

Well, I am not sure what happened. I left my computer on to run the scan and I woke up on my password screen. I entered my password and Kaspersky crashed and I couldn't even download the logs. So that is a fail on my part. Sorry Alex. I am assuming if there were threats it would've already deleted them so running the scan again would be pointless unless you would like me to run it again.


 

You mean this:
Malware _____________________________________________________________________
   C:\Users\Ian\AppData\LocalLow\fnmpzji.dll -> PendingDelete
      Size . . . . . . . : 326,656 bytes
      Age  . . . . . . . : 15.8 days (2014-08-11 22:53:49)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : D1588CD67B0E7629E3E0FA459050C5DCEAA5D44746EE8991243F436608A6CEA5
      Product  . . . . . : Borland Package Library
      Publisher  . . . . : Borland Software Corporation
      Description  . . . : Core Delphi VCL IDE Package
      Version  . . . . . : 7.0.4.453
      Copyright  . . . . : Copyright © 2001 Borland Software Corporation
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Trojan.GenericKD.1803017
 
I don`t think this is.Maybe false positive.

Not a false positive: https://www.virustotal.com/en/file/d1588cd67b0e7629e3e0fa459050c5dceaa5d44746ee8991243f436608a6cea5/analysis/
 
Also, browser.exe is not malicious (it's from Google, not a trick), it is just being used by malware which I believe was removed earlier. If it is not running currently and chrome pages are not coming up then there is nothing to worry about on that front.
 
Also;
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files. I would change any passwords on a clean computer.
 
xXToffeeXx~

 

Oh no! I had a bad feeling. Based on what Alex has graciously done for me, do you think it has been successfully cleaned off?


Edited by 1ian20, 29 August 2014 - 09:32 AM.


#37 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:43 PM

Posted 29 August 2014 - 08:37 AM

Oh no! I had a bad feeling. Based on what Alex has graciously done fore me, do you think it has been successfully cleaned off?

I think in the end after all has been done, then yes it will be cleaned off.

 

Alex, please run ESET Online Scanner eventually. It is a very good program for making sure everything is clean.

 

xXToffeeXx~


Edited by xXToffeeXx, 29 August 2014 - 08:37 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#38 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 29 August 2014 - 02:57 PM

Thanks for report from Virus Total xXToffeeXx~ :thumbup2:

Kaspersky no definition for this so no need to run again.I said nonsense yesterday Norton hit this dll but I forgot.

 

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

 

Please download Sophos Virus Removal Tool HERE and save it to your desktop.
* NOTE : It is a very large file so it may take some time to download.
* Be sure to read and follow the instructions on that same page for installing and performing a scan.
* If anything threats are detected, they will show in the Scan Results with an option to click a Details... button for more information.
* Click on the Start clean up button to allow removal of all threats found and reboot the computer when done.
* A log file should have been created...copy and paste the results in your next reply.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
-- Vista, Windows 7, 2008: C:\Program Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

 

Note: Do not forget to re-enable your antivirus application after running the above scan!

 

Thank you!


 



#39 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 29 August 2014 - 03:05 PM

Sophos you need to install as a program.



#40 1ian20

1ian20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:04:43 PM

Posted 29 August 2014 - 09:47 PM

Just a quick update, I am running ESET and it detected a Trojan. This scan is taking forever but it's worth it. The Trojan is "a variant of Win32/Poweliks. A Trojan"

 

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ac9616fece1fe6459a8088286941c552
# engine=19909
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-30 04:01:53
# local_time=2014-08-30 12:01:53 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 0 159947409 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 160914763 0 0
# scanned=902392
# found=1
# cleaned=1
# scan_time=23776
sh=AC99D1997FDA3B5D4DCDBA04926E5C502C1064C7 ft=1 fh=bdf5f2c4ec506fc5 vn="a variant of Win32/Poweliks.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\pr0.dll"
 


Edited by 1ian20, 30 August 2014 - 12:29 AM.


#41 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 30 August 2014 - 05:30 AM

What about dllhosts?Are they many as previous time?

Thank you!



