YtramC

Members

View Profile See their activity

Posts
19
Joined
January 24, 2014
Last visited
January 29, 2014

Reputation

0 Neutral

Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

All completed and everything removed with no problems. Thanks for all your help, very much appreciated. Any recommended software to prevent a repeat of this?
- January 29, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

C:\Users\Ciaran\Downloads\PFPortChecker.exe Win32/InstallMonetizer.AN application C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe a variant of Win32/CNETInstaller.B application C:\Users\Marty\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application C:\Windows.old\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$RF8NW6Y.exe a variant of Win32/AdWare.SpeedingUpMyPC.E application
- January 28, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

MBAM installed and run perfectly, produced the following log, I selected all found items to be deleted. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.28.01 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Marty :: SAMSUNGI5 [administrator] 28/01/2014 10:33:37 AMmbam-log-2014-01-28 (10-33-37).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 646216Time elapsed: 1 hour(s), 16 minute(s), 17 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 7C:\Users\Ciaran\Documents\Desktop stuff\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.C:\Users\Ciaran\Documents\Desktop stuff\Minecraft Force OP (1).exe (Trojan.MSIL) -> Quarantined and deleted successfully.C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.C:\Users\Ciaran\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.C:\Users\Ciaran\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.C:\Windows.old\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$R3F6VO2.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully. (end) ----------------It seems that the malware had changed all the anti malware security permissions in the C:\programdata\ folders. Taking ownership and enabling inheritance of permissions resolved the issue for me. Thanks for the help, I don't think I would have been able to get this far without your advice and assistance Is there anything else that I need to check or any advice on programs to use to prevent a similar attack? cheers Marty
- January 28, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Got it! The user permissions on all the anti malware programs had been removed by the malware. Taking ownership and enabling the folder to use inherited permissions allowed the program to install. MBAM installed and now running here's the log from OTM: All processes killed========== REGISTRY ==========Registry key HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit\ deleted successfully.Registry key HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.Registry key HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit\ not found.Registry key HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware\ not found.========== FILES ==========File/Folder C:\Program Files (x86)\Malwarebytes' Anti-Malware not found.========== COMMANDS ========== [EMPTYTEMP] User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Ciaran->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 2987671 bytes->Java cache emptied: 8196 bytes->Google Chrome cache emptied: 0 bytes->Apple Safari cache emptied: 41177088 bytes->Flash cache emptied: 5 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default.migrated User: Marty->Temp folder emptied: 5142567 bytes->Temporary Internet Files folder emptied: 4314994 bytes->Java cache emptied: 8196 bytes->Google Chrome cache emptied: 40328730 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 316193 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 20521840 bytes Total Files Cleaned = 109.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 01282014_091522 Files moved on Reboot...C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
- January 28, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

New log file, not sure if of any relevance but there is an apostrophe after Malwarebytes on the MBAM entries, is that supposed to be there? SystemLook 30.07.11 by jpshortstuff Log created at 21:37 on 27/01/2014 by Marty Administrator - Elevation successful ========== regfind ========== Searching for "malwarebytes" [HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit] [HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR] @="C:\Program Files (x86)\Malwarebytes' Anti-Malware" [HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit] [HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware] -= EOF =-
- January 27, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Followed the instructions and still getting the 183 error:
- January 27, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01Ran by Marty at 2014-01-27 18:23:30Running from C:\Users\Marty\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Action Replay DSi Code Manager (Version: - )Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6 - Adobe Systems Incorporated)AllSharePlayLink (x32 Version: 1.0.0 - Samsung Electronics Co., Ltd.)AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)Bandicam (x32 Version: 1.9.1.419 - Bandisoft.com)Bandisoft MPEG-1 Decoder (x32 Version: - Bandisoft.com)Bruteforce Save Data (x32 Version: - )Call of Duty® - World at War (x32 Version: 1.0 - Activision) HiddenCall of Duty® - World at War (x32 Version: 1.7 - Activision)Call of Duty® - World at War 1.1 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.1 Patch (x32 Version: 1.1 - Activision) HiddenCall of Duty® - World at War 1.2 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.2 Patch (x32 Version: 1.2 - Activision) HiddenCall of Duty® - World at War 1.3 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.3 Patch (x32 Version: 1.3 - Activision) HiddenCall of Duty® - World at War 1.4 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.4 Patch (x32 Version: 1.4 - Activision) HiddenCall of Duty® - World at War 1.5 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.5 Patch (x32 Version: 1.5 - Activision) HiddenCall of Duty® - World at War 1.6 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.6 Patch (x32 Version: 1.6 - Activision) HiddenCall of Duty® - World at War 1.7 Patch (x32 Version: - ) HiddenCall of Duty® - World at War 1.7 Patch (x32 Version: 1.7 - Activision) HiddenCatalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) HiddenCCleaner (Version: 4.09 - Piriform)CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) HiddenCyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenEasy File Share (x32 Version: 1.3.6 - Samsung Electronics CO.,LTD.)Fraps (remove only) (x32 Version: - )Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) HiddenHelp Desk (Version: 1.0.96 - Samsung Electronics CO., LTD.)HxD Hex Editor version 1.7.7.0 (x32 Version: 1.7.7.0 - Maël Hörz)Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)Intel® Processor Graphics (x32 Version: 10.18.10.3379 - Intel Corporation)Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)MotioninJoy ds3 driver version 0.6.0003 (Version: 0.5.0001 - www.motioninjoy.com)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenNexus Mod Manager (Version: 0.41.0 - Black Tree Gaming)Notepad++ (x32 Version: 6.3.3 - Notepad++ Team)Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenPlants vs. Zombies (x32 Version: - PopCap Games)Pokemon Showdown (x32 Version: - "Pokemon Showdown")PunkBuster Services (x32 Version: 0.986 - Even Balance, Inc.)PX Profile Update (x32 Version: 1.00.1. - AMD) HiddenQualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216 - Qualcomm Atheros Communications)Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)Quick Starter (Version: 1.0.2 - Samsung Electronics CO., LTD.)Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)Recovery (x32 Version: 6.0.10.0 - Samsung Electronics CO., LTD.)S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) HiddenS Service (x32 Version: 1.0 - Samsung Electronics CO., LTD.)Settings (x32 Version: 2.0.1 - Samsung Electronics CO., LTD.)Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)Spybot - Search & Destroy (x32 Version: 2.0.12 - Safer-Networking Ltd.)SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)Steam (x32 Version: 1.0.0.0 - Valve Corporation)Support Center (Version: 2.1.1201 - Samsung Electronics CO., LTD.)Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.) HiddenSW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.)Synaptics Pointing Device Driver (Version: 16.2.14.2 - Synaptics Incorporated)Team Fortress 2 (x32 Version: - Valve)Terraria (x32 Version: - Re-Logic)The Elder Scrolls V: Skyrim (x32 Version: - Bethesda Game Studios)Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)User Guide (x32 Version: 1.4.00 - Samsung Electronics CO., LTD.)Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWinRAR 5.00 beta 3 (64-bit) (Version: 5.00.3 - win.rar GmbH) ==================== Restore Points ========================= 20-01-2014 09:00:47 Removed Classic Shell21-01-2014 13:27:11 Installed HiJackThis22-01-2014 16:09:39 Removed HiJackThis22-01-2014 17:00:42 Malwarebytes Anti-Rootkit Restore Point24-01-2014 12:08:03 Removed Java 7 Update 4526-01-2014 02:52:02 zoek.exe restore point ==================== Hosts content: ========================== 2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTaskTask: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {1B46BD5A-A4B9-4C9E-899F-289BA5CE1038} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2120A345-D593-428A-9D78-C9A26E4988B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {24CE1821-0573-4EE3-B903-EDCC74AC19D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {2E7EE2EA-6604-4BEC-9E30-6FDFCC7FBF56} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {36941691-BBAA-4CEE-BEAE-F0A5994D0002} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exeTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {47EBAA43-2536-4687-A67A-8053BB580F77} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {827FCF4A-C119-456E-9182-62372E4C8F68} - \Dealply No Task FileTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {AF3A8233-12BC-4429-B413-741C3F038576} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DB65104C-8929-4044-BF08-10234AE5AF6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)Task: {E5036AA2-FB62-4DC6-8514-CB0F2B5449E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {F34A0204-AD3F-45BD-ADDC-98841810CE08} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {F34F94D8-750D-48E4-9F91-C82A38504CCA} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)Task: {F96F0E9B-CA33-4FEA-9CDE-133FBB1F5074} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-26] (AVAST Software)Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2012-06-18 23:24 - 2012-06-18 23:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-12-05 20:44 - 2012-12-05 20:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll2014-01-27 12:20 - 2014-01-27 03:21 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012601\algo.dll2012-11-30 16:26 - 2012-11-30 16:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll2012-11-30 16:26 - 2012-11-30 16:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll2012-11-30 16:26 - 2012-11-30 16:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll2012-11-30 16:26 - 2012-11-30 16:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll2012-11-30 16:26 - 2012-11-30 16:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll2013-05-14 20:10 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl2013-05-14 20:10 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2013-05-14 20:10 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2013-05-14 20:10 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2013-05-14 20:10 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl2013-12-14 14:11 - 2013-12-14 14:11 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-01-18 18:42 - 2014-01-11 18:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll2014-01-18 18:42 - 2014-01-11 18:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll2014-01-18 18:42 - 2014-01-11 18:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll2014-01-18 18:42 - 2014-01-11 18:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll2014-01-18 18:42 - 2014-01-11 18:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Ciaran\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45113418.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45113418.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Could not start eventlog service, could not read events. The requested service has already been started. More help is available by typing NET HELPMSG 2182. ==================== Memory info =========================== Percentage of memory in use: 22%Total physical RAM: 8083.57 MBAvailable physical RAM: 6270.17 MBTotal Pagefile: 16275.57 MBAvailable Pagefile: 14428.71 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.24 GB) (Free:156.64 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 91FD340F) Partition: GPT Partition Type==================== End Of Log ============================
- January 27, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Thanks Kevin System Look log: SystemLook 30.07.11 by jpshortstuffLog created at 17:58 on 27/01/2014 by MartyAdministrator - Elevation successful ========== regfind ========== Searching for "malwarebytes"[HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit][HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"[HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit][HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware] -= EOF =- FRST Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01Ran by Marty (administrator) on SAMSUNGI5 on 27-01-2014 17:59:31Running from C:\Users\Marty\DownloadsWindows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2013-05-13] (Realtek Semiconductor)HKLM\...\Run: [btTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)HKLM\...\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Qualcomm Atheros Commnucations)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKCU\...\Run: [Quick Starter] - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2338352 2013-09-25] (Samsung Electronics CO., LTD.)HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)HKU\Ciaran\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)HKU\Ciaran\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1823656 2013-12-12] (Valve Corporation)HKU\Ciaran\...\Run: [sanDiskSecureAccess_Manager.exe] - C:\Users\Ciaran\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [31095432 2010-11-10] (Dmailer S.A.)HKU\Ciaran\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeHKU\Ciaran\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeHKU\Ciaran\...\Policies\system: [DisableLockWorkstation] 0Startup: C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.comSearchScopes: HKLM - DefaultScope {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = SearchScopes: HKLM-x32 - DefaultScope {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: =======CHR DefaultSearchKeyword: google.com.auCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Extension: (Google Docs) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]CHR Extension: (Google Search) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]CHR Extension: (Skype Click to Call) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]CHR Extension: (Google Wallet) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) ==================== Drivers (Whitelisted) ==================== U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)U2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-26] (AVAST Software)U1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-14] (AVAST Software)U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-14] ()U1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-01-26] (AVAST Software)U1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-01-26] (AVAST Software)U3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-26] (AVAST Software)U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-22] ()U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)U3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)U3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-01-22] ()U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-21] (Microsoft Corporation)U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-21] (Microsoft Corporation)U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-27 17:58 - 2014-01-27 17:58 - 00003618 _____ C:\Users\Marty\Downloads\SystemLook.txt2014-01-27 17:57 - 2014-01-27 17:57 - 00165376 _____ C:\Users\Marty\Downloads\SystemLook_x64.exe2014-01-27 12:16 - 2014-01-27 12:16 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Marty\Downloads\mbam-clean-1.60.2.0003.exe2014-01-26 11:57 - 2014-01-26 11:57 - 00000000 ____D C:\Users\Marty\Desktop\Zoek2014-01-26 11:07 - 2013-10-18 01:11 - 00024064 _____ C:\WINDOWS\zoek-delete.exe2014-01-26 11:06 - 2014-01-26 11:06 - 00000000 ____D C:\Program Files (x86)\HiJackThis2014-01-26 10:51 - 2014-01-26 11:16 - 00111415 _____ C:\zoek-results.log2014-01-26 10:49 - 2014-01-26 11:05 - 00000000 ____D C:\zoek_backup2014-01-26 10:15 - 2014-01-26 10:15 - 04086782 _____ C:\Users\Marty\Downloads\zoek.zip2014-01-25 19:10 - 2014-01-26 10:44 - 00000000 ____D C:\Users\Marty\Downloads\FRST-OlderVersion2014-01-24 23:56 - 2014-01-24 23:57 - 00286832 _____ C:\WINDOWS\Minidump\012414-28375-01.dmp2014-01-24 23:55 - 2014-01-24 23:55 - 00000091 _____ C:\Users\Marty\Desktop\catchme.log2014-01-24 23:24 - 2014-01-24 23:24 - 00000000 _____ C:\WINDOWS\system32\getservice.txt2014-01-24 23:23 - 2014-01-24 23:23 - 00130337 _____ C:\Users\Marty\Downloads\getservices.zip2014-01-24 23:23 - 