Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox and IE homepages hijacked by dp-search.com when run


  • This topic is locked This topic is locked
1 reply to this topic

#1 Inn0x

Inn0x

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 02 February 2015 - 12:01 AM

Sorry for the multiple posts on the same board. I was given a 503 (I think?) error the first two times so I assumed it hadn't posted

 

Internet explorer and firefox launch to dp-search.com as a home page, rather than keeping the previous tabs like I set them up. Earlier on today I was prompted by IE for permission to change the home page from bing. I denied and said never ask again but IE still got infected. I can change the home page once the browser is running, but when I close it and restart it, the home page is dp-search.com. I've run multiple antivirus programs, from avast, to malwarebytes, to spybot search and destroy. None have picked up the malware. I also encountered a bluescreen earlier today whilst un-installing an unfamiliar software which I thought could be the culprit.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Tim (administrator) on TIM-PC on 02-02-2015 17:46:41
Running from C:\Users\Tim\Downloads
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Waterfox)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\System32\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Genius\ioTablet\TabletService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Genius\ioTablet\gTabletTask.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\Tim\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\puush\puush.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphClient.exe
(Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] => C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-02] (AVAST Software)
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\...\Run: [Spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\...\Run: [f.lux] => C:\Users\Tim\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-12-05] ()
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\...\MountPoints2: {c2f069b3-5286-11e4-9a6f-d0509937a1af} - F:\install.bat
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://dp-search.com/
HKU\S-1-5-21-3656196481-1204675867-2333859331-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3656196481-1204675867-2333859331-1000 -> {4691B5FB-A856-4997-ACF0-0D47F0278A8E} URL = http://dp-search.com/result.php?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: recommended settings
FF Homepage: hxxp://dp-search.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF Plugin HKU\S-1-5-21-3656196481-1204675867-2333859331-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3656196481-1204675867-2333859331-1000: ubisoft.com/uplaypc -> C:\Games\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default\user.js
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\9219j8c3.dev-edition-default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default\searchplugins\SearchDef.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\9219j8c3.dev-edition-default\searchplugins\SearchDef.xml
FF Extension: Ghostery - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default\Extensions\firefox@ghostery.com.xpi [2015-01-24]
FF Extension: Magic Actions for YouTube™ - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-01-24]
FF Extension: Reddit Enhancement Suite - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-01-28]
FF Extension: Adblock Edge - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\mw5v3mwh.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-24]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\9219j8c3.dev-edition-default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-01-29]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\9219j8c3.dev-edition-default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-01-29]
FF Extension: No Name - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\9219j8c3.dev-edition-default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-01-30]
FF Extension: Adblock Edge - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\9219j8c3.dev-edition-default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-02]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-12-06]
CHR Extension: (BetterTTV) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-12-27]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-12]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-10-25]
CHR Extension: (Adblock Plus) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-30]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (MightyText - SMS from PC & Text from PC / Mac) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-12-27]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
CHR Extension: (XKit) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-27]
CHR Extension: (Avast Online Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-02]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-11-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-10-25]
CHR Extension: (FVD Downloader) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-02] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-02] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-01-28] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2015-01-11] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-09] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3493744 2015-01-14] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-31] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-31] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-21] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 TabletService; C:\Genius\ioTablet\TabletService.exe [25600 2012-02-06] () [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-02] ()
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows ® Win 7 DDK provider)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33080 2014-11-10] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [227512 2014-11-10] (Dev47Apps)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65408 2014-10-12] (Etron Technology Inc) [File not signed]
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [94208 2014-10-12] (Etron Technology Inc) [File not signed]
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-11-16] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-10-12] (FNet Co., Ltd.)
R3 ioFakDrv; C:\Windows\System32\DRIVERS\ioFakDrv.sys [23936 2010-12-15] (KYE System Corp.)
R3 ioFakMap; C:\Windows\System32\DRIVERS\ioFakMap.sys [12672 2010-12-15] (KYE System Corp.)
S3 ioTablet; C:\Windows\System32\DRIVERS\ioTablet.sys [35328 2012-04-05] (KYE System Corp.)