#42 1ian20

1ian20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:04:43 PM

Posted 30 August 2014 - 03:16 PM

No sir! Sometimes there are 3 or less but not 20 like before. I do notice that my RAM is about 25% used at idle but I suppose that is normal. I will run that other scan today or tonight and post the results. :)
Thanks!

#43 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 30 August 2014 - 03:19 PM

Ok.Yes i also thin it is normal.



#44 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:43 AM

Posted 30 August 2014 - 05:03 PM

Hello,

 

Based on the latest report from Eset I think that it's a good idea to check a little deeper for malware leftovers.

Poweliks is well-known to hide in the registry.

 

I know that FRST is not allowed here but I'd like to check something so please do the following:

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#45 1ian20

1ian20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:04:43 PM

Posted 31 August 2014 - 04:25 AM

Hello,

 

Based on the latest report from Eset I think that it's a good idea to check a little deeper for malware leftovers.

Poweliks is well-known to hide in the registry.

 

I know that FRST is not allowed here but I'd like to check something so please do the following:

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi

This is not the first time I have ran it so all I have is the FRST.txt file. So here it is :) Also, I have not ran the Sophos tool yet because it causes system lag and I am using my computer quite often. I will run that when I am away sometime, sorry about that.

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by Ian (administrator) on IAN-PC on 31-08-2014 05:21:33
Running from C:\Users\Ian\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
(TeamSpeak Systems GmbH) C:\Users\Ian\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [347648 2007-07-12] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2007-07-12] (Saitek)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3352636534-4167380895-1669575766-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3352636534-4167380895-1669575766-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-3352636534-4167380895-1669575766-1000\...\Run: [ProviderGravity] => C:\Windows\system32\rundll32.exe "C:\Users\Ian\AppData\Local\ProviderGravity\ProviderGravity.dll",DllRegisterServer <===== ATTENTION
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
ShortcutTarget: PowerStrip.lnk -> C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7CF96931A6A5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\ldxn3loj.default
FF Homepage: hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-08-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140829.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140830.003\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140830.003\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 PStrip64; C:\Windows\System32\drivers\pstrip64.sys [13008 2006-09-30] ()
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-02] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2007-07-12] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [40832 2007-07-12] (Saitek)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 catchme; \??\C:\combofix\catchme.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 05:21 - 2014-08-31 05:23 - 00018666 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-08-31 05:20 - 2014-08-31 05:20 - 02103808 _____ (Farbar) C:\Users\Ian\Desktop\FRST64.exe
2014-08-30 01:32 - 2014-08-30 01:32 - 00003195 _____ () C:\Users\Ian\Desktop\Sophos Virus Removal Tool.lnk
2014-08-30 01:32 - 2014-08-30 01:32 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-08-30 01:32 - 2014-08-30 01:32 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-30 01:32 - 2014-08-30 01:32 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-30 01:30 - 2014-08-30 01:30 - 94949928 _____ (Sophos Limited) C:\Users\Ian\Desktop\Sophos Virus Removal Tool.exe
2014-08-30 00:13 - 2014-08-30 00:13 - 00000156 _____ () C:\Users\Ian\Desktop\eset.txt
2014-08-29 17:23 - 2014-08-29 17:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 17:22 - 2014-08-29 17:22 - 02347384 _____ (ESET) C:\Users\Ian\Desktop\esetsmartinstaller_enu.exe
2014-08-28 22:31 - 2014-08-28 22:33 - 159428216 _____ () C:\Users\Ian\Desktop\setup_11.0.3.7.x01_2014_08_28_05_43.exe
2014-08-28 18:08 - 2014-08-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 18:05 - 2014-08-28 18:11 - 00000000 ____D () C:\Users\Ian\AppData\Local\ArmaAddonSync2009
2014-08-28 18:05 - 2014-08-28 18:05 - 00000000 ____D () C:\Users\Ian\AppData\Local\Yoma_Tools
2014-08-28 18:04 - 2014-08-28 18:04 - 00002613 _____ () C:\Users\Public\Desktop\Addon Sync 2009.lnk
2014-08-28 18:04 - 2014-08-28 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YomaTools
2014-08-28 18:04 - 2014-08-28 18:04 - 00000000 ____D () C:\Program Files (x86)\YomaTools