2014-01-24 23:23 - 00000000 ____D C:\Users\Marty\Downloads\getservices2014-01-24 23:05 - 2014-01-24 23:05 - 00290960 _____ C:\WINDOWS\Minidump\012414-28531-01.dmp2014-01-24 21:38 - 2014-01-24 21:40 - 00005164 _____ C:\Users\Marty\Desktop\Rkill.txt2014-01-24 20:45 - 2014-01-24 20:45 - 00688992 _____ (Swearware) C:\Users\Marty\Downloads\dds.com2014-01-24 20:11 - 2014-01-24 20:20 - 00000000 ____D C:\Users\Marty\Desktop\RK_Quarantine2014-01-24 20:04 - 2014-01-24 20:04 - 00286832 _____ C:\WINDOWS\Minidump\012414-29031-01.dmp2014-01-23 06:11 - 2014-01-24 22:49 - 00000796 _____ C:\WINDOWS\setupact.log2014-01-23 06:11 - 2014-01-23 06:11 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-23 06:10 - 2014-01-27 13:34 - 01281100 _____ C:\WINDOWS\WindowsUpdate.log2014-01-23 01:01 - 2014-01-27 13:11 - 00099338 _____ C:\WINDOWS\PFRO.log2014-01-23 00:34 - 2014-01-24 23:56 - 515196296 _____ C:\WINDOWS\MEMORY.DMP2014-01-23 00:34 - 2014-01-23 00:34 - 00286832 _____ C:\WINDOWS\Minidump\012314-27921-01.dmp2014-01-23 00:27 - 2014-01-24 22:54 - 00000000 ____D C:\ProgramData\SUPERSetup2014-01-23 00:08 - 2014-01-23 00:08 - 00261778 _____ C:\Users\Marty\Documents\cc_20140123_000820.reg2014-01-23 00:06 - 2014-01-23 00:06 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk2014-01-23 00:06 - 2014-01-23 00:06 - 00000000 ____D C:\Program Files\CCleaner2014-01-23 00:05 - 2014-01-23 00:05 - 04645232 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup409.exe2014-01-22 22:59 - 2014-01-22 22:59 - 00000000 ____D C:\Users\Marty\Desktop\MBAR2014-01-22 22:48 - 2014-01-22 22:49 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe2014-01-22 22:20 - 2014-01-22 22:20 - 00000000 ____D C:\Program Files\Reason2014-01-22 22:19 - 2014-01-22 22:19 - 01970440 _____ (Reason Company Software Inc.) C:\Users\Marty\Downloads\herdProtectScan_Setup.exe2014-01-22 22:03 - 2014-01-22 22:04 - 04406784 _____ C:\Users\Marty\Downloads\RogueKillerX64.exe2014-01-22 21:56 - 2014-01-22 21:56 - 00024384 _____ C:\Users\Marty\Downloads\Addition.txt2014-01-22 21:55 - 2014-01-27 17:59 - 00015420 _____ C:\Users\Marty\Downloads\FRST.txt2014-01-22 21:55 - 2014-01-26 10:44 - 00000000 ____D C:\FRST2014-01-22 21:54 - 2014-01-26 10:44 - 02078208 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe2014-01-22 21:37 - 2014-01-22 21:37 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marty\Downloads\autoruns.exe2014-01-22 19:20 - 2014-01-22 19:21 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Marty\Downloads\ADSSpy.exe2014-01-22 01:22 - 2014-01-22 01:22 - 00001690 _____ C:\WINDOWS\system32\.crusader2014-01-22 01:12 - 2014-01-22 01:23 - 00032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys2014-01-22 01:12 - 2014-01-22 01:22 - 00000000 ____D C:\ProgramData\HitmanPro2014-01-22 01:11 - 2014-01-22 01:11 - 00930440 _____ (CNET Download.com) C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe2014-01-22 01:02 - 2014-01-26 12:01 - 00001988 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-01-22 01:01 - 2014-01-26 12:01 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys2014-01-22 01:01 - 2014-01-26 12:01 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2014-01-22 00:56 - 2014-01-22 00:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Marty\Downloads\maldead.exe2014-01-22 00:08 - 2014-01-22 00:08 - 00000000 _____ C:\Users\Marty\Downloads\Ret.reg2014-01-21 23:23 - 2014-01-21 23:23 - 00000227 _____ C:\WINDOWS\SysWOW64\mbr.log2014-01-21 23:09 - 2014-01-24 21:38 - 00000227 _____ C:\Users\Marty\Downloads\mbr.log2014-01-21 23:08 - 2014-01-21 23:08 - 00147456 _____ C:\Users\Marty\Downloads\catchme.exe2014-01-21 23:08 - 2014-01-21 23:08 - 00089088 _____ C:\Users\Marty\Downloads\mbr.exe2014-01-21 22:40 - 2014-01-21 22:41 - 29507728 _____ (SUPERAntiSpyware) C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe2014-01-21 22:30 - 2014-01-24 23:56 - 00000000 ____D C:\WINDOWS\Minidump2014-01-21 22:29 - 2014-01-21 22:29 - 00379904 _____ C:\Users\Marty\Downloads\iexplore.exe2014-01-21 22:11 - 2014-01-24 22:59 - 00000000 ____D C:\TDSSKiller_Quarantine2014-01-21 22:04 - 2014-01-21 22:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Marty\Downloads\tdsskiller.exe2014-01-21 21:26 - 2014-01-21 21:26 - 01402880 _____ C:\Users\Marty\Downloads\HijackThis.msi2014-01-21 20:31 - 2014-01-21 20:31 - 00001446 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-01-21 20:31 - 2014-01-21 20:31 - 00000000 ____D C:\Users\Marty\AppData\Roaming\AVAST Software2014-01-21 20:30 - 2014-01-21 20:30 - 00000020 ___SH C:\Users\Marty\ntuser.ini2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Users\Ciaran\Pavtube2014-01-21 18:22 - 2014-01-21 18:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Pavtube2014-01-21 18:02 - 2014-01-21 18:03 - 49108850 _____ (Pavtube Studio. ) C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe2014-01-21 10:17 - 2014-01-21 10:24 - 39286002 _____ C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip2014-01-21 08:13 - 2014-01-23 00:07 - 00000000 ___DC C:\WINDOWS\Panther2014-01-21 08:11 - 2014-01-21 08:11 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe2014-01-21 08:11 - 2014-01-21 08:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe2014-01-21 08:11 - 2014-01-21 08:11 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00000000 ____D C:\Windows.old2014-01-21 08:10 - 2014-01-21 08:10 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-01-21 08:10 - 2014-01-21 08:10 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-01-21 08:10 - 2014-01-21 08:10 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-01-21 08:10 - 2014-01-21 08:10 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-01-21 08:10 - 2014-01-21 08:10 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-01-21 08:10 - 2014-01-21 08:10 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-01-21 08:10 - 2014-01-21 08:10 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-01-21 08:10 - 2014-01-21 08:10 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-01-21 08:10 - 2014-01-21 08:10 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-01-21 08:10 - 2014-01-21 08:10 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-01-21 08:10 - 2014-01-21 08:10 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-01-21 08:10 - 2014-01-21 08:10 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-01-21 08:10 - 2014-01-21 08:10 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-01-21 08:10 - 2014-01-21 08:10 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2014-01-21 08:10 - 2014-01-21 08:10 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-01-21 08:10 - 2014-01-21 08:10 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2014-01-21 08:10 - 2014-01-21 08:10 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll2014-01-21 08:09 - 2014-01-21 08:09 - 00262144 _____ C:\WINDOWS\system32\config\userdiff2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\Reference Assemblies2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\MSBuild2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2014-01-21 08:06 - 2014-01-20 16:27 - 00000000 ____D C:\Program Files (x86)\MSBuild2014-01-21 08:05 - 2014-01-20 16:20 - 00000000 ____D C:\Recovery2014-01-21 08:05 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll2014-01-21 08:05 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll2014-01-21 08:05 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe2014-01-21 08:05 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll2014-01-21 08:05 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2014-01-21 08:05 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe2014-01-21 02:16 - 2014-01-23 01:01 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}2014-01-21 02:16 - 2014-01-22 01:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\reader2014-01-21 02:16 - 2014-01-21 02:16 - 00047548 _____ C:\Users\Ciaran\Downloads\Minecraft (2).jar2014-01-21 02:16 - 2014-01-21 02:16 - 00000000 _____ C:\Users\Ciaran\13stdybt37.tmp2014-01-21 02:12 - 2014-01-21 02:12 - 00783704 _____ C:\Users\Ciaran\Downloads\MC Force Op LauncherMC.rar2014-01-20 20:46 - 2014-01-20 20:46 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Spoon2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2014-01-20 16:54 - 2014-01-21 13:10 - 00000000 __RDO C:\Users\Ciaran\SkyDrive2014-01-20 16:53 - 2014-01-20 16:53 - 00002060 _____ C:\Users\Public\Desktop\Support Center.lnk2014-01-20 16:51 - 2014-01-20 16:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD2014-01-20 16:50 - 2014-01-20 16:50 - 00001446 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-01-20 16:49 - 2014-01-20 16:49 - 00000020 ___SH C:\Users\Ciaran\ntuser.ini2014-01-20 16:46 - 2014-01-20 16:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2014-01-20 16:25 - 2014-01-20 16:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate2014-01-20 16:23 - 2014-01-25 00:00 - 00000000 ____D C:\Users\Marty2014-01-20 16:23 - 2014-01-21 