S3 ioTblMap; C:\Windows\System32\DRIVERS\ioTblMap.sys [13200 2011-08-25] (KYE System Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-02] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 17:46 - 2015-02-02 17:46 - 00024595 _____ () C:\Users\Tim\Downloads\FRST.txt
2015-02-02 17:46 - 2015-02-02 17:46 - 00000000 ____D () C:\FRST
2015-02-02 17:45 - 2015-02-02 17:46 - 02131456 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2015-02-02 17:10 - 2015-02-02 17:10 - 00014161 _____ () C:\Users\Tim\Downloads\hijackthis.log
2015-02-02 17:06 - 2015-02-02 17:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 17:06 - 2015-02-02 17:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-02 17:06 - 2015-02-02 17:06 - 00001272 _____ () C:\Users\Tim\Desktop\Spybot - Search & Destroy.lnk
2015-02-02 17:06 - 2015-02-02 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-02 17:05 - 2015-02-02 17:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tim\Downloads\HijackThis.exe
2015-02-02 16:50 - 2015-02-02 16:51 - 16409960 _____ (Safer Networking Limited ) C:\Users\Tim\Downloads\spybotsd162.exe
2015-02-02 16:50 - 2015-02-02 16:50 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-02 16:46 - 2015-02-02 16:50 - 00000000 ____D () C:\0ebbc3088e514fa4c29fe0240d1df4
2015-02-02 16:46 - 2015-02-02 16:46 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-02 16:46 - 2015-02-02 16:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-02 16:46 - 2015-02-02 16:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-02 16:38 - 2015-02-02 16:39 - 14087848 _____ (Microsoft Corporation) C:\Users\Tim\Downloads\MSEInstall.exe
2015-02-02 16:24 - 2015-02-02 16:24 - 00000197 _____ () C:\Windows\system32\2015-02-02-03-24-49.068-AvastVBoxSVC.exe-3488.log
2015-02-02 16:23 - 2015-02-02 16:24 - 00275632 _____ () C:\Windows\Minidump\020215-48687-01.dmp
2015-02-02 16:23 - 2015-02-02 16:23 - 729333553 _____ () C:\Windows\MEMORY.DMP
2015-02-02 16:07 - 2015-02-02 16:07 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-02 16:07 - 2015-02-02 16:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-02 16:07 - 2015-02-02 16:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-02 16:07 - 2015-02-02 16:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-02 16:05 - 2015-02-02 16:05 - 00000247 _____ () C:\Windows\system32\2015-02-02-03-05-50.008-aswFe.exe-1032.log
2015-02-02 15:50 - 2015-02-02 16:05 - 00000247 _____ () C:\Windows\system32\2015-02-02-02-50-21.081-aswFe.exe-3544.log
2015-02-02 15:50 - 2015-02-02 15:50 - 00000197 _____ () C:\Windows\system32\2015-02-02-02-50-18.043-AvastVBoxSVC.exe-3340.log
2015-02-02 13:18 - 2015-02-02 13:18 - 00000247 _____ () C:\Windows\system32\2015-02-02-00-18-25.078-aswFe.exe-6480.log
2015-02-02 13:18 - 2015-02-02 13:18 - 00000197 _____ () C:\Windows\system32\2015-02-02-00-18-13.048-AvastVBoxSVC.exe-3436.log
2015-02-02 12:03 - 2015-02-02 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-02-02 12:01 - 2015-02-02 12:01 - 00880784 _____ (Google Inc.) C:\Users\Tim\Downloads\GoogleEarthPluginSetup.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-02 11:38 - 2015-02-02 11:41 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-02-02 11:28 - 2015-02-02 11:30 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-02 11:28 - 2015-02-02 11:30 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-02 11:28 - 2015-02-02 11:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-02 11:28 - 2015-02-02 11:28 - 00001974 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-02 11:28 - 2015-02-02 11:28 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\AVAST Software