2014-08-28 17:04 - 2014-08-28 17:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-28 16:58 - 2014-08-31 04:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 16:58 - 2014-08-28 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-28 16:57 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 16:57 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 16:57 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 22:16 - 2014-08-27 22:16 - 00001026 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-08-27 21:23 - 2014-08-27 21:23 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-27 21:23 - 2014-08-27 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-27 21:23 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-27 21:23 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-27 21:23 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-27 21:23 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-27 20:55 - 2014-08-27 20:55 - 00000000 _____ () C:\Users\Ian\taskList.txt
2014-08-27 20:47 - 2014-08-27 21:45 - 00000000 ____D () C:\Users\Ian\Desktop\Anti Malware
2014-08-27 20:03 - 2014-08-27 20:03 - 00027793 _____ () C:\ComboFix.txt
2014-08-27 19:22 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-27 19:22 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-27 19:22 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-27 19:22 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-27 19:22 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-27 19:22 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-27 19:22 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-27 19:22 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-27 19:21 - 2014-08-27 20:04 - 00000000 ____D () C:\Qoobox
2014-08-27 19:21 - 2014-08-27 20:00 - 00000000 ____D () C:\Windows\erdnt
2014-08-27 18:09 - 2014-08-27 18:09 - 00000212 _____ () C:\Windows\system32\.crusader
2014-08-27 17:42 - 2014-08-27 18:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-27 17:42 - 2014-08-27 17:42 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-27 17:35 - 2014-08-27 18:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 17:35 - 2014-08-27 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 17:35 - 2014-08-27 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 17:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 17:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-27 17:34 - 2014-08-27 17:35 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Malwarebytes
2014-08-27 17:34 - 2014-08-27 17:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 17:34 - 2014-08-27 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-27 17:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-27 17:25 - 2014-08-27 17:25 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 16:00 - 2014-08-27 16:00 - 93640059 _____ () C:\Users\Ian\Desktop\%Quarintine%.rar
2014-08-26 18:50 - 2014-08-27 17:14 - 00000000 ____D () C:\AdwCleaner
2014-08-26 18:50 - 2014-07-02 13:26 - 01346519 _____ () C:\adwcleaner_3.214.exe
2014-08-26 18:29 - 2014-08-27 12:14 - 00000000 ____D () C:\Users\Ian\AppData\Local\LogMeIn Rescue Applet
2014-08-26 13:55 - 2014-08-26 13:55 - 00033973 _____ () C:\Users\Ian\Downloads\Addition.txt
2014-08-26 13:54 - 2014-08-31 05:21 - 00000000 ____D () C:\FRST
2014-08-26 13:54 - 2014-08-26 13:55 - 00053991 _____ () C:\Users\Ian\Downloads\FRST.txt
2014-08-26 13:53 - 2014-08-26 13:54 - 02103296 _____ (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2014-08-24 00:56 - 2014-08-24 01:02 - 245941847 _____ () C:\Users\Ian\Desktop\DD.wmv
2014-08-24 00:49 - 2014-08-24 00:49 - 00020504 _____ () C:\Users\Ian\Desktop\DD.veg
2014-08-21 19:07 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 19:07 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 19:07 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 19:07 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 19:07 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 19:06 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 19:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 19:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 19:06 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 19:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 19:06 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 19:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 19:06 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 19:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 02:54 - 2014-08-17 02:54 - 00000133 _____ () C:\Users\Ian\Desktop\playlist.m3u
2014-08-17 02:51 - 2014-08-17 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-17 02:50 - 2014-08-17 02:51 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\DVDVideoSoft
2014-08-17 02:50 - 2014-08-17 02:51 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-17 02:47 - 2014-08-17 02:47 - 05730039 _____ () C:\Users\Ian\Desktop\Untitled.mp3.wma