20:30 - 00000000 ____D C:\Users\Ciaran2014-01-20 16:23 - 2014-01-20 16:36 - 00000000 ____D C:\Users\Administrator2014-01-20 16:23 - 2014-01-20 16:25 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 16:23 - 2014-01-20 16:24 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 16:23 - 2014-01-20 16:24 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-20 16:22 - 2014-01-20 16:46 - 00036198 _____ C:\WINDOWS\diagwrn.xml2014-01-20 16:22 - 2014-01-20 16:46 - 00036198 _____ C:\WINDOWS\diagerr.xml2014-01-20 16:17 - 2014-01-20 16:27 - 00000000 ____D C:\Program Files (x86)\Intel2014-01-20 16:17 - 2014-01-20 16:17 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Synaptics2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Realtek2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 ____D C:\Program Files\Intel2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\AMD2014-01-18 20:48 - 2014-01-18 20:48 - 00001377 _____ C:\Users\Ciaran\Desktop\Play Plants vs. Zombies.lnk2014-01-18 20:30 - 2014-01-18 20:30 - 00001078 _____ C:\Users\Ciaran\Desktop\Pokemon Showdown.lnk2014-01-18 20:25 - 2014-01-18 20:26 - 24156191 _____ C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe2014-01-18 18:30 - 2014-01-18 19:06 - 00001642 _____ C:\Users\Ciaran\Desktop\My Mod App CSG.txt2014-01-18 18:15 - 2013-09-27 14:57 - 00675988 _____ C:\Users\Ciaran\Desktop\Minecraft.exe2014-01-18 17:53 - 2014-01-18 17:53 - 00000136 _____ C:\Users\Ciaran\Desktop\Call of Duty® World at War.lnk2014-01-18 17:03 - 2014-01-18 17:03 - 00002125 _____ C:\Users\Public\Desktop\S Service.lnk2014-01-18 17:03 - 2014-01-18 17:03 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Samsung2014-01-18 17:02 - 2014-01-18 17:02 - 00002101 _____ C:\Users\Public\Desktop\Quick Starter.lnk2014-01-18 16:48 - 2014-01-18 16:51 - 00000000 ___RD C:\Users\Ciaran\Documents\Desktop stuff2014-01-18 00:31 - 2014-01-18 00:31 - 00209469 _____ C:\Users\Ciaran\Downloads\Level 72 Borderlands 2 Characters (1).rar2014-01-18 00:27 - 2014-01-18 00:27 - 01226271 _____ C:\Users\Ciaran\Downloads\saveedit_r227.zip2014-01-17 23:32 - 2014-01-17 23:33 - 06013024 _____ (Nota Inc. ) C:\Users\Ciaran\Downloads\GyazoSetup.exe2014-01-07 16:01 - 2014-01-07 16:01 - 00401776 _____ (Softonic ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe2014-01-05 19:11 - 2014-01-05 19:11 - 00616312 _____ (Windows 8.1 32 Bit 64Bit Free Download Serial Key) C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe2014-01-05 16:47 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (3).zip2014-01-05 16:46 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (2).zip2013-12-31 14:02 - 2013-12-31 14:03 - 05662741 _____ C:\Users\Ciaran\Downloads\gta8.zip2013-12-30 19:21 - 2013-12-30 19:21 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\openvr2013-12-29 16:29 - 2013-12-29 16:29 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (1).zip2013-12-28 22:03 - 2013-12-28 22:03 - 00000000 ____D C:\ProgramData\Oracle2013-12-28 22:00 - 2013-12-28 22:00 - 00915368 _____ (Oracle Corporation) C:\Users\Ciaran\Downloads\chromeinstall-7u45.exe2013-12-28 21:21 - 2013-12-28 21:21 - 00817443 _____ C:\Users\Ciaran\Downloads\PokeGen_full.zip ==================== One Month Modified Files and Folders ======= 2014-01-27 17:59 - 2014-01-22 21:55 - 00015420 _____ C:\Users\Marty\Downloads\FRST.txt2014-01-27 17:58 - 2014-01-27 17:58 - 00003618 _____ C:\Users\Marty\Downloads\SystemLook.txt2014-01-27 17:58 - 2013-11-14 15:28 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI2014-01-27 17:57 - 2014-01-27 17:57 - 00165376 _____ C:\Users\Marty\Downloads\SystemLook_x64.exe2014-01-27 17:57 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru2014-01-27 13:34 - 2014-01-23 06:10 - 01281100 _____ C:\WINDOWS\WindowsUpdate.log2014-01-27 13:12 - 2013-10-23 18:50 - 00000000 ____D C:\Users\Marty\AppData\Local\LogMeIn Hamachi2014-01-27 13:11 - 2014-01-23 01:01 - 00099338 _____ C:\WINDOWS\PFRO.log2014-01-27 12:28 - 2013-05-14 20:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marty\Downloads\mbam-setup-1.75.0.1300.exe2014-01-27 12:16 - 2014-01-27 12:16 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Marty\Downloads\mbam-clean-1.60.2.0003.exe2014-01-26 12:02 - 2013-10-23 22:21 - 00000000 ____D C:\WINDOWS\pss2014-01-26 12:01 - 2014-01-22 01:02 - 00001988 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-01-26 12:01 - 2014-01-22 01:01 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys2014-01-26 12:01 - 2014-01-22 01:01 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2014-01-26 12:01 - 2013-12-14 14:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-01-26 12:01 - 2013-05-14 19:45 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-01-26 12:01 - 2013-05-14 19:45 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2014-01-26 12:01 - 2013-05-14 19:45 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-01-26 12:01 - 2013-05-14 19:45 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-01-26 11:58 - 2013-10-23 18:51 - 00000000 ____D C:\Users\Marty\AppData\Local\CrashDumps2014-01-26 11:57 - 2014-01-26 11:57 - 00000000 ____D C:\Users\Marty\Desktop\Zoek2014-01-26 11:16 - 2014-01-26 10:51 - 00111415 _____ C:\zoek-results.log2014-01-26 11:06 - 2014-01-26 11:06 - 00000000 ____D C:\Program Files (x86)\HiJackThis2014-01-26 11:05 - 2014-01-26 10:49 - 00000000 ____D C:\zoek_backup2014-01-26 10:44 - 2014-01-25 19:10 - 00000000 ____D C:\Users\Marty\Downloads\FRST-OlderVersion2014-01-26 10:44 - 2014-01-22 21:55 - 00000000 ____D C:\FRST2014-01-26 10:44 - 2014-01-22 21:54 - 02078208 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe2014-01-26 10:15 - 2014-01-26 10:15 - 04086782 _____ C:\Users\Marty\Downloads\zoek.zip2014-01-26 10:12 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness2014-01-25 01:32 - 2013-08-22 21:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI2014-01-25 00:00 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Marty2014-01-24 23:57 - 2014-01-24 23:56 - 00286832 _____ C:\WINDOWS\Minidump\012414-28375-01.dmp2014-01-24 23:56 - 2014-01-23 00:34 - 515196296 _____ C:\WINDOWS\MEMORY.DMP2014-01-24 23:56 - 2014-01-21 22:30 - 00000000 ____D C:\WINDOWS\Minidump2014-01-24 23:55 - 2014-01-24 23:55 - 00000091 _____ C:\Users\Marty\Desktop\catchme.log2014-01-24 23:24 - 2014-01-24 23:24 - 00000000 _____ C:\WINDOWS\system32\getservice.txt2014-01-24 23:23 - 2014-01-24 23:23 - 00130337 _____ C:\Users\Marty\Downloads\getservices.zip2014-01-24 23:23 - 2014-01-24 23:23 - 00000000 ____D C:\Users\Marty\Downloads\getservices2014-01-24 23:05 - 2014-01-24 23:05 - 00290960 _____ C:\WINDOWS\Minidump\012414-28531-01.dmp2014-01-24 22:59 - 2014-01-21 22:11 - 00000000 ____D C:\TDSSKiller_Quarantine2014-01-24 22:54 - 2014-01-23 00:27 - 00000000 ____D C:\ProgramData\SUPERSetup2014-01-24 22:49 - 2014-01-23 06:11 - 00000796 _____ C:\WINDOWS\setupact.log2014-01-24 21:40 - 2014-01-24 21:38 - 00005164 _____ C:\Users\Marty\Desktop\Rkill.txt2014-01-24 21:38 - 2014-01-21 23:09 - 00000227 _____ C:\Users\Marty\Downloads\mbr.log2014-01-24 20:45 - 2014-01-24 20:45 - 00688992 _____ (Swearware) C:\Users\Marty\Downloads\dds.com2014-01-24 20:20 - 2014-01-24 20:11 - 00000000 ____D C:\Users\Marty\Desktop\RK_Quarantine2014-01-24 20:04 - 2014-01-24 20:04 - 00286832 _____ C:\WINDOWS\Minidump\012414-29031-01.dmp2014-01-23 06:11 - 2014-01-23 06:11 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-23 01:01 - 2014-01-21 02:16 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}2014-01-23 01:01 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\schemas2014-01-23 01:01 - 2013-05-14 21:09 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-23 00:34 - 2014-01-23 00:34 - 00286832 _____ C:\WINDOWS\Minidump\012314-27921-01.dmp2014-01-23 00:08 - 2014-01-23 00:08 - 00261778 _____ C:\Users\Marty\Documents\cc_20140123_000820.reg2014-01-23 00:07 - 2014-01-21 08:13 - 00000000 ___DC C:\WINDOWS\Panther2014-01-23 00:07 - 2013-05-27 16:58 - 00000000 ____D C:\Program Files (x86)\Steam2014-01-23 00:06 - 2014-01-23 00:06 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk2014-01-23 00:06 - 2014-01-23 00:06 - 00000000 ____D C:\Program Files\CCleaner2014-01-23 00:05 - 2014-01-23 00:05 - 04645232 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup409.exe2014-01-22 22:59 - 2014-01-22 22:59 - 00000000 ____D C:\Users\Marty\Desktop\MBAR2014-01-22 22:49 - 2014-01-22 22:48 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe2014-01-22 22:20 - 2014-01-22 22:20 - 00000000 ____D C:\Program Files\Reason2014-01-22 22:19 - 2014-01-22 22:19 - 01970440 _____ (Reason Company Software Inc.) C:\Users\Marty\Downloads\herdProtectScan_Setup.exe2014-01-22 22:04 - 2014-01-22 22:03 - 04406784 _____ C:\Users\Marty\Downloads\RogueKillerX64.exe2014-01-22 21:56 - 2014-01-22 21:56 - 00024384 _____ C:\Users\Marty\Downloads\Addition.txt2014-01-22 21:37 - 2014-01-22 21:37 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marty\Downloads\autoruns.exe2014-01-22 