Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by Exhalation (administrator) on RAFAL on 25-07-2014 16:03:56 Running from G:\ Platform: Windows 8 Pro (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ( ) C:\Users\Exhalation\Downloads\Farbar-Recovery-Scan-Tool(46164).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-01-31] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [452608 2013-01-28] (Realtek Semiconductor Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [882176 2014-01-28] (Vitzo) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] () HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-05-30] (NCSOFT Corporation) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-06-12] (VMware, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-17] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2217388944-3831791737-893644498-1001\...\Run: [GoogleChromeAutoLaunch_EAF4019870FBFC211560BCD13F3413A7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.) HKU\S-1-5-21-2217388944-3831791737-893644498-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2217388944-3831791737-893644498-1001\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\chomikbox.exe [6033408 2014-03-11] ( ) HKU\S-1-5-21-2217388944-3831791737-893644498-1001\...\Run: [LoL Summoner Information] => C:\Program Files (x86)\LSI\LoLSummonerInfo.exe [20261888 2014-07-18] () HKU\S-1-5-21-2217388944-3831791737-893644498-1001\...\MountPoints2: {817f1ce6-f4bc-11e3-be76-240a64e9f04e} - "G:\AutoRun.exe" HKU\S-1-5-21-2217388944-3831791737-893644498-1001\...\MountPoints2: {8a63d890-ee4b-11e3-be74-240a64e9f04e} - "E:\FF7_v1.0.5.exe" HKU\S-1-5-21-2217388944-3831791737-893644498-1002\...\MountPoints2: {8f4337f4-d485-11e3-be66-806e6f6e6963} - "D:\CDSetup.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-28] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-03-28] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe () Startup: C:\Users\Exhalation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\Exhalation\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC27BD5029568CF01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: deal2Dealit -> {B5BC2A24-CD19-2CEE-0BD6-53DD46482948} -> C:\ProgramData\deal2Dealit\8KebtIDL.x64.dll () BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @ncsoft.com/Plugin - C:\Program Files (x86)\plaync\NCPlugin\npncllm3.dll (NCSOFT Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-17] Chrome: ======= CHR HomePage: hxxp://www.sweet-page.com/?type=hp&ts=1399321749&from=cor&uid=HGSTXHTS541075A9E680_JD12021W05K6TK05K6TKX CHR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1399321749&from=cor&uid=HGSTXHTS541075A9E680_JD12021W05K6TK05K6TKX" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (NCSOFT Login Launcher Module) - C:\Program Files (x86)\plaync\NCPlugin\npncllm3.dll (NCSOFT Corporation) CHR Plugin: (thriXXX WebLaunch) - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Quick Sidebar) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd [2014-07-25] CHR Extension: (Dokumenty Google) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-05] CHR Extension: (Dysk Google) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-05] CHR Extension: (Krople deszczu) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil [2014-05-05] CHR Extension: (YouTube) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-05] CHR Extension: (Striker Manager) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmachfiimeggafocgeldapnchdnoiib [2014-05-06] CHR Extension: (Szukaj w Google) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-05] CHR Extension: (jQuerify) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmifchmngifmadobkcpijhhldeeelkc [2014-06-29] CHR Extension: (AdBlock) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-05] CHR Extension: (avast! Online Security) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-18] CHR Extension: (Top Eleven) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-05-06] CHR Extension: (Google Wallet) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-05] CHR Extension: (Quick start) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-25] CHR Extension: (Gmail) - C:\Users\Exhalation\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-05] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-17] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [39424 2012-12-07] () [File not signed] R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99664 2013-03-04] (ELAN Microelectronics Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5226672 2014-01-22] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-10] () R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed] R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-17] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-17] () R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-04-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-04-22] (BitDefender LLC) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-08] (Disc Soft Ltd) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [524360 2013-01-30] (Realtek Semiconductor Corporation) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1544704 2013-03-12] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-11] (Duplex Secure Ltd.) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) U3 a1rec1jq; C:\Windows\System32\Drivers\a1rec1jq.sys [0 ] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-25 16:03 - 2014-07-25 16:03 - 00000000 ____D () C:\FRST 2014-07-25 15:53 - 2014-07-25 15:53 - 02074524 _____ () C:\Users\Exhalation\Downloads\FRST64.exe 2014-07-25 15:53 - 2014-07-25 15:53 - 01082964 _____ () C:\Users\Exhalation\Downloads\FRST.exe 2014-07-25 15:52 - 2014-07-25 15:52 - 00000614 _____ () C:\DelFix.txt 2014-07-25 15:50 - 2014-07-25 15:50 - 00776656 _____ ( ) C:\Users\Exhalation\Downloads\Farbar-Recovery-Scan-Tool(46164).exe 2014-07-25 15:47 - 2014-07-25 15:47 - 00001078 _____ () C:\Windows\system32\netcfg-171718.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-180250.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-179890.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-179015.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-178843.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-167718.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000132 _____ () C:\Windows\system32\netcfg-189984.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-25 15:46 - 2014-07-25 15:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-25 15:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-23 00:44 - 2014-07-23 00:46 - 1701350195 _____ () C:\Users\Exhalation\Downloads\ConflictOnline[SL] v1.265.rar 2014-07-23 00:33 - 2014-07-25 01:57 - 00000000 ____D () C:\ProgramData\Solidshield 2014-07-23 00:23 - 2014-07-23 00:23 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-07-23 00:14 - 2014-07-23 00:14 - 00000000 ____D () C:\Users\Exhalation\Documents\Square Enix 2014-07-23 00:09 - 2014-07-23 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix 2014-07-22 23:50 - 2014-07-25 01:58 - 00000000 ____D () C:\bdac9cbf73796bf83651679213fd 2014-07-22 23:50 - 2014-07-22 23:50 - 00000000 ____D () C:\Program Files (x86)\Square Enix 2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\My Games 2014-07-22 17:07 - 2014-07-22 17:07 - 00001155 _____ () C:\Users\Public\Desktop\Civilization 5.lnk 2014-07-22 17:07 - 2014-07-22 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization 5 2014-07-22 16:56 - 2014-07-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Games 2014-07-22 03:17 - 2014-07-22 03:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2014-07-21 14:21 - 2014-07-21 14:21 - 00015910 _____ () C:\Users\Exhalation\Downloads\[kickass.to]crossfaith.discography.2006.2013.mp3.320kbps.littlefairyrg.tinker.torrent 2014-07-21 13:48 - 2014-07-21 13:48 - 00578950 _____ () C:\Users\Exhalation\Downloads\rsadowski3.htm 2014-07-20 18:02 - 2014-07-20 18:05 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\RIFT 2014-07-20 18:02 - 2014-07-20 18:02 - 00000000 ____D () C:\Users\Exhalation\Documents\RIFT 2014-07-20 17:56 - 2014-07-20 17:56 - 00001853 _____ () C:\Users\Exhalation\Desktop\RIFT.lnk 2014-07-20 17:54 - 2014-07-20 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2014-07-20 17:54 - 2014-07-20 17:54 - 00000939 _____ () C:\Users\Exhalation\Desktop\Glyph.lnk 2014-07-20 17:54 - 2014-07-20 17:54 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Glyph 2014-07-20 17:53 - 2014-07-20 17:56 - 00000000 ____D () C:\Program Files (x86)\Glyph 2014-07-20 17:53 - 2014-07-20 17:53 - 00000000 ____D () C:\ProgramData\Glyph 2014-07-20 17:52 - 2014-07-20 17:53 - 31195760 _____ (Trion Worlds Inc.) C:\Users\Exhalation\Downloads\GlyphInstall-0-1.exe 2014-07-20 04:46 - 2014-07-20 04:46 - 00000424 _____ () C:\Users\Exhalation\Downloads\url (1).htm 2014-07-20 04:45 - 2014-07-20 04:45 - 00000465 _____ () C:\Users\Exhalation\Downloads\url.htm 2014-07-19 03:29 - 2014-07-19 03:29 - 00000079 _____ () C:\Users\Exhalation\Downloads\theblast (1).pls 2014-07-18 13:39 - 2014-07-18 13:39 - 00001078 _____ () C:\Windows\system32\netcfg-157750.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-165109.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-164984.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-164359.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-164218.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-156984.