2014-08-17 01:34 - 2014-08-17 01:34 - 00015353 _____ () C:\Users\Ian\Desktop\New Text Document
2014-08-16 03:02 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:02 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:02 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:02 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:02 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:02 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:01 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:01 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:19 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 22:19 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 22:19 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 22:19 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 22:19 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 22:19 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 22:19 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 22:19 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 22:19 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 22:19 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 22:19 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 22:19 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 22:19 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 22:19 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 22:19 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 22:19 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 22:19 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 22:19 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 22:19 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 22:19 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 22:19 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 22:19 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 22:19 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 22:19 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 22:19 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 22:19 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 22:19 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 22:19 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 22:19 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 22:19 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 22:19 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 22:19 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 22:19 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 22:19 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 22:19 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 22:19 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 22:19 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 22:19 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 22:19 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 22:19 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 22:19 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 22:19 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 22:19 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 22:19 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 22:19 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 22:19 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 22:19 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 22:19 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 22:19 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 22:19 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 22:19 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 22:19 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 22:19 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 22:19 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 22:19 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 22:19 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 22:19 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 22:19 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 22:19 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 22:19 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 22:19 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 22:19 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 22:19 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 22:19 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 22:19 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 22:19 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 22:19 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 22:19 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 22:18 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 22:18 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 22:18 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 22:18 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 06:54 - 2014-08-14 06:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-08-12 19:00 - 2014-08-12 19:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-09 23:03 - 2014-08-09 23:03 - 00850444 _____ () C:\Users\Ian\Desktop\Test.jps