19:21 - 2014-01-22 19:20 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Marty\Downloads\ADSSpy.exe2014-01-22 01:23 - 2014-01-22 01:12 - 00032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys2014-01-22 01:22 - 2014-01-22 01:22 - 00001690 _____ C:\WINDOWS\system32\.crusader2014-01-22 01:22 - 2014-01-22 01:12 - 00000000 ____D C:\ProgramData\HitmanPro2014-01-22 01:22 - 2014-01-21 02:16 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\reader2014-01-22 01:11 - 2014-01-22 01:11 - 00930440 _____ (CNET Download.com) C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe2014-01-22 01:01 - 2013-05-14 19:45 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys2014-01-22 00:56 - 2014-01-22 00:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Marty\Downloads\maldead.exe2014-01-22 00:08 - 2014-01-22 00:08 - 00000000 _____ C:\Users\Marty\Downloads\Ret.reg2014-01-21 23:23 - 2014-01-21 23:23 - 00000227 _____ C:\WINDOWS\SysWOW64\mbr.log2014-01-21 23:08 - 2014-01-21 23:08 - 00147456 _____ C:\Users\Marty\Downloads\catchme.exe2014-01-21 23:08 - 2014-01-21 23:08 - 00089088 _____ C:\Users\Marty\Downloads\mbr.exe2014-01-21 22:41 - 2014-01-21 22:40 - 29507728 _____ (SUPERAntiSpyware) C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe2014-01-21 22:29 - 2014-01-21 22:29 - 00379904 _____ C:\Users\Marty\Downloads\iexplore.exe2014-01-21 22:04 - 2014-01-21 22:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Marty\Downloads\tdsskiller.exe2014-01-21 21:35 - 2013-05-14 20:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22014-01-21 21:34 - 2013-05-14 20:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster2014-01-21 21:26 - 2014-01-21 21:26 - 01402880 _____ C:\Users\Marty\Downloads\HijackThis.msi2014-01-21 20:32 - 2012-12-25 17:41 - 00000000 ____D C:\Users\Marty\AppData\Local\Packages2014-01-21 20:31 - 2014-01-21 20:31 - 00001446 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-01-21 20:31 - 2014-01-21 20:31 - 00000000 ____D C:\Users\Marty\AppData\Roaming\AVAST Software2014-01-21 20:31 - 2013-05-13 20:15 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-21 20:31 - 2013-05-13 20:15 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-01-21 20:30 - 2014-01-21 20:30 - 00000020 ___SH C:\Users\Marty\ntuser.ini2014-01-21 20:30 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Ciaran2014-01-21 20:26 - 2013-10-24 00:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2014-01-21 20:08 - 2013-05-21 13:19 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Skype2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Users\Ciaran\Pavtube2014-01-21 18:22 - 2014-01-21 18:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Pavtube2014-01-21 18:03 - 2014-01-21 18:02 - 49108850 _____ (Pavtube Studio. ) C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe2014-01-21 13:52 - 2013-08-28 19:55 - 00007596 _____ C:\Users\Ciaran\AppData\Local\Resmon.ResmonCfg2014-01-21 13:30 - 2013-05-28 16:08 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Apple Computer2014-01-21 13:21 - 2013-05-14 19:25 - 00000000 ____D C:\Program Files (x86)\Google2014-01-21 13:17 - 2013-11-30 21:17 - 00000000 ____D C:\Program Files (x86)\Pamela RichMood Editor2014-01-21 13:10 - 2014-01-20 16:54 - 00000000 __RDO C:\Users\Ciaran\SkyDrive2014-01-21 12:32 - 2013-08-22 22:44 - 00481024 _____ C:\WINDOWS\system32\FNTCACHE.DAT2014-01-21 12:11 - 2013-09-27 15:23 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\.minecraft2014-01-21 11:44 - 2013-05-17 09:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1229153242-3201741155-1693493588-10052014-01-21 11:39 - 2013-05-14 19:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-21 11:39 - 2013-05-14 19:25 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-21 10:24 - 2014-01-21 10:17 - 39286002 _____ C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip2014-01-21 08:11 - 2014-01-21 08:11 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe2014-01-21 08:11 - 2014-01-21 08:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe2014-01-21 08:11 - 2014-01-21 08:11 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll2014-01-21 08:11 - 2014-01-21 08:11 - 00000000 ____D C:\Windows.old2014-01-21 08:11 - 2013-08-22 23:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template2014-01-21 08:11 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\WinStore2014-01-21 08:10 - 2014-01-21 08:10 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-01-21 08:10 - 2014-01-21 08:10 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-01-21 08:10 - 2014-01-21 08:10 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-01-21 08:10 - 2014-01-21 08:10 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-01-21 08:10 - 2014-01-21 08:10 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-01-21 08:10 - 2014-01-21 08:10 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-01-21 08:10 - 2014-01-21 08:10 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-01-21 08:10 - 2014-01-21 08:10 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-01-21 08:10 - 2014-01-21 08:10 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-01-21 08:10 - 2014-01-21 08:10 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-01-21 08:10 - 2014-01-21 08:10 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-01-21 08:10 - 2014-01-21 08:10 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-01-21 08:10 - 2014-01-21 08:10 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-01-21 08:10 - 2014-01-21 08:10 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2014-01-21 08:10 - 2014-01-21 08:10 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-01-21 08:10 - 2014-01-21 08:10 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-01-21 08:10 - 2014-01-21 08:10 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2014-01-21 08:10 - 2014-01-21 08:10 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2014-01-21 08:10 - 2014-01-21 08:10 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-01-21 08:10 - 2014-01-21 08:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys2014-01-21 08:10 - 2014-01-21 08:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll2014-01-21 08:10 - 2014-01-21 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ___RD C:\WINDOWS\ToastData2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\MediaViewer2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\FileManager2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Camera2014-01-21 08:09 - 2014-01-21 08:09 - 00262144 _____ C:\WINDOWS\system32\config\userdiff2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\Reference Assemblies2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\MSBuild2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies2014-01-21 02:16 - 2014-01-21 02:16 - 00047548 _____ C:\Users\Ciaran\Downloads\Minecraft (2).jar2014-01-21 02:16 - 2014-01-21 02:16 - 00000000 _____ C:\Users\Ciaran\13stdybt37.tmp2014-01-21 02:12 - 2014-01-21 02:12 - 00783704 _____ C:\Users\Ciaran\Downloads\MC Force Op LauncherMC.rar2014-01-20 20:53 - 2013-05-13 21:41 - 00000000 ____D C:\ProgramData\WinClon2014-01-20 20:46 - 2014-01-20 20:46 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Spoon2014-01-20 17:16 - 2013-05-14 19:45 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-01-20 17:13 - 2013-05-21 14:34 - 00000000 ____D C:\Users\Ciaran\AppData\Local\LogMeIn Hamachi2014-01-20 17:12 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2014-01-20 17:00 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\restore2014-01-20 16:54 - 2013-11-14 16:08 - 00000000 ___HD C:\$Windows.~BT2014-01-20 16:54 - 2012-12-25 18:03 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Packages2014-01-20 16:53 - 2014-01-20 16:53 - 00002060 _____ C:\Users\Public\Desktop\Support Center.lnk2014-01-20 16:51 - 2014-01-20 16:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD2014-01-20 16:50 - 2014-01-20 16:50 - 00001446 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-01-20 16:50 - 2013-05-14 21:09 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-01-20 16:49 - 2014-01-20 16:49 - 00000020 ___SH C:\Users\Ciaran\ntuser.ini2014-01-20 16:48 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\rescache2014-01-20 16:47 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Registration2014-01-20 16:46 - 2014-01-20 16:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat2014-01-20 16:46 - 2014-01-20 16:22 - 00036198 _____ C:\WINDOWS\diagwrn.xml2014-01-20 16:46 - 2014-01-20 16:22 - 00036198 _____ C:\WINDOWS\diagerr.xml2014-01-20 16:39 - 2013-08-22 23:36 - 00000000 __RSD C:\WINDOWS\Media2014-01-20 16:39 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries2014-01-20 16:37 - 2013-05-13 22:48 - 00880342 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI2014-01-20 16:36 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Administrator2014-01-20 16:30 - 2013-08-22 21:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2014-01-20 