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000132 _____ () C:\Windows\system32\netcfg-168781.txt 2014-07-17 19:39 - 2014-07-25 02:05 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-17 19:39 - 2014-07-17 19:39 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\AVAST Software 2014-07-17 19:39 - 2014-07-17 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-17 19:38 - 2014-07-25 02:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-17 19:38 - 2014-07-17 19:39 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-17 19:38 - 2014-07-17 19:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-17 19:37 - 2014-07-17 19:37 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-17 19:37 - 2014-07-17 19:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-17 19:35 - 2014-07-17 19:35 - 00019523 _____ () C:\Users\Exhalation\Downloads\[kickass.to]windows.all.in.one.pre.activated.excellent.torrent 2014-07-17 19:35 - 2014-07-17 19:35 - 00001190 _____ () C:\Windows\system32\netcfg-410109.txt 2014-07-17 19:35 - 2014-07-17 19:35 - 00000161 _____ () C:\Windows\system32\netcfg-415687.txt 2014-07-17 19:35 - 2014-07-17 19:35 - 00000161 _____ () C:\Windows\system32\netcfg-408609.txt 2014-07-17 19:35 - 2014-07-17 19:35 - 00000132 _____ () C:\Windows\system32\netcfg-410593.txt 2014-07-17 19:35 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2014-07-17 19:35 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2014-07-17 19:35 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2014-07-17 19:35 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2014-07-17 19:34 - 2014-07-17 19:35 - 00000132 _____ () C:\Windows\system32\netcfg-405656.txt 2014-07-17 19:34 - 2014-07-17 19:34 - 00002127 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk 2014-07-17 19:34 - 2014-07-17 19:34 - 00001190 _____ () C:\Windows\system32\netcfg-404953.txt 2014-07-17 19:34 - 2014-07-17 19:34 - 00001024 _____ () C:\Windows\SysWOW64\%TMP% 2014-07-17 19:34 - 2014-07-17 19:34 - 00000157 _____ () C:\Windows\system32\netcfg-393265.txt 2014-07-17 19:34 - 2014-07-17 19:34 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-17 19:34 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2014-07-17 19:34 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2014-07-17 19:34 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2014-07-17 19:34 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2014-07-17 19:34 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2014-07-17 19:33 - 2014-07-17 19:34 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-17 19:33 - 2014-07-17 19:33 - 04862664 _____ (AVAST Software) C:\Users\Exhalation\Downloads\avast_free_antivirus_setup_online.exe 2014-07-17 19:32 - 2014-07-17 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2014-07-17 19:32 - 2014-07-17 19:32 - 00000000 ____D () C:\Program Files\Common Files\VMware 2014-07-17 19:31 - 2014-07-25 15:45 - 00000000 ____D () C:\ProgramData\VMware 2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines 2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\Program Files (x86)\VMware 2014-07-16 19:14 - 2014-07-16 19:14 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-15 16:12 - 2014-07-19 21:07 - 00065536 _____ () C:\Users\Exhalation\Desktop\Pokemon Ruby.sav 2014-07-15 16:12 - 2014-07-19 21:07 - 00037335 _____ () C:\Users\Exhalation\Desktop\Pokemon Ruby1.sgm 2014-07-15 15:52 - 2014-07-15 15:52 - 04860240 _____ () C:\Users\Exhalation\Downloads\Pokemon Ruby.zip 2014-07-15 15:52 - 2003-03-21 02:57 - 16777216 _____ () C:\Users\Exhalation\Desktop\Pokemon Ruby.gba 2014-07-15 15:51 - 2014-07-15 15:51 - 00698056 _____ ( ) C:\Users\Exhalation\Downloads\CR_Downloader_dla_pokemon-ruby.exe 2014-07-15 15:51 - 2014-07-15 15:51 - 00698056 _____ ( ) C:\Users\Exhalation\Downloads\CR_Downloader_dla_pokemon-ruby (1).exe 2014-07-15 15:50 - 2014-07-19 21:07 - 00002066 _____ () C:\Users\Exhalation\Desktop\vba.ini 2014-07-15 15:50 - 2014-07-15 15:50 - 00659797 _____ () C:\Users\Exhalation\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2014-07-15 15:50 - 2005-10-01 14:08 - 01974352 _____ (None) C:\Users\Exhalation\Desktop\VisualBoyAdvance.exe 2014-07-15 13:03 - 2014-07-15 13:05 - 27885441 _____ () C:\Users\Exhalation\Downloads\BoL (1).rar 2014-07-15 00:08 - 2014-07-15 00:12 - 515132968 _____ (VMware, Inc.) C:\Users\Exhalation\Downloads\VMware-workstation-full-10.0.3-1895310.exe 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Scripts VM 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Framework 4.5 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Firefox + Scripts 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Dxtory 2.0 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\B0T 