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Easy2Convert
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\Program Files (x86)\Easy2Convert Software
2014-08-08 22:10 - 2014-08-16 14:54 - 01195779 _____ () C:\Users\Ian\Desktop\Untitled-1.psd
2014-08-08 16:29 - 2014-08-08 16:29 - 00000000 ____D () C:\Users\Ian\Desktop\DZMS-DayZMissionSystem-master
2014-08-08 01:32 - 2014-08-09 18:14 - 00000000 ____D () C:\Users\Ian\Desktop\DayZ.ST
2014-08-07 23:44 - 2014-08-07 23:44 - 00001336 _____ () C:\Users\Public\Desktop\DayZ Commander.lnk
2014-08-07 23:44 - 2014-08-07 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-08-07 19:17 - 2014-08-07 19:17 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Sling Media
2014-08-07 19:16 - 2014-08-07 19:16 - 00000000 ____D () C:\Program Files (x86)\Sling Media
2014-08-06 22:41 - 2014-08-06 22:44 - 00000000 ____D () C:\Users\Ian\Desktop\DAyz files
2014-08-06 17:52 - 2014-08-06 17:52 - 00000000 ____D () C:\Users\Ian\Desktop\Epoch TRacker
2014-08-05 03:04 - 2014-08-05 03:04 - 00044032 _____ () C:\Users\Ian\Desktop\dayz trader editor-by zelik.exe
2014-08-02 14:35 - 2014-08-09 17:37 - 00000000 ____D () C:\Users\Ian\Desktop\DaRT
2014-08-01 23:26 - 2014-08-02 14:36 - 00000000 ____D () C:\Users\Ian\AppData\Local\DomiStyle
2014-08-01 23:25 - 2014-08-01 23:24 - 01140605 _____ () C:\Users\Ian\Desktop\DaRT.zip
2014-08-01 19:18 - 2014-08-01 19:18 - 00000000 ____D () C:\Users\Ian\AppData\Local\PboM
2014-08-01 19:15 - 2014-08-11 19:10 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-01 19:15 - 2014-08-01 19:16 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Notepad++
2014-08-01 19:15 - 2014-08-01 19:15 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-01 19:15 - 2014-08-01 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-01 19:07 - 2014-08-01 19:07 - 00003031 _____ () C:\Users\Ian\Desktop\PBOManager v.1.4 beta.lnk
2014-08-01 19:07 - 2014-08-01 19:07 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
2014-08-01 19:07 - 2014-08-01 19:07 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 05:23 - 2014-08-31 05:21 - 00018666 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-08-31 05:23 - 2013-08-30 13:58 - 00000021 _____ () C:\Users\Ian\AppData\Roaming\config_data.dat
2014-08-31 05:21 - 2014-08-26 13:54 - 00000000 ____D () C:\FRST
2014-08-31 05:20 - 2014-08-31 05:20 - 02103808 _____ (Farbar) C:\Users\Ian\Desktop\FRST64.exe
2014-08-31 05:14 - 2013-08-31 12:18 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps
2014-08-31 05:11 - 2014-06-18 13:51 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{74011027-166E-4738-AB90-42D92455778D}
2014-08-31 04:39 - 2014-08-28 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 04:33 - 2013-09-04 16:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 04:17 - 2013-12-20 20:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-31 03:00 - 2013-08-30 13:10 - 01972496 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 23:12 - 2013-08-31 02:49 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\TS3Client
2014-08-30 23:04 - 2013-12-22 18:41 - 00000000 ____D () C:\Users\Ian\AppData\Local\ArmA 2 OA
2014-08-30 18:33 - 2013-09-04 16:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 16:54 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 16:54 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 16:48 - 2013-10-27 15:59 - 00012870 _____ () C:\Users\Ian\AppData\Roaming\PStrip.ini
2014-08-30 16:48 - 2013-08-31 02:48 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Skype
2014-08-30 16:46 - 2013-10-28 13:29 - 00012870 _____ () C:\Users\Ian\AppData\Roaming\PStrip.bak
2014-08-30 16:46 - 2013-08-30 13:58 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Corsair
2014-08-30 16:45 - 2013-08-30 13:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-30 16:45 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 16:45 - 2009-07-14 00:51 - 00169138 _____ () C:\Windows\setupact.log
2014-08-30 01:42 - 2013-10-28 13:29 - 00012870 _____ () C:\Users\Ian\AppData\Roaming\PStrip.bk!
2014-08-30 01:41 - 2013-10-29 06:59 - 00012870 _____ () C:\Users\Ian\AppData\Roaming\PStrip.bko
2014-08-30 01:32 - 2014-08-30 01:32 - 00003195 _____ () C:\Users\Ian\Desktop\Sophos Virus Removal Tool.lnk
2014-08-30 01:32 - 2014-08-30 01:32 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-08-30 01:32 - 2014-08-30 01:32 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-30 01:32 - 2014-08-30 01:32 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-30 01:30 - 2014-08-30 01:30 - 94949928 _____ (Sophos Limited) C:\Users\Ian\Desktop\Sophos Virus Removal Tool.exe
2014-08-30 00:13 - 2014-08-30 00:13 - 00000156 _____ () C:\Users\Ian\Desktop\eset.txt
2014-08-29 17:23 - 2014-08-29 17:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-29 17:22 - 2014-08-29 17:22 - 02347384 _____ (ESET) C:\Users\Ian\Desktop\esetsmartinstaller_enu.exe