2015-02-02 11:28 - 2015-02-02 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-02 11:27 - 2015-02-02 11:28 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-02 11:27 - 2015-02-02 11:28 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-02 11:27 - 2015-02-02 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-02 11:27 - 2015-02-02 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-02 11:27 - 2015-02-02 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-02 11:27 - 2015-02-02 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-02 11:27 - 2015-02-02 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-02 11:27 - 2015-02-02 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-02 11:27 - 2015-02-02 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-02 11:27 - 2015-02-02 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-02 11:26 - 2015-02-02 15:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 11:25 - 2015-02-02 11:25 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 11:25 - 2015-02-02 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 11:25 - 2015-02-02 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 11:25 - 2015-02-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 11:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 11:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 11:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 11:24 - 2015-02-02 11:24 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-02 11:23 - 2015-02-02 11:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 11:22 - 2015-02-02 11:22 - 05006864 _____ (AVAST Software) C:\Users\Tim\Downloads\avast_free_antivirus_setup_online.exe
2015-02-01 19:56 - 2015-02-01 19:56 - 00000000 ____D () C:\Users\Tim\Documents\Assassin's Creed IV Black Flag
2015-02-01 19:50 - 2015-02-01 19:50 - 00001147 _____ () C:\Users\Public\Desktop\Assassins Creed IV Black Flag.lnk
2015-02-01 19:50 - 2015-02-01 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed IV Black Flag
2015-02-01 19:46 - 2015-02-01 19:46 - 00671744 _____ () C:\Users\Tim\Downloads\Detection.msi
2015-02-01 08:36 - 2015-02-01 08:36 - 00000000 ____D () C:\Program Files (x86)\Firefox Developer Edition
2015-01-31 21:11 - 2015-01-31 21:11 - 01533584 _____ () C:\Users\Tim\Downloads\battlelog-web-plugins_2.6.2_157.exe
2015-01-31 17:44 - 2015-01-31 17:44 - 00001543 _____ () C:\Users\Tim\Documents\Arma 3 loadout.txt
2015-01-30 23:07 - 2015-01-30 23:07 - 00184698 _____ () C:\Users\Tim\Downloads\ContinentGenv2.jar
2015-01-30 14:57 - 2015-01-30 14:57 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2015-01-30 14:57 - 2015-01-14 02:26 - 03493744 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-01-30 14:57 - 2004-12-31 01:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-01-30 14:57 - 2003-07-16 10:17 - 00005174 _____ () C:\Windows\SysWOW64\nppt9x.vxd
2015-01-30 14:43 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-30 14:42 - 2015-01-30 14:42 - 00000897 _____ () C:\Users\Public\Desktop\WorldTourFishing.lnk
2015-01-30 14:42 - 2015-01-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesCampus
2015-01-30 14:27 - 2015-01-30 14:28 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\qBittorrent
2015-01-30 14:27 - 2015-01-30 14:27 - 00001057 _____ () C:\Users\Public\Desktop\qBittorrent.lnk
2015-01-30 14:27 - 2015-01-30 14:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\qBittorrent
2015-01-30 14:27 - 2015-01-30 14:27 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2015-01-30 14:24 - 2015-01-30 14:26 - 10876097 _____ (The qBittorrent project) C:\Users\Tim\Downloads\qbittorrent_3.1.11_setup.exe
2015-01-30 13:55 - 2015-01-30 13:55 - 00006868 _____ () C:\console.log
2015-01-30 13:54 - 2015-01-30 13:55 - 02506432 _____ (Reloaded Technologies) C:\Users\Tim\Downloads\World_Tour_Fishing_Downloader.exe
2015-01-30 12:25 - 2015-01-30 12:25 - 00007597 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-01-30 09:47 - 2015-01-30 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-30 09:47 - 2015-01-30 09:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-29 19:28 - 2015-01-29 19:31 - 00001686 _____ () C:\Users\Tim\Desktop\Dragon Age Inquisition.lnk
2015-01-29 19:26 - 2015-01-29 19:26 - 00000000 ____D () C:\Users\Tim\.android
2015-01-29 17:54 - 2015-01-29 17:54 - 00458696 _____ () C:\Users\Tim\Downloads\firefox-37.0a2.en-US.win32.installer-stub.exe