2014-07-15 00:06 - 2014-02-24 21:30 - 00000348 _____ () C:\Users\Exhalation\Desktop\ClearPageFileAtShutdown.reg 2014-07-15 00:06 - 2014-01-17 18:06 - 00001191 ____R () C:\Users\Exhalation\Desktop\game.cfg 2014-07-15 00:05 - 2014-07-15 00:06 - 01824807 _____ () C:\Users\Exhalation\Downloads\EmuB0T[2.07.2014].rar 2014-07-12 00:48 - 2014-07-12 00:48 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\OTLand 2014-07-11 03:52 - 2014-07-11 03:52 - 00702261 _____ () C:\Users\Exhalation\Downloads\Scripts_mpgh.net.rar 2014-07-11 00:45 - 2014-07-12 04:08 - 00000007 _____ () C:\Windows\core32.dll 2014-07-11 00:45 - 2014-07-11 00:45 - 00222814 _____ () C:\Users\Exhalation\Downloads\WinRAP v1.25.zip 2014-07-10 05:02 - 2014-07-10 05:03 - 00000000 ____D () C:\Users\Exhalation\Documents\XenoBot 2014-07-10 05:02 - 2014-07-10 05:02 - 06915384 _____ () C:\Users\Exhalation\Downloads\xeno351(10.36)+crack.zip 2014-07-10 05:02 - 2014-07-10 05:02 - 00000954 _____ () C:\Users\Public\Desktop\Injector.exe.lnk 2014-07-10 05:02 - 2014-07-10 05:02 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\MSDrvCfg 2014-07-10 05:02 - 2014-07-10 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XenoBot 2014-07-10 05:02 - 2014-07-10 05:02 - 00000000 ____D () C:\Program Files (x86)\XenoBot 2014-07-10 04:42 - 2014-07-16 04:54 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\Tibia 2014-07-10 04:25 - 2014-07-10 04:25 - 00000963 _____ () C:\Users\Public\Desktop\Tibia.lnk 2014-07-10 04:25 - 2014-07-10 04:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia 2014-07-10 04:25 - 2014-07-10 04:25 - 00000000 ____D () C:\Program Files (x86)\Tibia 2014-07-10 04:24 - 2014-07-14 02:19 - 00152576 _____ (OTLand) C:\Users\Exhalation\Downloads\ipchanger.exe 2014-07-10 04:24 - 2014-07-10 04:25 - 36250382 _____ (CipSoft GmbH ) C:\Users\Exhalation\Downloads\tibia1036.exe 2014-07-08 05:09 - 2014-07-08 05:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-08 05:07 - 2014-07-08 05:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-07-08 05:07 - 2014-07-08 05:07 - 00000000 ____D () C:\Windows\PCHEALTH 2014-07-08 05:07 - 2014-07-08 05:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-08 05:06 - 2014-07-08 05:10 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-08 05:06 - 2014-07-08 05:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-07-08 05:06 - 2014-07-08 05:06 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Microsoft Help 2014-07-08 05:06 - 2014-07-08 05:06 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-07-08 05:06 - 2014-07-08 05:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-07-08 02:59 - 2014-07-08 02:59 - 00000000 __RHD () C:\MSOCache 2014-07-07 03:07 - 2014-07-07 03:07 - 00623844 _____ () C:\Users\Exhalation\Downloads\nightwolf-Conquistador.zip 2014-07-03 20:00 - 2014-07-03 20:01 - 119378190 _____ () C:\Users\Exhalation\Downloads\PokeEvo16 (4).exe 2014-07-03 14:08 - 2014-07-03 14:08 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Intel_Corporation 2014-07-03 05:40 - 2014-07-03 05:40 - 00000000 ____D () C:\Users\Exhalation\Documents\C9 2014-07-03 05:37 - 2014-07-03 05:37 - 00001158 _____ () C:\Users\Exhalation\Desktop\C9.lnk 2014-07-03 05:37 - 2014-07-03 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9 2014-07-03 05:21 - 2014-07-03 05:21 - 00000000 ____D () C:\Program Files (x86)\WEBZEN 2014-07-03 04:50 - 2014-07-03 04:50 - 00000079 _____ () C:\Users\Exhalation\Downloads\theblast.pls 2014-07-03 03:47 - 2014-07-03 03:47 - 05534160 _____ () C:\Users\Exhalation\Downloads\C9_Downloader.exe 2014-07-03 03:47 - 2014-07-03 03:47 - 05534160 _____ () C:\Users\Exhalation\Downloads\C9_Downloader (1).exe 2014-07-03 03:47 - 2014-07-03 03:47 - 00000000 ____D () C:\ProgramData\WEBZEN 2014-07-03 03:44 - 2014-07-03 03:44 - 00015112 _____ () C:\Users\Exhalation\Downloads\201304_C9_GP_Full.torrent 2014-07-03 01:05 - 2014-07-03 01:05 - 00272535 _____ () C:\Users\Exhalation\Downloads\Blood Money.zip 2014-07-03 01:04 - 2014-07-03 01:04 - 00287031 _____ () C:\Users\Exhalation\Downloads\Grand Larceny.zip 2014-07-02 16:50 - 2014-07-02 16:50 - 00487063 _____ () C:\Users\Exhalation\Downloads\nightwolf-pos_ladies_night_5.zip 2014-07-02 16:49 - 2014-07-02 16:49 - 00490199 _____ () C:\Users\Exhalation\Downloads\nightwolf-leftovers.zip 2014-07-01 02:16 - 2014-07-01 02:16 - 00992401 _____ () C:\Users\Exhalation\Downloads\ElophantClient.zip 2014-06-29 15:25 - 2014-06-29 15:25 - 00000979 _____ () C:\Users\Public\Desktop\Winamp.lnk 2014-06-29 15:25 - 2014-06-29 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-06-29 15:24 - 2014-07-25 02:00 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\Winamp 2014-06-29 15:24 - 2014-06-29 15:25 - 00000000 ____D () C:\Program Files (x86)\Winamp 2014-06-29 15:24 - 2014-06-29 15:24 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Exhalation\Downloads\winamp5666_full_all.exe 2014-06-29 13:28 - 2014-07-17 21:27 - 00000000 ____D () C:\ProgramData\deal2Dealit 2014-06-25 00:51 - 2014-06-25 00:51 - 00001078 _____ () C:\Windows\system32\netcfg-135437.