16:29 - 2012-07-26 13:37 - 00000000 ____D C:\Users\Default.migrated2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\system32\WCN2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\spool2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\NDF2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\MUI2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\IME2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\oobe2014-01-20 16:28 - 2013-05-13 21:39 - 00000000 ____D C:\WINDOWS\SysWOW64\sda2014-01-20 16:27 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\MSBuild2014-01-20 16:27 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files (x86)\Intel2014-01-20 16:27 - 2013-11-14 15:17 - 00000000 ____D C:\WINDOWS\ShellNew2014-01-20 16:27 - 2013-08-22 23:43 - 00000000 ____D C:\WINDOWS\DigitalLocker2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files\Windows Sidebar2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Resources2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\IME2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Help2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Cursors2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2014-01-20 16:27 - 2013-05-22 20:40 - 00000000 ____D C:\WINDOWS\en2014-01-20 16:27 - 2012-08-06 05:11 - 00000000 ____D C:\ProgramData\PRICache2014-01-20 16:25 - 2014-01-20 16:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate2014-01-20 16:25 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 16:25 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Recovery2014-01-20 16:25 - 2013-05-19 16:54 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2014-01-20 16:24 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 16:24 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 16:24 - 2013-11-08 19:06 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client2014-01-20 16:24 - 2013-08-09 19:12 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com2014-01-20 16:24 - 2013-07-21 22:11 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecontrol for Minecraft2014-01-20 16:24 - 2013-07-11 18:34 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager2014-01-20 16:24 - 2013-05-21 13:08 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZombieModding2014-01-20 16:24 - 2013-05-20 14:37 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages2014-01-20 16:20 - 2014-01-21 08:05 - 00000000 ____D C:\Recovery2014-01-20 16:17 - 2014-01-20 16:17 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Synaptics2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Realtek2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 ____D C:\Program Files\Intel2014-01-20 16:16 - 2013-04-12 16:17 - 00000000 ____D C:\AMD2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\AMD2014-01-20 16:14 - 2013-08-22 21:36 - 00000000 __RHD C:\Users\Default2014-01-20 15:55 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent2014-01-18 21:40 - 2013-09-20 09:44 - 00000000 ____D C:\Program Files (x86)\UEFI WinFlash2014-01-18 20:48 - 2014-01-18 20:48 - 00001377 _____ C:\Users\Ciaran\Desktop\Play Plants vs. Zombies.lnk2014-01-18 20:48 - 2013-05-14 19:31 - 00000000 ____D C:\ProgramData\PopCap Games2014-01-18 20:30 - 2014-01-18 20:30 - 00001078 _____ C:\Users\Ciaran\Desktop\Pokemon Showdown.lnk2014-01-18 20:28 - 2013-05-31 21:18 - 00000000 ____D C:\Users\Ciaran\AppData\Local\CrashDumps2014-01-18 20:27 - 2013-09-06 21:03 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Pokemon Showdown2014-01-18 20:27 - 2013-09-06 21:02 - 00001871 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk2014-01-18 20:26 - 2014-01-18 20:25 - 24156191 _____ C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe2014-01-18 19:06 - 2014-01-18 18:30 - 00001642 _____ C:\Users\Ciaran\Desktop\My Mod App CSG.txt2014-01-18 17:53 - 2014-01-18 17:53 - 00000136 _____ C:\Users\Ciaran\Desktop\Call of Duty® World at War.lnk2014-01-18 17:03 - 2014-01-18 17:03 - 00002125 _____ C:\Users\Public\Desktop\S Service.lnk2014-01-18 17:03 - 2014-01-18 17:03 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Samsung2014-01-18 17:03 - 2012-09-19 18:04 - 00000000 ____D C:\Program Files (x86)\Samsung2014-01-18 17:02 - 2014-01-18 17:02 - 00002101 _____ C:\Users\Public\Desktop\Quick Starter.lnk2014-01-18 17:02 - 2013-05-14 21:10 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Samsung2014-01-18 17:02 - 2013-05-13 22:42 - 00000000 ____D C:\Users\Marty\AppData\Local\Samsung2014-01-18 17:02 - 2013-05-13 20:37 - 00000000 ____D C:\ProgramData\Samsung2014-01-18 16:53 - 2013-06-02 11:56 - 00000000 ____D C:\ProgramData\Microsoft Help2014-01-18 16:51 - 2014-01-18 16:48 - 00000000 ___RD C:\Users\Ciaran\Documents\Desktop stuff2014-01-18 16:51 - 2013-08-04 18:12 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-18 16:48 - 2013-05-14 20:24 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-18 04:02 - 2013-10-07 11:23 - 00000000 ____D C:\ProgramData\LogMeIn2014-01-18 00:44 - 2013-11-10 20:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-01-18 00:31 - 2014-01-18 00:31 - 00209469 _____ C:\Users\Ciaran\Downloads\Level 72 Borderlands 2 Characters (1).rar2014-01-18 00:27 - 2014-01-18 00:27 - 01226271 _____ C:\Users\Ciaran\Downloads\saveedit_r227.zip2014-01-17 23:33 - 2014-01-17 23:32 - 06013024 _____ (Nota Inc. ) C:\Users\Ciaran\Downloads\GyazoSetup.exe2014-01-07 16:01 - 2014-01-07 16:01 - 00401776 _____ (Softonic ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe2014-01-05 19:11 - 2014-01-05 19:11 - 00616312 _____ (Windows 8.1 32 Bit 64Bit Free Download Serial Key) C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe2014-01-05 16:47 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (3).zip2014-01-05 16:47 - 2014-01-05 16:46 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (2).zip2013-12-31 14:03 - 2013-12-31 14:02 - 05662741 _____ C:\Users\Ciaran\Downloads\gta8.zip2013-12-30 19:21 - 2013-12-30 19:21 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\openvr2013-12-29 16:29 - 2013-12-29 16:29 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (1).zip2013-12-28 22:03 - 2013-12-28 22:03 - 00000000 ____D C:\ProgramData\Oracle2013-12-28 22:00 - 2013-12-28 22:00 - 00915368 _____ (Oracle Corporation) C:\Users\Ciaran\Downloads\chromeinstall-7u45.exe2013-12-28 21:21 - 2013-12-28 21:21 - 00817443 _____ C:\Users\Ciaran\Downloads\PokeGen_full.zip ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-20 16:14 ==================== End Of Log ============================
- January 27, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

I have downloaded and run mbam-clean-1.60.2.0003.exe which completed successfully. I then downloaded mbam-setup-1.75.0.1300.exe and ran that but unsuccessfully. I get the following error message:
- January 27, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Hi Kevin I can't run MBAM as I get a Run time error, Type 13 Mismatch. I can't update it either as the Update button is greyed out and the date on the database file is displayed as 01/01/1601. Should I uninstall the version I have and download and install a new version? cheers Marty
- January 26, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Part 2 ==== Sysinternals Autoruns Log ====================== HKLM\System\CurrentControlSet\Services AdobeARMservice "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" Adobe Acrobat Updater keeps your Adobe software up to date. Adobe Systems Incorporated 1.7.2.0 c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe 3/12/2012 3:34 PM AMD External Events Utility %SystemRoot%\system32\atiesrxx.exe AMD External Events Service Module AMD 6.14.11.1159 c:\windows\system32\atiesrxx.exe 7/11/2013 1:22 AM AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe Atheros BT Stack Service Agent Qualcomm Atheros Commnucations 8.0.0.216 c:\program files (x86)\bluetooth suite\adminservice.exe 5/12/2012 8:38 PM avast! Antivirus "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler. AVAST Software 9.0.2011.263 c:\program files\avast software\avast\avastsvc.exe 17/12/2013 6:31 AM cphs %SystemRoot%\SysWow64\IntelCpHeciSvc.exe Intel® Content Protection HECI Service - enables communication with the Content Protection FW Intel Corporation 9.0.20.9000 c:\windows\syswow64\intelcphecisvc.exe 14/06/2013 7:35 AM Easy Launcher C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe easy setting Samsung Electronics CO., LTD. 2.0.0.10 c:\program files (x86)\samsung\settings\cmdserver\easylauncher.exe 30/11/2012 4:17 PM gupdate "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Inc. 1.3.21.103 c:\program files (x86)\google\update\googleupdate.exe 16/02/2012 10:43 AM gupdatem "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Inc. 1.3.21.103 c:\program files (x86)\google\update\googleupdate.exe 16/02/2012 10:43 AM Hamachi2Svc "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s Hamachi Client Tunneling Engine LogMeIn Inc. 2.2.0.109 c:\program files (x86)\logmein