2015-01-29 14:33 - 2015-01-29 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-01-29 14:22 - 2015-01-29 14:22 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2015-01-28 15:08 - 2015-01-22 15:56 - 00000000 ____D () C:\Users\Tim\Downloads\LumaEmu_DLC
2015-01-28 15:08 - 2015-01-22 08:37 - 25574912 _____ (Bohemia Interactive) C:\Users\Tim\Downloads\arma3.exe
2015-01-28 15:08 - 2015-01-22 06:48 - 00000000 ____D () C:\Users\Tim\Downloads\Dta
2015-01-28 15:08 - 2015-01-22 06:48 - 00000000 ____D () C:\Users\Tim\Downloads\Addons
2015-01-28 15:08 - 2015-01-22 06:41 - 00000000 ____D () C:\Users\Tim\Downloads\Launcher
2015-01-28 15:08 - 2015-01-22 06:41 - 00000000 ____D () C:\Users\Tim\Downloads\Dll
2015-01-28 15:08 - 2015-01-22 06:41 - 00000000 ____D () C:\Users\Tim\Downloads\BattlEye
2015-01-28 15:08 - 2015-01-22 06:40 - 00000000 ____D () C:\Users\Tim\Downloads\Kart
2015-01-28 15:08 - 2015-01-22 06:40 - 00000000 ____D () C:\Users\Tim\Downloads\Heli
2015-01-28 15:08 - 2015-01-22 06:40 - 00000000 ____D () C:\Users\Tim\Downloads\Curator
2015-01-28 15:08 - 2015-01-21 19:33 - 23209720 _____ (NVIDIA Corporation) C:\Users\Tim\Downloads\PhysX3Gpu_x86.dll
2015-01-28 15:08 - 2015-01-21 19:33 - 02664696 _____ (NVIDIA Corporation) C:\Users\Tim\Downloads\PhysX3_x86.dll
2015-01-28 15:08 - 2015-01-21 19:31 - 18119496 _____ (Bohemia Interactive) C:\Users\Tim\Downloads\arma3server.exe
2015-01-28 15:08 - 2015-01-21 19:31 - 00261824 _____ (Valve Corporation) C:\Users\Tim\Downloads\vstdlib_s.dll
2015-01-28 15:08 - 2015-01-21 19:29 - 01995512 _____ (NVIDIA Corporation) C:\Users\Tim\Downloads\PhysX3Common_x86.dll
2015-01-28 15:08 - 2015-01-21 19:29 - 00277184 _____ (Valve Corporation) C:\Users\Tim\Downloads\tier0_s.dll
2015-01-28 15:08 - 2015-01-21 19:27 - 00816968 _____ (Bohemia Interactive) C:\Users\Tim\Downloads\arma3launcher.exe
2015-01-28 15:08 - 2015-01-21 19:23 - 00361720 _____ (NVIDIA Corporation) C:\Users\Tim\Downloads\PhysX3Cooking_x86.dll
2015-01-28 15:08 - 2015-01-21 19:23 - 00350400 _____ () C:\Users\Tim\Downloads\Steam.dll
2015-01-28 15:08 - 2014-12-19 11:51 - 00000687 _____ () C:\Users\Tim\Downloads\LumaEmu.ini
2015-01-28 15:08 - 2014-12-16 20:19 - 00709120 _____ (Valve Corporation) C:\Users\Tim\Downloads\steamclient.dll
2015-01-28 15:08 - 2014-12-07 08:52 - 00000225 _____ () C:\Users\Tim\Downloads\update-armaIII.bat
2015-01-28 15:08 - 2014-12-04 18:23 - 00375296 _____ (Valve Corporation) C:\Users\Tim\Downloads\steam_api.dll
2015-01-28 15:08 - 2014-10-24 14:11 - 00106920 _____ (Valve Corporation) C:\Users\Tim\Downloads\ValveAPI.dll
2015-01-28 15:08 - 2013-08-18 15:49 - 00013824 _____ () C:\Users\Tim\Downloads\LumaEmu_SC.dll
2015-01-28 15:08 - 2013-04-21 00:50 - 00155232 _____ () C:\Users\Tim\Downloads\VAC2.dll
2015-01-28 15:08 - 2012-06-15 18:24 - 00003153 _____ () C:\Users\Tim\Downloads\visit-www.nosteam.ro.html
2015-01-28 14:28 - 2015-01-28 14:51 - 276202560 _____ () C:\Users\Tim\Downloads\ARMA-3_patch_v-38.exe
2015-01-28 14:14 - 2015-01-31 17:48 - 00000000 ____D () C:\Users\Tim\Documents\Arma 3
2015-01-28 14:14 - 2015-01-28 14:14 - 00000000 ___SH () C:\Users\Tim\AppData\Local\LumaEmu
2015-01-28 14:13 - 2015-01-31 18:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Arma 3
2015-01-28 14:13 - 2015-01-28 14:13 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2015-01-28 14:03 - 2015-01-28 14:03 - 00001678 _____ () C:\Users\Tim\Desktop\Play ARMA 3.lnk
2015-01-25 23:28 - 2015-01-25 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
2015-01-24 17:19 - 2015-01-30 12:46 - 00000000 ____D () C:\Users\Tim\Documents\Settlers7
2015-01-24 17:13 - 2015-01-24 17:13 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-01-24 17:01 - 2015-01-24 17:01 - 00000000 ____D () C:\Users\Tim\Documents\Skullgirls
2015-01-24 17:01 - 2015-01-24 17:01 - 00000000 ____D () C:\Users\Tim\AppData\Local\SKIDROW
2015-01-24 16:13 - 2015-01-30 17:37 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2015-01-24 16:13 - 2015-01-24 16:13 - 00000000 ____D () C:\Program Files\Waterfox
2015-01-24 16:12 - 2015-01-24 16:12 - 58867704 _____ () C:\Users\Tim\Downloads\Waterfox 35.0 Setup.exe