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-151796.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-150406.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-150375.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-129578.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000132 _____ () C:\Windows\system32\netcfg-154875.txt ==================== One Month Modified Files and Folders ======= 2014-07-25 16:04 - 2014-05-08 16:27 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\PMB Files 2014-07-25 16:03 - 2014-07-25 16:03 - 00000000 ____D () C:\FRST 2014-07-25 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-07-25 15:58 - 2014-05-05 20:59 - 01745008 _____ () C:\Windows\WindowsUpdate.log 2014-07-25 15:53 - 2014-07-25 15:53 - 02074524 _____ () C:\Users\Exhalation\Downloads\FRST64.exe 2014-07-25 15:53 - 2014-07-25 15:53 - 01082964 _____ () C:\Users\Exhalation\Downloads\FRST.exe 2014-07-25 15:52 - 2014-07-25 15:52 - 00000614 _____ () C:\DelFix.txt 2014-07-25 15:50 - 2014-07-25 15:50 - 00776656 _____ ( ) C:\Users\Exhalation\Downloads\Farbar-Recovery-Scan-Tool(46164).exe 2014-07-25 15:50 - 2014-05-05 20:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2217388944-3831791737-893644498-1001 2014-07-25 15:49 - 2014-05-06 01:28 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\TS3Client 2014-07-25 15:47 - 2014-07-25 15:47 - 00001078 _____ () C:\Windows\system32\netcfg-171718.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-180250.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-179890.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-179015.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-178843.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000139 _____ () C:\Windows\system32\netcfg-167718.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000132 _____ () C:\Windows\system32\netcfg-189984.txt 2014-07-25 15:47 - 2014-07-25 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-07-25 15:47 - 2014-07-25 15:46 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-25 15:47 - 2014-05-19 20:21 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-07-25 15:46 - 2014-06-05 09:04 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-07-25 15:46 - 2014-05-19 20:22 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\LogMeIn Hamachi 2014-07-25 15:45 - 2014-07-17 19:31 - 00000000 ____D () C:\ProgramData\VMware 2014-07-25 15:45 - 2014-06-17 20:10 - 00000302 _____ () C:\Windows\Tasks\Start Battery Optimizer for Rafal@Exhalation.job 2014-07-25 15:45 - 2014-05-05 22:15 - 00000498 ____H () C:\Windows\Tasks\SN.Booster-S-014941198.job 2014-07-25 15:45 - 2014-05-05 21:07 - 00099344 _____ () C:\Users\Exhalation\AppData\Local\BTServer.log 2014-07-25 15:45 - 2014-05-05 21:06 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-25 15:44 - 2014-05-05 21:05 - 00000000 ____D () C:\ProgramData\Realtek 2014-07-25 15:44 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-25 15:43 - 2014-05-06 00:32 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-25 15:43 - 2014-05-05 21:07 - 00001292 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-25 15:43 - 2014-05-05 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-25 15:43 - 2014-05-05 20:51 - 00000999 _____ () C:\Users\Exhalation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-25 15:43 - 2014-05-05 20:50 - 00000000 ____D () C:\Users\Exhalation 2014-07-25 15:30 - 2014-05-08 16:27 - 00000000 ____D () C:\ProgramData\PMB Files 2014-07-25 15:11 - 2014-05-05 21:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-25 04:19 - 2014-05-05 22:02 - 00000000 ____D () C:\Users\Exhalation\Desktop\Football Manager 2014 2014-07-25 02:05 - 2014-07-17 19:39 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-25 02:04 - 2014-07-17 19:38 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-25 02:04 - 2014-06-08 05:38 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\ChomikBox 2014-07-25 02:04 - 2014-06-08 05:38 - 00000000 ____D () C:\Users\Exhalation\.gstreamer-0.10 2014-07-25 02:00 - 2014-06-29 15:24 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\Winamp 2014-07-25 02:00 - 2014-05-05 22:19 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\Azureus 2014-07-25 02:00 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-07-25 01:59 - 2014-06-08 01:32 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-07-25 01:59 - 2014-06-05 