2014-08-29 06:42 - 2013-09-29 00:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-29 03:19 - 2013-10-06 21:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-29 03:19 - 2009-07-14 01:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-29 03:19 - 2009-07-14 00:45 - 00307176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:33 - 2014-08-28 22:31 - 159428216 _____ () C:\Users\Ian\Desktop\setup_11.0.3.7.x01_2014_08_28_05_43.exe
2014-08-28 18:11 - 2014-08-28 18:05 - 00000000 ____D () C:\Users\Ian\AppData\Local\ArmaAddonSync2009
2014-08-28 18:08 - 2014-08-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 18:05 - 2014-08-28 18:05 - 00000000 ____D () C:\Users\Ian\AppData\Local\Yoma_Tools
2014-08-28 18:04 - 2014-08-28 18:04 - 00002613 _____ () C:\Users\Public\Desktop\Addon Sync 2009.lnk
2014-08-28 18:04 - 2014-08-28 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YomaTools
2014-08-28 18:04 - 2014-08-28 18:04 - 00000000 ____D () C:\Program Files (x86)\YomaTools
2014-08-28 17:19 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Ian\Desktop\F-16 Arishow
2014-08-28 17:04 - 2014-08-28 17:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-28 16:58 - 2014-08-28 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-28 16:58 - 2013-08-30 13:53 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-28 16:58 - 2013-08-30 13:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-28 07:13 - 2013-09-08 00:55 - 03835904 ___SH () C:\Users\Ian\Desktop\Thumbs.db
2014-08-27 22:16 - 2014-08-27 22:16 - 00001026 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-08-27 21:45 - 2014-08-27 20:47 - 00000000 ____D () C:\Users\Ian\Desktop\Anti Malware
2014-08-27 21:39 - 2010-11-20 23:47 - 00473022 _____ () C:\Windows\PFRO.log
2014-08-27 21:24 - 2014-03-18 17:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-27 21:23 - 2014-08-27 21:23 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-27 21:23 - 2014-08-27 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-27 21:23 - 2014-03-18 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-27 21:20 - 2014-06-03 02:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-27 21:15 - 2014-04-26 17:11 - 00000000 ____D () C:\Users\Ian\Desktop\A77 Pics
2014-08-27 21:14 - 2013-09-08 01:29 - 00007601 _____ () C:\Users\Ian\AppData\Local\Resmon.ResmonCfg
2014-08-27 21:04 - 2013-08-31 03:15 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-08-27 21:03 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-27 20:55 - 2014-08-27 20:55 - 00000000 _____ () C:\Users\Ian\taskList.txt
2014-08-27 20:55 - 2013-08-30 13:18 - 00000000 ____D () C:\Users\Ian
2014-08-27 20:04 - 2014-08-27 19:21 - 00000000 ____D () C:\Qoobox
2014-08-27 20:03 - 2014-08-27 20:03 - 00027793 _____ () C:\ComboFix.txt
2014-08-27 20:03 - 2014-04-22 17:40 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-27 20:03 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-27 20:00 - 2014-08-27 19:21 - 00000000 ____D () C:\Windows\erdnt
2014-08-27 19:49 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-27 18:48 - 2014-08-27 17:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 18:13 - 2014-08-27 17:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-27 18:09 - 2014-08-27 18:09 - 00000212 _____ () C:\Windows\system32\.crusader
2014-08-27 17:42 - 2014-08-27 17:42 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-27 17:35 - 2014-08-27 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 17:35 - 2014-08-27 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 17:35 - 2014-08-27 17:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Malwarebytes
2014-08-27 17:35 - 2014-08-27 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 17:35 - 2014-08-27 17:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-27 17:25 - 2014-08-27 17:25 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 17:14 - 2014-08-26 18:50 - 00000000 ____D () C:\AdwCleaner
2014-08-27 16:00 - 2014-08-27 16:00 - 93640059 _____ () C:\Users\Ian\Desktop\%Quarintine%.rar
2014-08-27 12:14 - 2014-08-26 18:29 - 00000000 ____D () C:\Users\Ian\AppData\Local\LogMeIn Rescue Applet
2014-08-27 01:49 - 2012-09-28 19:53 - 00000000 ____D () C:\N360_BACKUP
2014-08-26 21:28 - 2014-04-29 20:11 - 00000000 ____D () C:\Users\Ian\AppData\Local\NPE
2014-08-26 21:12 - 2014-04-29 20:16 - 00000000 ____D () C:\NPE
2014-08-26 17:42 - 2013-09-07 19:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-26 13:55 - 2014-08-26 13:55 - 00033973 _____ () C:\Users\Ian\Downloads\Addition.txt
2014-08-26 13:55 - 2014-08-26 13:54 - 00053991 _____ () C:\Users\Ian\Downloads\FRST.txt
2014-08-26 13:54 - 2014-08-26 13:53 - 02103296 _____ (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2014-08-26 13:05 - 2010-11-20 23:24 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-08-24 19:59 - 2013-10-27 15:56 - 00000000 ____D () C:\Program Files (x86)\PowerStrip