2015-01-24 15:21 - 2015-01-24 15:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\TheBannerSaga
2015-01-24 00:37 - 2015-01-24 00:37 - 00000847 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Banner Saga.lnk
2015-01-23 21:45 - 2015-01-23 21:45 - 00000000 ____D () C:\Users\Tim\Documents\Telltale Games
2015-01-22 18:20 - 2015-01-22 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-01-21 15:48 - 2015-01-21 15:54 - 00000000 ____D () C:\Users\Tim\Documents\Stronghold
2015-01-20 18:35 - 2015-01-20 18:35 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2015-01-20 18:35 - 2015-01-20 18:25 - 03130440 _____ () C:\Windows\SysWOW64\pbsvc_blr.exe
2015-01-20 10:21 - 2015-01-20 10:21 - 01143808 _____ () C:\Users\Tim\Downloads\TerrariViewer.exe
2015-01-19 12:12 - 2015-01-19 12:12 - 00000000 ____D () C:\ProgramData\RELOADED
2015-01-19 10:40 - 2015-02-02 15:46 - 00696114 _____ () C:\Windows\PFRO.log
2015-01-18 14:04 - 2015-01-18 14:04 - 00262058 _____ () C:\Users\Tim\Downloads\First Person 1_9 BETA 2-49036-1-9.zip
2015-01-17 21:16 - 2015-01-17 21:17 - 00000000 ____D () C:\Users\Tim\Downloads\the_elder_scrolls_v_skyrim___icon_by_j1mb091-d4gg9zv
2015-01-17 21:16 - 2015-01-17 21:16 - 00048378 _____ () C:\Users\Tim\Downloads\the_elder_scrolls_v_skyrim___icon_by_j1mb091-d4gg9zv.zip
2015-01-14 11:02 - 2014-12-19 16:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:02 - 2014-12-19 14:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:02 - 2014-12-12 18:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:02 - 2014-12-12 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:02 - 2014-12-12 18:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:02 - 2014-12-12 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:02 - 2014-12-12 18:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:02 - 2014-12-12 18:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:02 - 2014-12-12 18:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:02 - 2014-12-12 06:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:02 - 2014-12-06 17:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:02 - 2014-12-06 16:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:02 - 2014-12-06 16:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 15:09 - 2015-01-12 15:09 - 00000000 ____D () C:\Crash
2015-01-12 14:52 - 2015-01-12 14:52 - 00000000 ____D () C:\Users\Tim\AppData\Local\SCE
2015-01-12 12:36 - 2015-01-12 12:36 - 00000000 ____D () C:\Users\Tim\AppData\Local\Chromium
2015-01-11 23:42 - 2015-01-11 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-01-11 23:42 - 2015-01-11 23:42 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-01-11 23:41 - 2015-01-11 23:41 - 07878008 _____ (Microsoft Corporation) C:\Users\Tim\Downloads\Xbox360_64Eng.exe
2015-01-11 20:21 - 2015-01-11 20:23 - 32183854 _____ () C:\Users\Tim\Downloads\Venter Loqui - Cold Feet.flac
2015-01-11 20:21 - 2015-01-11 20:23 - 29941823 _____ () C:\Users\Tim\Downloads\Venter Loqui - Storm Song.flac
2015-01-11 20:21 - 2015-01-11 20:23 - 25771515 _____ () C:\Users\Tim\Downloads\Venter Loqui - I Don't Think (ft. Imogen Holmstead-Scott).flac
2015-01-11 20:21 - 2015-01-11 20:23 - 23829420 _____ () C:\Users\Tim\Downloads\Venter Loqui - Take To The Hills.flac
2015-01-10 03:00 - 2015-01-10 03:00 - 00262486 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2015-01-09 15:40 - 2015-01-09 15:41 - 00000000 ____D () C:\Users\Tim\Downloads\Dark Souls HD Texture pack -446-3-0Lite
2015-01-09 15:26 - 2015-01-09 15:26 - 00133126 _____ () C:\Users\Tim\Downloads\Xbox 360 HD Interface Icons-171-1.zip
2015-01-09 15:25 - 2015-01-09 15:25 - 01358858 _____ () C:\Users\Tim\Downloads\Dark Souls - High-Res UI and Subtitles-21-1-211.rar
2015-01-09 15:13 - 2015-01-09 15:13 - 00237007 _____ () C:\Users\Tim\Downloads\DSFix 2.3.1-19-2-3-1.zip
2015-01-09 15:06 - 2015-01-09 15:06 - 00003156 _____ () C:\Windows\System32\Tasks\{A07C9C6B-CC72-4D45-AF8A-7E91F09CA7CB}
2015-01-09 00:36 - 2015-02-02 16:24 - 00000000 ____D () C:\Temp