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus 2014-07-25 01:59 - 2014-05-05 21:04 - 00000000 ____D () C:\ProgramData\Bigfoot Networks 2014-07-25 01:58 - 2014-07-22 23:50 - 00000000 ____D () C:\bdac9cbf73796bf83651679213fd 2014-07-25 01:57 - 2014-07-23 00:33 - 00000000 ____D () C:\ProgramData\Solidshield 2014-07-25 01:57 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration 2014-07-24 23:05 - 2014-06-21 16:21 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\BOL 2014-07-23 11:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-07-23 00:46 - 2014-07-23 00:44 - 1701350195 _____ () C:\Users\Exhalation\Downloads\ConflictOnline[SL] v1.265.rar 2014-07-23 00:31 - 2014-05-05 22:14 - 00060511 _____ () C:\Windows\DirectX.log 2014-07-23 00:23 - 2014-07-23 00:23 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-07-23 00:14 - 2014-07-23 00:14 - 00000000 ____D () C:\Users\Exhalation\Documents\Square Enix 2014-07-23 00:09 - 2014-07-23 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix 2014-07-22 23:50 - 2014-07-22 23:50 - 00000000 ____D () C:\Program Files (x86)\Square Enix 2014-07-22 17:11 - 2014-07-22 17:11 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\My Games 2014-07-22 17:11 - 2014-06-11 16:49 - 00000000 ____D () C:\Users\Exhalation\Documents\My Games 2014-07-22 17:07 - 2014-07-22 17:07 - 00001155 _____ () C:\Users\Public\Desktop\Civilization 5.lnk 2014-07-22 17:07 - 2014-07-22 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization 5 2014-07-22 16:56 - 2014-07-22 16:56 - 00000000 ____D () C:\Program Files (x86)\Games 2014-07-22 03:17 - 2014-07-22 03:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-07-22 03:17 - 2012-07-26 09:21 - 00015553 _____ () C:\Windows\setupact.log 2014-07-22 03:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-21 19:38 - 2014-05-06 01:51 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\vlc 2014-07-21 18:08 - 2014-07-21 18:08 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2014-07-21 14:21 - 2014-07-21 14:21 - 00015910 _____ () C:\Users\Exhalation\Downloads\[kickass.to]crossfaith.discography.2006.2013.mp3.320kbps.littlefairyrg.tinker.torrent 2014-07-21 13:48 - 2014-07-21 13:48 - 00578950 _____ () C:\Users\Exhalation\Downloads\rsadowski3.htm 2014-07-20 18:05 - 2014-07-20 18:02 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\RIFT 2014-07-20 18:02 - 2014-07-20 18:02 - 00000000 ____D () C:\Users\Exhalation\Documents\RIFT 2014-07-20 17:56 - 2014-07-20 17:56 - 00001853 _____ () C:\Users\Exhalation\Desktop\RIFT.lnk 2014-07-20 17:56 - 2014-07-20 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2014-07-20 17:56 - 2014-07-20 17:53 - 00000000 ____D () C:\Program Files (x86)\Glyph 2014-07-20 17:54 - 2014-07-20 17:54 - 00000939 _____ () C:\Users\Exhalation\Desktop\Glyph.lnk 2014-07-20 17:54 - 2014-07-20 17:54 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Glyph 2014-07-20 17:53 - 2014-07-20 17:53 - 00000000 ____D () C:\ProgramData\Glyph 2014-07-20 17:53 - 2014-07-20 17:52 - 31195760 _____ (Trion Worlds Inc.) C:\Users\Exhalation\Downloads\GlyphInstall-0-1.exe 2014-07-20 04:46 - 2014-07-20 04:46 - 00000424 _____ () C:\Users\Exhalation\Downloads\url (1).htm 2014-07-20 04:45 - 2014-07-20 04:45 - 00000465 _____ () C:\Users\Exhalation\Downloads\url.htm 2014-07-19 21:07 - 2014-07-15 16:12 - 00065536 _____ () C:\Users\Exhalation\Desktop\Pokemon Ruby.sav 2014-07-19 21:07 - 2014-07-15 16:12 - 00037335 _____ () C:\Users\Exhalation\Desktop\Pokemon Ruby1.sgm 2014-07-19 21:07 - 2014-07-15 15:50 - 00002066 _____ () C:\Users\Exhalation\Desktop\vba.ini 2014-07-19 03:29 - 2014-07-19 03:29 - 00000079 _____ () C:\Users\Exhalation\Downloads\theblast (1).pls 2014-07-18 13:39 - 2014-07-18 13:39 - 00001078 _____ () C:\Windows\system32\netcfg-157750.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-165109.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-164984.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-164359.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-164218.