2014-08-24 01:02 - 2014-08-24 00:56 - 245941847 _____ () C:\Users\Ian\Desktop\DD.wmv
2014-08-24 00:49 - 2014-08-24 00:49 - 00020504 _____ () C:\Users\Ian\Desktop\DD.veg
2014-08-22 22:07 - 2014-08-28 16:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 16:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 16:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 19:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-19 06:54 - 2013-08-31 02:48 - 00000000 ____D () C:\ProgramData\Skype
2014-08-17 02:54 - 2014-08-17 02:54 - 00000133 _____ () C:\Users\Ian\Desktop\playlist.m3u
2014-08-17 02:51 - 2014-08-17 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-17 02:51 - 2014-08-17 02:50 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\DVDVideoSoft
2014-08-17 02:51 - 2014-08-17 02:50 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-17 02:47 - 2014-08-17 02:47 - 05730039 _____ () C:\Users\Ian\Desktop\Untitled.mp3.wma
2014-08-17 01:34 - 2014-08-17 01:34 - 00015353 _____ () C:\Users\Ian\Desktop\New Text Document
2014-08-16 14:54 - 2014-08-08 22:10 - 01195779 _____ () C:\Users\Ian\Desktop\Untitled-1.psd
2014-08-16 04:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:01 - 2014-05-06 23:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 06:54 - 2014-08-14 06:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-08-14 06:49 - 2013-12-13 07:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-08-14 06:49 - 2013-12-12 23:41 - 00002440 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-08-14 06:49 - 2013-08-30 13:59 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-14 06:49 - 2013-08-30 13:58 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-12 19:00 - 2014-08-12 19:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-11 19:10 - 2014-08-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-09 23:03 - 2014-08-09 23:03 - 00850444 _____ () C:\Users\Ian\Desktop\Test.jps
2014-08-09 18:14 - 2014-08-08 01:32 - 00000000 ____D () C:\Users\Ian\Desktop\DayZ.ST
2014-08-09 17:37 - 2014-08-02 14:35 - 00000000 ____D () C:\Users\Ian\Desktop\DaRT
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Easy2Convert
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
2014-08-08 22:33 - 2014-08-08 22:33 - 00000000 ____D () C:\Program Files (x86)\Easy2Convert Software
2014-08-08 22:32 - 2013-08-30 13:58 - 00069256 _____ () C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 16:29 - 2014-08-08 16:29 - 00000000 ____D () C:\Users\Ian\Desktop\DZMS-DayZMissionSystem-master
2014-08-07 23:44 - 2014-08-07 23:44 - 00001336 _____ () C:\Users\Public\Desktop\DayZ Commander.lnk
2014-08-07 23:44 - 2014-08-07 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-08-07 22:14 - 2013-10-20 00:56 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-07 22:14 - 2013-09-01 02:00 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-07 22:14 - 2013-09-01 02:00 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-07 22:13 - 2013-09-01 02:29 - 00000000 ____D () C:\ProgramData\Origin
2014-08-07 22:13 - 2013-09-01 02:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-07 19:17 - 2014-08-07 19:17 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Sling Media
2014-08-07 19:16 - 2014-08-07 19:16 - 00000000 ____D () C:\Program Files (x86)\Sling Media
2014-08-06 22:44 - 2014-08-06 22:41 - 00000000 ____D () C:\Users\Ian\Desktop\DAyz files
2014-08-06 22:06 - 2014-08-15 22:18 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 22:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 17:52 - 2014-08-06 17:52 - 00000000 ____D () C:\Users\Ian\Desktop\Epoch TRacker
2014-08-06 15:44 - 2013-08-30 14:15 - 00000000 ____D () C:\Users\Ian\AppData\Local\TeamSpeak 3 Client
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-05 03:04 - 2014-08-05 03:04 - 00044032 _____ () C:\Users\Ian\Desktop\dayz trader editor-by zelik.exe
2014-08-02 14:36 - 2014-08-01 23:26 - 00000000 ____D () C:\Users\Ian\AppData\Local\DomiStyle
2014-08-01 23:24 - 2014-08-01 23:25 - 01140605 _____ () C:\Users\Ian\Desktop\DaRT.zip
2014-08-01 19:18 - 2014-08-01 19:18 - 00000000 ____D () C:\Users\Ian\AppData\Local\PboM
2014-08-01 19:16 - 2014-08-01 19:15 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Notepad++
2014-08-01 19:15 - 2014-08-01 19:15 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-01 19:15 - 2014-08-01 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-01 19:07 - 2014-08-01 19:07 - 00003031 _____ () C:\Users\Ian\Desktop\PBOManager v.1.4 beta.lnk
2014-08-01 19:07 - 2014-08-01 19:07 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
2014-08-01 19:07 - 2014-08-01 19:07 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta

Files to move or delete:
====================
C:\Users\Ian\jagex_cl_oldschool_LIVE.dat
C:\Users\Ian\jagex_cl_runescape_LIVE.dat
C:\Users\Ian\random.dat

Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-29 03:49

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users