2015-01-09 00:36 - 2015-01-09 00:36 - 00003482 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Update
2015-01-09 00:36 - 2015-01-09 00:36 - 00003290 _____ () C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2015-01-09 00:36 - 2015-01-09 00:36 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Motorola Mobility
2015-01-09 00:36 - 2015-01-09 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2015-01-09 00:36 - 2015-01-09 00:36 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-09 00:36 - 2015-01-09 00:36 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2015-01-09 00:36 - 2015-01-09 00:36 - 00000000 ____D () C:\Program Files (x86)\Motorola
2015-01-09 00:35 - 2015-01-09 00:35 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Motorola
2015-01-09 00:35 - 2015-01-09 00:35 - 00000000 ____D () C:\Program Files\Motorola Mobility LLC
2015-01-09 00:35 - 2015-01-09 00:35 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2015-01-09 00:33 - 2015-01-09 00:34 - 34236544 _____ (Motorola Mobility) C:\Users\Tim\Downloads\MotorolaDeviceManager_2.5.4.exe
2015-01-07 13:57 - 2015-01-07 13:57 - 01054912 _____ (Adobe) C:\Users\Tim\Downloads\install_flashplayer16x32au_mssd_aaa_aih (1).exe
2015-01-07 12:38 - 2015-01-07 12:38 - 01054912 _____ (Adobe) C:\Users\Tim\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
2015-01-06 10:13 - 2015-01-06 10:14 - 08811721 _____ () C:\Users\Tim\Downloads\mugen100.zip
2015-01-05 21:36 - 2015-01-29 14:33 - 00262852 _____ () C:\Windows\DirectX.log
2015-01-05 14:48 - 2015-02-02 16:23 - 00029527 _____ () C:\Windows\setupact.log
2015-01-05 14:48 - 2015-01-05 14:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 09:56 - 2015-01-05 09:58 - 70031960 _____ (Razer USA Ltd. ) C:\Users\Tim\Downloads\Razer_Mamba_Driver_v2.01.exe
2015-01-04 17:29 - 2014-09-04 17:02 - 00765824 _____ (Razer USA Ltd) C:\Windows\SysWOW64\RzMwApi.dll
2015-01-04 17:27 - 2015-01-04 17:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Razer
2015-01-04 17:25 - 2015-01-04 17:25 - 00000000 ____D () C:\Users\Tim\AppData\Local\Razer_Inc
2015-01-04 17:24 - 2015-01-04 17:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2015-01-04 17:24 - 2014-12-11 09:43 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-01-04 17:24 - 2014-12-10 11:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-01-04 17:23 - 2015-01-05 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-04 17:17 - 2015-01-24 13:50 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-01-04 17:17 - 2015-01-04 17:24 - 00000000 ____D () C:\ProgramData\Razer
2015-01-04 15:40 - 2015-01-21 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-01-04 15:40 - 2015-01-21 15:42 - 00000000 ____D () C:\GOG Games
2015-01-04 15:40 - 2015-01-04 15:42 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Yacht Club Games
2015-01-03 16:03 - 2015-01-03 16:03 - 00001431 _____ () C:\Users\Tim\Downloads\batclient.jnlp
2015-01-03 16:03 - 2015-01-03 16:03 - 00000000 ____D () C:\Users\Tim\batclient
2015-01-03 16:03 - 2015-01-03 16:03 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BatMUD
2015-01-03 12:33 - 2015-01-03 12:33 - 05602222 _____ () C:\Users\Tim\Downloads\Sleepwalking.m4a
2015-01-03 12:15 - 2015-01-03 12:17 - 39281860 _____ () C:\Users\Tim\Downloads\Take To The Hills.aif
2015-01-03 11:01 - 2015-01-03 11:09 - 00000771 _____ () C:\Users\Tim\mudlet-data
2015-01-03 11:00 - 2015-01-03 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mudlet
2015-01-03 11:00 - 2015-01-03 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mudlet
2015-01-03 10:59 - 2015-01-03 11:00 - 11003671 _____ () C:\Users\Tim\Downloads\Mudlet-2.1.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 17:32 - 2014-06-05 16:12 - 02089424 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 17:10 - 2014-10-23 23:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 17:04 - 2014-11-04 07:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 16:45 - 2014-11-01 22:27 - 00004940 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tim-PC-Tim Tim-PC