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000139 _____ () C:\Windows\system32\netcfg-156984.txt 2014-07-18 13:39 - 2014-07-18 13:39 - 00000132 _____ () C:\Windows\system32\netcfg-168781.txt 2014-07-18 13:37 - 2014-05-05 20:46 - 00020820 _____ () C:\Windows\PFRO.log 2014-07-18 13:36 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI(12) 2014-07-18 05:35 - 2014-05-05 21:09 - 00000000 ____D () C:\Program Files (x86)\TERA 2014-07-17 21:27 - 2014-06-29 13:28 - 00000000 ____D () C:\ProgramData\deal2Dealit 2014-07-17 21:27 - 2014-05-26 19:30 - 00000000 ____D () C:\temp 2014-07-17 19:39 - 2014-07-17 19:39 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\AVAST Software 2014-07-17 19:39 - 2014-07-17 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-17 19:39 - 2014-07-17 19:38 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-17 19:37 - 2014-07-17 19:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-17 19:37 - 2014-07-17 19:37 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-17 19:37 - 2014-07-17 19:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-17 19:35 - 2014-07-17 19:35 - 00019523 _____ () C:\Users\Exhalation\Downloads\[kickass.to]windows.all.in.one.pre.activated.excellent.torrent 2014-07-17 19:35 - 2014-07-17 19:35 - 00001190 _____ () C:\Windows\system32\netcfg-410109.txt 2014-07-17 19:35 - 2014-07-17 19:35 - 00000161 _____ () C:\Windows\system32\netcfg-415687.txt 2014-07-17 19:35 - 2014-07-17 19:35 - 00000161 _____ () C:\Windows\system32\netcfg-408609.txt 2014-07-17 19:35 - 2014-07-17 19:35 - 00000132 _____ () C:\Windows\system32\netcfg-410593.txt 2014-07-17 19:35 - 2014-07-17 19:34 - 00000132 _____ () C:\Windows\system32\netcfg-405656.txt 2014-07-17 19:34 - 2014-07-17 19:34 - 00002127 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk 2014-07-17 19:34 - 2014-07-17 19:34 - 00001190 _____ () C:\Windows\system32\netcfg-404953.txt 2014-07-17 19:34 - 2014-07-17 19:34 - 00001024 _____ () C:\Windows\SysWOW64\%TMP% 2014-07-17 19:34 - 2014-07-17 19:34 - 00000157 _____ () C:\Windows\system32\netcfg-393265.txt 2014-07-17 19:34 - 2014-07-17 19:34 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-17 19:34 - 2014-07-17 19:33 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-17 19:34 - 2014-07-17 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2014-07-17 19:34 - 2014-05-05 20:57 - 00858960 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-07-17 19:33 - 2014-07-17 19:33 - 04862664 _____ (AVAST Software) C:\Users\Exhalation\Downloads\avast_free_antivirus_setup_online.exe 2014-07-17 19:32 - 2014-07-17 19:32 - 00000000 ____D () C:\Program Files\Common Files\VMware 2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines 2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\Program Files\SkanerOnline 2014-07-17 19:31 - 2014-07-17 19:31 - 00000000 ____D () C:\Program Files (x86)\VMware 2014-07-16 19:14 - 2014-07-16 19:14 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 04:54 - 2014-07-10 04:42 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\Tibia 2014-07-15 15:52 - 2014-07-15 15:52 - 04860240 _____ () C:\Users\Exhalation\Downloads\Pokemon Ruby.zip 2014-07-15 15:51 - 2014-07-15 15:51 - 00698056 _____ ( ) C:\Users\Exhalation\Downloads\CR_Downloader_dla_pokemon-ruby.exe 2014-07-15 15:51 - 2014-07-15 15:51 - 00698056 _____ ( ) C:\Users\Exhalation\Downloads\CR_Downloader_dla_pokemon-ruby (1).exe 2014-07-15 15:50 - 2014-07-15 15:50 - 00659797 _____ () C:\Users\Exhalation\Downloads\VisualBoyAdvance-1.8.0-beta3.zip 2014-07-15 13:05 - 2014-07-15 13:03 - 27885441 _____ () C:\Users\Exhalation\Downloads\BoL (1).rar 2014-07-15 00:12 - 2014-07-15 00:08 - 515132968 _____ (VMware, Inc.) C:\Users\Exhalation\Downloads\VMware-workstation-full-10.0.3-1895310.exe 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Scripts VM 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Framework 4.5 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Firefox + Scripts 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\Dxtory 2.0 2014-07-15 00:06 - 2014-07-15 00:06 - 00000000 ____D () C:\Users\Exhalation\Desktop\B0T 2014-07-15 00:06 - 2014-07-15 00:05 - 01824807 _____ () C:\Users\Exhalation\Downloads\EmuB0T[2.07.2014].rar 2014-07-14 03:06 - 2012-07-26 09:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-14 02:19 - 2014-07-10 04:24 - 00152576 _____ (OTLand) C:\Users\Exhalation\Downloads\ipchanger.exe 2014-07-12 04:08 - 2014-07-11 00:45 - 00000007 _____ () C:\Windows\core32.dll 2014-07-12 00:48 - 2014-07-12 00:48 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\OTLand 2014-07-11 03:52 - 2014-07-11 03:52 - 00702261 _____ () C:\Users\Exhalation\Downloads\Scripts_mpgh.net.rar 2014-07-11 00:45 - 2014-07-11 00:45 - 00222814 _____ () C:\Users\Exhalation\Downloads\WinRAP v1.25.zip 2014-07-10 05:03 - 2014-07-10 05:02 - 00000000 ____D () C:\Users\Exhalation\Documents\XenoBot 2014-07-10 05:02 - 2014-07-10 05:02 - 06915384 _____ () C:\Users\Exhalation\Downloads\xeno351(10.36)+crack.zip 2014-07-10 05:02 - 2014-07-10 05:02 - 00000954 _____ () C:\Users\Public\Desktop\Injector.exe.lnk 2014-07-10 05:02 - 2014-07-10 05:02 - 00000000 ____D () C:\Users\Exhalation\AppData\Roaming\MSDrvCfg 2014-07-10 05:02 - 2014-07-10 05:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XenoBot 2014-07-10 05:02 - 2014-07-10 05:02 - 00000000 ____D () C:\Program Files (x86)\XenoBot 2014-07-10 04:25 - 2014-07-10 04:25 - 00000963 _____ () C:\Users\Public\Desktop\Tibia.lnk 2014-07-10 04:25 - 2014-07-10 04:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia 2014-07-10 04:25 - 2014-07-10 04:25 - 00000000 ____D () C:\Program Files (x86)\Tibia 2014-07-10 04:25 - 2014-07-10 04:24 - 36250382 _____ (CipSoft GmbH ) C:\Users\Exhalation\Downloads\tibia1036.exe 2014-07-09 15:37 - 2012-07-26 09:19 - 00422192 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-08 11:58 - 2014-05-05 20:51 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Packages 2014-07-08 05:10 - 2014-07-08 05:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-08 05:09 - 2014-07-08 05:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-08 05:09 - 2012-07-26 09:52 - 00000000 ____D () C:\Windows\ShellNew 2014-07-08 05:08 - 2014-07-08 05:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-07-08 05:07 - 2014-07-08 05:07 - 00000000 ____D () C:\Windows\PCHEALTH 2014-07-08 05:07 - 2014-07-08 05:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-08 05:07 - 2014-07-08 05:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-07-08 05:07 - 2012-07-26 07:26 - 00000167 _____ () C:\Windows\win.ini 2014-07-08 05:06 - 2014-07-08 05:06 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Microsoft Help 2014-07-08 05:06 - 2014-07-08 05:06 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-07-08 05:06 - 2014-07-08 05:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-07-08 05:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-08 02:59 - 2014-07-08 02:59 - 00000000 __RHD () C:\MSOCache 2014-07-07 03:07 - 2014-07-07 03:07 - 00623844 _____ () C:\Users\Exhalation\Downloads\nightwolf-Conquistador.zip 2014-07-03 20:36 - 2014-06-01 19:48 - 00000000 ____D () C:\Users\Exhalation\poke-evo 2014-07-03 20:01 - 2014-07-03 20:00 - 119378190 _____ () C:\Users\Exhalation\Downloads\PokeEvo16 (4).exe 2014-07-03 14:08 - 2014-07-03 14:08 - 00000000 ____D () C:\Users\Exhalation\AppData\Local\Intel_Corporation 2014-07-03 05:40 - 2014-07-03 05:40 - 00000000 ____D () C:\Users\Exhalation\Documents\C9 2014-07-03 05:37 - 2014-07-03 05:37 - 00001158 _____ () C:\Users\Exhalation\Desktop\C9.lnk 2014-07-03 05:37 - 2014-07-03 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9 2014-07-03 05:21 - 2014-07-03 05:21 - 00000000 ____D () C:\Program Files (x86)\WEBZEN 2014-07-03 04:55 - 2014-06-20 04:18 - 00000000 ____D () C:\Download 2014-07-03 04:50 - 2014-07-03 04:50 - 00000079 _____ () C:\Users\Exhalation\Downloads\theblast.pls 2014-07-03 03:47 - 2014-07-03 03:47 - 05534160 _____ () C:\Users\Exhalation\Downloads\C9_Downloader.exe 2014-07-03 03:47 - 2014-07-03 03:47 - 05534160 _____ () C:\Users\Exhalation\Downloads\C9_Downloader (1).exe 2014-07-03 03:47 - 2014-07-03 03:47 - 00000000 ____D () C:\ProgramData\WEBZEN 2014-07-03 03:44 - 2014-07-03 03:44 - 00015112 _____ () C:\Users\Exhalation\Downloads\201304_C9_GP_Full.torrent 2014-07-03 01:05 - 2014-07-03 01:05 - 00272535 _____ () C:\Users\Exhalation\Downloads\Blood Money.zip 2014-07-03 01:04 - 2014-07-03 01:04 - 00287031 _____ () C:\Users\Exhalation\Downloads\Grand Larceny.zip 2014-07-02 16:50 - 2014-07-02 16:50 - 00487063 _____ () C:\Users\Exhalation\Downloads\nightwolf-pos_ladies_night_5.zip 2014-07-02 16:49 - 2014-07-02 16:49 - 00490199 _____ () C:\Users\Exhalation\Downloads\nightwolf-leftovers.zip 2014-07-01 02:16 - 2014-07-01 02:16 - 00992401 _____ () C:\Users\Exhalation\Downloads\ElophantClient.zip 2014-06-29 15:25 - 2014-06-29 15:25 - 00000979 _____ () C:\Users\Public\Desktop\Winamp.lnk 2014-06-29 15:25 - 2014-06-29 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-06-29 15:25 - 2014-06-29 15:24 - 00000000 ____D () C:\Program Files (x86)\Winamp 2014-06-29 15:24 - 2014-06-29 15:24 - 17163336 _____ (Nullsoft, Inc.) C:\Users\Exhalation\Downloads\winamp5666_full_all.exe 2014-06-29 13:29 - 2014-05-05 22:13 - 00000000 ____D () C:\ProgramData\51d7ac37be3ccf27 2014-06-28 19:46 - 2014-05-15 20:41 - 00000000 ____D () C:\Users\Exhalation\Desktop\New folder 2014-06-25 05:05 - 2014-06-12 23:41 - 00000000 ____D () C:\Program Files (x86)\LSI 2014-06-25 00:51 - 2014-06-25 00:51 - 00001078 _____ () C:\Windows\system32\netcfg-135437.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-151796.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-150406.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-150375.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000139 _____ () C:\Windows\system32\netcfg-129578.txt 2014-06-25 00:51 - 2014-06-25 00:51 - 00000132 _____ () C:\Windows\system32\netcfg-154875.txt Some content of TEMP: ==================== C:\Users\Exhalation\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 07:30 ==================== End Of Log ============================