hamachi\hamachi-2.exe 29/11/2013 11:14 PM IAStorDataMgrSvc "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" Provides storage event notification and manages communication between the storage driver and user space applications. Intel Corporation 11.6.0.1030 c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe 2/09/2012 9:05 AM LMIGuardianSvc "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" Support LogMeIn processes with quality assurance feedback LogMeIn, Inc. 10.1.0.1640 c:\program files (x86)\logmein hamachi\lmiguardiansvc.exe 11/10/2013 6:38 PM SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Offers malware scanning services to Spybot-S&D modules. Safer-Networking Ltd. 2.0.12.205 c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe 13/11/2012 9:07 PM SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe Downloads Spybot updates and installs them. Safer-Networking Ltd. 2.0.12.76 c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe 13/11/2012 9:07 PM SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Integrates Spybot into the Windows Security Center. Safer-Networking Ltd. 2.0.12.2 c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe 13/11/2012 9:07 PM Skype C2C Service "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" Skype Click to Call Update Service Skype Technologies S.A. 6.13.0.13771 c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe 9/10/2013 6:58 PM SkypeUpdate "C:\Program Files (x86)\Skype\Updater\Updater.exe" Enables the detection, download and installation of updates for Skype. Skype Technologies 6.8.1.61523 c:\program files (x86)\skype\updater\updater.exe 5/09/2013 5:31 PM Steam Client Service "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService Steam Client Service monitors and updates Steam content Valve Corporation 2.4.35.50 c:\program files (x86)\common files\steam\steamservice.exe 12/12/2013 2:57 AM SWUpdateService C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE SW Update Agent Samsung Electronics CO., LTD. 2.1.21.0 c:\programdata\samsung\sw update service\swmagent.exe 21/10/2013 8:06 PM ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and Bluetooth. Atheros 8.0.0.270 c:\program files (x86)\bluetooth suite\ath_coexagent.exe 23/11/2012 3:41 PM HKLM\System\CurrentControlSet\Services 3ware System32\drivers\3ware.sys LSI 3ware SCSI Storport Driver LSI 5.1.0.51 c:\windows\system32\drivers\3ware.sys 12/04/2013 6:49 AM ADP80XX System32\drivers\ADP80XX.SYS PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller PMC-Sierra 1.0.0.254 c:\windows\system32\drivers\adp80xx.sys 13/07/2013 5:47 AM amdkmdag \SystemRoot\system32\DRIVERS\atikmdag.sys ATI Radeon Kernel Mode Driver Advanced Micro Devices, Inc. 8.1.1.1331 c:\windows\system32\drivers\atikmdag.sys 7/11/2013 2:08 AM amdkmdap \SystemRoot\system32\DRIVERS\atikmpag.sys AMD multi-vendor Miniport Driver Advanced Micro Devices, Inc. 8.14.1.6340 c:\windows\system32\drivers\atikmpag.sys 7/11/2013 12:54 AM amdsata System32\drivers\amdsata.sys AHCI 1.3 Device Driver Advanced Micro Devices 1.1.4.14 c:\windows\system32\drivers\amdsata.sys 9/07/2013 6:54 AM amdsbs System32\drivers\amdsbs.sys AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform AMD Technologies Inc. 3.7.1540.43 c:\windows\system32\drivers\amdsbs.sys 12/12/2012 5:21 AM amdxata System32\drivers\amdxata.sys Storage Filter Driver Advanced Micro Devices 1.1.4.14 c:\windows\system32\drivers\amdxata.sys 9/07/2013 6:45 AM arcsas System32\drivers\arcsas.sys Adaptec SAS RAID WS03 Driver PMC-Sierra, Inc. 7.2.0.30261 c:\windows\system32\drivers\arcsas.sys 9/07/2013 8:50 AM aswMonFlt \??\C:\windows\system32\drivers\aswMonFlt.sys avast! mini-filter driver (aswMonFlt) AVAST Software 9.0.2011.263 c:\windows\system32\drivers\aswmonflt.sys 17/12/2013 6:28 AM aswRdr \??\C:\windows\system32\drivers\aswRdr2.sys avast! WFP Redirect driver AVAST Software 9.0.2006.149 c:\windows\system32\drivers\aswrdr2.sys 11/10/2013 7:11 PM aswRvrt aswRvrt avast! Revert 9.0.2004.130 c:\windows\system32\drivers\aswrvrt.sys 4/10/2013 3:48 PM aswSnx \??\C:\windows\system32\drivers\aswSnx.sys avast! virtualization driver (aswSnx) AVAST Software 9.0.2011.263 c:\windows\system32\drivers\aswsnx.sys 17/12/2013 6:29 AM aswSP \??\C:\windows\system32\drivers\aswSP.sys avast! Self Protection AVAST Software 9.0.2010.245 c:\windows\system32\drivers\aswsp.sys 9/12/2013 3:09 PM aswStm \??\C:\WINDOWS\system32\drivers\aswStm.sys avast! StreamFilter Callout Driver AVAST Software 9.0.2011.265 c:\windows\system32\drivers\aswstm.sys 20/12/2013 6:11 PM aswVmm aswVmm avast! VM Monitor 9.0.2010.245 c:\windows\system32\drivers\aswvmm.sys 9/12/2013 3:04 PM AthBTPort \SystemRoot\system32\DRIVERS\btath_flt.sys Qualcomm Atheros FILTER driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_flt.sys 21/11/2012 3:35 PM athr \SystemRoot\system32\DRIVERS\athw8x.sys Qualcomm Atheros Extensible Wireless LAN device driver Qualcomm Atheros Communications, Inc. 3.0.1.145 c:\windows\system32\drivers\athw8x.sys 17/01/2013 5:15 PM b06bdrv System32\drivers\bxvbda.sys Broadcom NetXtreme II GigE VBD Broadcom Corporation 7.4.14.0 c:\windows\system32\drivers\bxvbda.sys 5/02/2013 3:47 AM bcmfn2 \SystemRoot\System32\drivers\bcmfn2.sys BCM Function 2 Device Driver Windows ® Win 7 DDK provider 6.3.9391.6 c:\windows\system32\drivers\bcmfn2.sys 3/08/2013 7:59 AM BTATH_A2DP \SystemRoot\system32\drivers\btath_a2dp.sys Qualcomm Atheros A2DP driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_a2dp.sys 21/11/2012 3:35 PM btath_avdt \SystemRoot\system32\drivers\btath_avdt.sys Qualcomm Atheros Bluetooth AVDT driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_avdt.sys 2/11/2012 1:35 PM BTATH_HCRP \SystemRoot\System32\drivers\btath_hcrp.sys Qualcomm Atheros HCRP driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_hcrp.sys 2/11/2012 1:36 PM BTATH_HID \SystemRoot\system32\DRIVERS\btath_hid.sys Qualcomm Atheros HID driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_hid.sys 2/11/2012 1:36 PM BTATH_LWFLT \SystemRoot\system32\DRIVERS\btath_lwflt.sys Qualcomm Atheros FILTER driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_lwflt.sys 2/11/2012 1:35 PM BTATH_RCP \SystemRoot\System32\drivers\btath_rcp.sys Qualcomm Atheros AVRCP driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btath_rcp.sys 2/11/2012 1:36 PM BtFilter \SystemRoot\system32\DRIVERS\btfilter.sys Qualcomm Atheros BtFilter Driver Qualcomm Atheros 8.0.0.216 c:\windows\system32\drivers\btfilter.sys 21/11/2012 3:35 PM CLVirtualDrive \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys CyberLink CLVirtualDrive Driver CyberLink 1.0.0.621 c:\windows\system32\drivers\clvirtualdrive.sys 26/12/2011 9:26 PM ebdrv System32\drivers\evbda.sys Broadcom NetXtreme II 10 GigE VBD Broadcom Corporation 7.4.33.1 c:\windows\system32\drivers\evbda.sys 8/04/2013 10:30 PM hamachi \SystemRoot\system32\DRIVERS\Hamdrv.sys LogMeIn Hamachi Virtual Miniport Driver LogMeIn Inc. 8.1.2.1 c:\windows\system32\drivers\hamdrv.sys 29/11/2013 11:19 PM hitmanpro37 \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys HitmanPro 3.7 Support Driver 1.3.7.9 c:\windows\system32\drivers\hitmanpro37.sys 20/08/2013 4:04 AM HpSAMD System32\drivers\HpSAMD.sys Smart Array SAS/SATA Controller Media Driver Hewlett-Packard Company 8.0.4.0 c:\windows\system32\drivers\hpsamd.sys 27/03/2013 5:36 AM iaLPSSi_GPIO \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys Intel® Serial IO GPIO Controller Driver Intel Corporation 1.1.163.0 c:\windows\system32\drivers\ialpssi_gpio.sys 26/06/2013 10:22 PM iaLPSSi_I2C \SystemRoot\System32\drivers\iaLPSSi_I2C.sys Intel® Serial IO I2C Controller Driver Intel Corporation 1.1.163.0 c:\windows\system32\drivers\ialpssi_i2c.sys 26/06/2013 10:22 PM iaStorA System32\drivers\iaStorA.sys Intel Rapid Storage Technology driver - x64 Intel Corporation 11.6.0.1030 c:\windows\system32\drivers\iastora.sys 2/09/2012 9:01 AM iaStorAV System32\drivers\iaStorAV.sys Intel Rapid Storage Technology driver (inbox) - x64 Intel Corporation 12.0.1.1018 c:\windows\system32\drivers\iastorav.sys 1/08/2013 8:00 AM iaStorV System32\drivers\iaStorV.sys Intel Matrix Storage Manager driver - x64 Intel Corporation 8.6.2.1019 c:\windows\system32\drivers\iastorv.sys 12/04/2011 2:48 AM igfx \SystemRoot\system32\DRIVERS\igdkmd64.sys Intel Graphics Kernel Mode Driver Intel Corporation 10.18.10.3379 c:\windows\system32\drivers\igdkmd64.sys 19/12/2013 4:49 AM intaud_WaveExtensible \SystemRoot\system32\drivers\intelaud.sys Intel© WiDi Solution Intel Corporation 4.5.30.0 c:\windows\system32\drivers\intelaud.sys 27/09/2013 5:38 AM IntcAzAudAddService \SystemRoot\system32\drivers\RTKVHD64.sys Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. 