2015-02-02 16:36 - 2009-07-14 18:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 16:25 - 2014-10-26 20:02 - 00000000 ____D () C:\Users\Tim\AppData\Local\LogMeIn Hamachi
2015-02-02 16:24 - 2014-10-23 23:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 16:24 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 16:23 - 2014-10-12 17:28 - 00000000 ____D () C:\Windows\Minidump
2015-02-02 16:21 - 2014-12-17 12:13 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Adobe
2015-02-02 16:21 - 2014-12-17 12:13 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-02 16:08 - 2014-10-12 12:47 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 16:08 - 2014-10-12 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 16:08 - 2014-10-12 12:47 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 13:18 - 2014-11-26 17:24 - 00000000 ____D () C:\Program Files (x86)\HexChat
2015-02-02 13:16 - 2014-10-12 12:50 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Spotify
2015-02-02 13:15 - 2014-10-12 17:28 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-02-02 12:03 - 2014-10-11 22:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-02 11:51 - 2014-11-10 14:38 - 00000029 _____ () C:\ProgramData\droidcam-settings
2015-02-02 11:43 - 2009-07-14 18:32 - 00000000 ____D () C:\Windows\Performance
2015-02-02 11:24 - 2014-10-12 12:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-01 19:51 - 2014-06-05 21:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 19:50 - 2014-10-13 20:09 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-02-01 19:50 - 2014-10-13 20:09 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-01 19:47 - 2014-06-05 22:33 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-02-01 19:40 - 2014-06-05 22:49 - 00000000 ____D () C:\Games
2015-02-01 19:04 - 2014-06-05 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 21:26 - 2014-11-23 21:27 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-31 21:26 - 2014-10-12 13:53 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-31 21:21 - 2014-10-12 13:53 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-31 21:21 - 2014-06-05 22:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 21:14 - 2014-10-12 14:17 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-31 21:09 - 2014-10-11 22:21 - 00000000 ____D () C:\ProgramData\Origin
2015-01-31 21:09 - 2014-10-11 22:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-31 14:39 - 2014-10-11 22:06 - 00000000 ____D () C:\Users\Tim\Downloads\Torrents
2015-01-31 09:32 - 2014-12-29 20:08 - 00000000 ____D () C:\ProgramData\Codemasters
2015-01-31 09:32 - 2014-10-23 21:52 - 00000000 ____D () C:\Users\Tim\Documents\My Games
2015-01-30 23:52 - 2014-10-12 23:30 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\vlc
2015-01-30 18:23 - 2014-10-12 23:07 - 00000000 ____D () C:\Users\Tim\AppData\Local\Spotify
2015-01-29 19:26 - 2014-06-05 20:41 - 00000000 ____D () C:\Users\Tim
2015-01-29 14:38 - 2009-07-14 18:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 14:35 - 2014-06-05 21:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 14:21 - 2014-12-23 17:40 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-28 17:53 - 2014-06-05 22:56 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent
2015-01-28 14:42 - 2014-10-11 22:30 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-28 13:56 - 2009-07-14 17:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 13:56 - 2009-07-14 17:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 13:51 - 2014-11-26 17:24 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\HexChat
2015-01-27 17:42 - 2014-11-26 19:46 - 00000000 ____D () C:\Users\Tim\AppData\Local\ArmA 2 OA
2015-01-27 17:04 - 2014-11-26 19:46 - 00000000 ____D () C:\Users\Tim\Documents\ArmA 2
2015-01-26 18:14 - 2014-11-07 22:35 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-26 14:55 - 2014-10-18 20:55 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-25 23:31 - 2014-10-11 23:04 - 00000000 ____D () C:\Users\Tim\Documents\BioWare
2015-01-25 23:13 - 2014-10-20 20:56 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Foxit Software
2015-01-25 21:32 - 2014-12-15 02:20 - 00000132 _____ () C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-01-25 17:04 - 2014-11-04 07:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 17:04 - 2014-10-11 22:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 17:04 - 2014-10-11 22:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 18:20 - 2014-11-26 19:46 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-01-22 10:11 - 2014-10-12 14:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\PunkBuster
2015-01-21 16:02 - 2014-10-12 13:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-21 13:44 - 2014-10-12 23:05 - 00000000 ____D () C:\Users\Tim\AppData\Local\Warframe
2015-01-20 19:56 - 2014-11-23 18:35 - 00000000 ____D () C:\Users\Tim\AppData\Local\Skyrim
2015-01-19 12:13 - 2014-11-23 17:12 - 00000000 ____D () C:\Users\Tim\Documents\4a games
2015-01-19 12:12 - 2014-11-23 21:17 - 00000000 ____D () C:\Users\Tim\AppData\Local\4A Games
2015-01-19 10:57 - 2014-11-15 23:53 - 00022455 _____ () C:\Users\Tim\Documents\Internet Usage.xlsx
2015-01-18 22:34 - 2014-10-16 16:44 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Mumble
2015-01-18 15:49 - 2014-11-23 21:01 - 00000000 ____D () C:\Users\Tim\Documents\Nexus Mod Manager
2015-01-17 16:58 - 2014-10-17 22:30 - 00000000 ____D () C:\Program Files (x86)\Mumble
2015-01-15 02:30 - 2014-06-05 22:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 02:24 - 2014-06-05 22:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 20:07 - 2014-11-04 17:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Audacity
2015-01-14 11:32 - 2014-10-28 07:08 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-11 16:51 - 2014-12-29 20:44 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-01-10 22:53 - 2014-11-27 14:01 - 00000000 ____D () C:\Users\Tim\Documents\Klei
2015-01-09 15:08 - 2014-12-16 01:01 - 00000000 ____D () C:\Program Files (x86)\ReClock
2015-01-06 09:29 - 2009-07-14 17:45 - 00461544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-05 21:46 - 2014-10-11 23:45 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Raptr
2015-01-05 16:46 - 2014-10-20 19:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\.minecraft
2015-01-05 10:23 - 2014-06-05 20:43 - 00119640 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 09:49 - 2014-10-18 20:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\TS3Client
2015-01-03 22:44 - 2015-01-01 21:06 - 00000000 ____D () C:\Users\Tim\Documents\Euro Truck Simulator 2
2015-01-03 13:44 - 2014-12-29 21:57 - 00000000 ____D () C:\Users\Tim\Documents\SART
 
==================== Files in the root of some directories =======
 
2014-12-15 02:20 - 2015-01-25 21:32 - 0000132 _____ () C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-28 21:51 - 2014-12-28 21:53 - 0001456 _____ () C:\Users\Tim\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-22 11:47 - 2014-12-22 11:47 - 0003584 _____ () C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-28 14:14 - 2015-01-28 14:14 - 0000000 ___SH () C:\Users\Tim\AppData\Local\LumaEmu
2014-12-01 17:41 - 2014-12-01 17:41 - 0001723 _____ () C:\Users\Tim\AppData\Local\recently-used.xbel
2015-01-30 12:25 - 2015-01-30 12:25 - 0007597 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-11-10 14:38 - 2015-02-02 11:51 - 0000029 _____ () C:\ProgramData\droidcam-settings
2014-11-29 22:30 - 2014-11-29 22:30 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Tim\jagex_cl_oldschool_LIVE.dat
C:\Users\Tim\jagex_cl_runescape_LIVE.dat
C:\Users\Tim\jagex_cl_runescape_LIVE1.dat
C:\Users\Tim\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\redrogue.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 10:53
 
==================== End Of Log ============================

Attached Files


Edited by Inn0x, 02 February 2015 - 02:16 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:33 PM

Posted 02 February 2015 - 02:35 PM

This is a duplicate Topic and will now be closed.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users