6.0.1.6702 c:\windows\system32\drivers\rtkvhd64.sys 10/08/2012 6:03 PM IntcDAud \SystemRoot\system32\DRIVERS\IntcDAud.sys Intel® Display Audio Driver Intel® Corporation 6.14.0.3097 c:\windows\system32\drivers\intcdaud.sys 19/06/2012 10:40 PM iwdbus \SystemRoot\System32\drivers\iwdbus.sys Intel© WiDi Solution Intel Corporation 4.5.30.0 c:\windows\system32\drivers\iwdbus.sys 27/09/2013 5:38 AM LSI_SAS System32\drivers\lsi_sas.sys LSI Fusion-MPT SAS Driver (StorPort) LSI Corporation 1.34.3.82 c:\windows\system32\drivers\lsi_sas.sys 29/03/2013 1:42 AM LSI_SAS2 System32\drivers\lsi_sas2.sys LSI SAS Gen2 Driver (StorPort) LSI Corporation 2.0.60.82 c:\windows\system32\drivers\lsi_sas2.sys 29/03/2013 1:45 AM LSI_SAS3 System32\drivers\lsi_sas3.sys LSI SAS Gen3 Driver (StorPort) LSI Corporation 2.50.65.1 c:\windows\system32\drivers\lsi_sas3.sys 16/03/2013 7:38 AM LSI_SSS System32\drivers\lsi_sss.sys LSI SSS PCIe/Flash Driver (StorPort) LSI Corporation 2.10.61.81 c:\windows\system32\drivers\lsi_sss.sys 16/03/2013 7:39 AM megasas System32\drivers\megasas.sys MEGASAS RAID Controller Driver for Windows LSI Corporation 6.3.9466.0 c:\windows\system32\drivers\megasas.sys 24/07/2013 5:08 AM megasr System32\drivers\megasr.sys LSI MegaRAID Software RAID Driver LSI Corporation, Inc. 15.2.2013.129 c:\windows\system32\drivers\megasr.sys 4/06/2013 6:02 AM MEIx64 \SystemRoot\System32\drivers\HECIx64.sys Intel® Management Engine Interface Intel Corporation 9.0.0.1287 c:\windows\system32\drivers\hecix64.sys 18/12/2012 3:32 AM mvumis System32\drivers\mvumis.sys Marvell Flash Controller Driver Marvell Semiconductor, Inc. 1.0.5.1015 c:\windows\system32\drivers\mvumis.sys 21/03/2013 1:14 AM nvraid System32\drivers\nvraid.sys NVIDIA© nForce RAID Driver NVIDIA Corporation 10.6.0.22 c:\windows\system32\drivers\nvraid.sys 13/09/2011 8:01 AM nvstor System32\drivers\nvstor.sys NVIDIA© nForce Sata Performance Driver NVIDIA Corporation 10.6.0.22 c:\windows\system32\drivers\nvstor.sys 13/09/2011 7:53 AM RadioHIDMini \SystemRoot\System32\drivers\RadioHIDMini.sys HID Radio Switch mini driver for USB Fx2 Device Windows ® Win 7 DDK provider 6.2.8400.4218 c:\windows\system32\drivers\radiohidmini.sys 27/07/2012 7:57 PM RSUSBVSTOR \SystemRoot\System32\Drivers\RtsUVStor.sys Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8 Realtek Semiconductor Corp. 6.1.8400.39030 c:\windows\system32\drivers\rtsuvstor.sys 15/06/2012 1:43 PM RTL8168 \SystemRoot\system32\DRIVERS\Rt630x64.sys Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver Realtek 8.1.510.2013 c:\windows\system32\drivers\rt630x64.sys 10/05/2013 5:59 PM secdrv secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 c:\windows\system32\drivers\secdrv.sys 13/09/2006 9:18 PM SiSRaid2 System32\drivers\SiSRaid2.sys SiS RAID Stor Miniport Driver Silicon Integrated Systems Corp. 5.1.1039.2600 c:\windows\system32\drivers\sisraid2.sys 25/09/2008 2:28 AM SiSRaid4 System32\drivers\sisraid4.sys SiS AHCI Stor-Miniport Driver Silicon Integrated Systems 5.1.1039.3600 c:\windows\system32\drivers\sisraid4.sys 2/10/2008 5:56 AM stexstor System32\drivers\stexstor.sys Promise SuperTrak EX Series Driver for Windows x64 Promise Technology, Inc. 5.1.0.10 c:\windows\system32\drivers\stexstor.sys 27/11/2012 8:02 AM SynTP \SystemRoot\system32\DRIVERS\SynTP.sys Synaptics Touchpad Driver Synaptics Incorporated 16.2.14.2 c:\windows\system32\drivers\syntp.sys 17/10/2012 8:40 AM viaide System32\drivers\viaide.sys VIA Generic PCI IDE Bus Driver VIA Technologies, Inc. 6.0.6000.170 c:\windows\system32\drivers\viaide.sys 22/08/2013 7:40 PM vsmraid System32\drivers\vsmraid.sys VIA RAID DRIVER FOR AMD-X86-64 VIA Technologies Inc.,Ltd 7.0.9200.6320 c:\windows\system32\drivers\vsmraid.sys 24/01/2013 4:35 AM VSTXRAID System32\drivers\vstxraid.sys VIA StorX RAID Controller Driver VIA Corporation 8.0.9200.8110 c:\windows\system32\drivers\vstxraid.sys 22/01/2013 3:00 AM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers AthCredentialProvider HKCR\CLSID\{ACFC407B-266C-8504-8DAE-F3E276336E4B} Bluetooth Credential Provider Qualcomm Atheros Commnucations 8.0.0.216 c:\windows\system32\athcredentialprovider.dll 5/12/2012 8:38 PM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters AthCredentialProvider HKCR\CLSID\{ACFC407B-266C-8504-8DAE-F3E276336E4B} Bluetooth Credential Provider Qualcomm Atheros Commnucations 8.0.0.216 c:\windows\system32\athcredentialprovider.dll 5/12/2012 8:38 PM HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify igfxcui igfxdev.dll igfxdev Module Intel Corporation 8.15.10.3379 c:\windows\system32\igfxdev.dll 19/12/2013 4:46 AM HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls _Wow64cpu Wow64cpu.dll File not found: C:\WINDOWS\syswow64\Wow64cpu.dll _Wow64win Wow64win.dll File not found: C:\WINDOWS\syswow64\Wow64win.dll _Wow64 Wow64.dll File not found: C:\WINDOWS\syswow64\Wow64.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IgfxTray "C:\WINDOWS\system32\igfxtray.exe" igfxTray Module Intel Corporation 8.15.10.3379 c:\windows\system32\igfxtray.exe 19/12/2013 4:46 AM HotKeysCmds "C:\WINDOWS\system32\hkcmd.exe" hkcmd Module Intel Corporation 8.15.10.3379 c:\windows\system32\hkcmd.exe 19/12/2013 4:47 AM Persistence "C:\WINDOWS\system32\igfxpers.exe" persistence Module Intel Corporation 8.15.10.3379 c:\windows\system32\igfxpers.exe 19/12/2013 4:47 AM RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s Realtek HD Audio Manager Realtek Semiconductor 1.0.0.806 c:\program files\realtek\audio\hda\ravcpl64.exe 10/08/2012 5:12 PM BtTray "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" BtTray Qualcomm Atheros 8.0.0.216 c:\program files (x86)\bluetooth suite\bttray.exe 5/12/2012 8:39 PM BtvStack "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" Extension Core Qualcomm Atheros Commnucations 8.0.0.216 c:\program files (x86)\bluetooth suite\btvstack.exe 5/12/2012 8:39 PM SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe Synaptics TouchPad Enhancements Synaptics Incorporated 16.2.14.2 c:\program files\synaptics\syntp\syntpenh.exe 17/10/2012 9:24 AM HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run StartCCC "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun Catalyst© Control Center Launcher Advanced Micro Devices, Inc. 3.5.0.0 c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe 6/08/2012 11:44 PM IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 Delayed launcher Intel Corporation 1.0.0.2 c:\program files (x86)\intel\intel® rapid storage technology\iastoriconlaunch.exe 13/09/2012 5:18 AM CLMLServer_For_P2G8 "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" CyberLink MediaLibray Service CyberLink 8.0.0.608 c:\program files (x86)\cyberlink\power2go8\clmlsvc_p2g8.exe 8/06/2012 11:20 AM CLVirtualDrive "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R CyberLink Virtual Drive CyberLink Corp. 8.0.0.1912 c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe 12/07/2012 7:50 PM RemoteControl10 "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" PowerDVD RC Service CyberLink Corp. 10.0.4415.0 c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe 15/08/2012 8:41 PM Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" Adobe Acrobat SpeedLauncher Adobe Systems Incorporated 10.1.5.33 c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe 18/12/2012 8:59 PM Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.7.2.0 c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe 3/12/2012 3:34 PM Intel AppUp(SM) center "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 Intel Services Manager Intel Corporation 1.14.1.36458 c:\program files (x86)\intel\intelappstore\bin\ismagent.exe 24/05/2012 8:46 PM SDTray "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" Spybot - Search & Destroy tray access Safer-Networking Ltd. 2.0.12.127 c:\program files (x86)\spybot - search & destroy 2\sdtray.exe 13/11/2012 9:08 PM LogMeIn Hamachi Ui "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start Hamachi Client Application LogMeIn Inc. 2.2.0.109 c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe 29/11/2013 11:07 PM AvastUI.exe "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui avast! Antivirus AVAST Software 9.0.2011.263 c:\program files\avast software\avast\avastui.exe 17/12/2013 6:34 AM HKLM\SOFTWARE\Classes\Protocols\Handler skype-ie-addon-data HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} Skype Click to Call for Internet Explorer Skype Technologies S.A. 6.13.0.13771 c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll 9/10/2013 6:50 PM HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Themes Setup /UserInstall File not found: /UserInstall Windows Desktop Update U File not found: U HKCU\Software\Microsoft\Windows\CurrentVersion\Run Quick Starter C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe Quick Starter Samsung Electronics CO., LTD. 1.0.2.15 c:\program files (x86)\samsung\quick starter\quick starter.exe 25/09/2013 5:48 PM HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Link Helper HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 10.1.5.33 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll 18/12/2012 8:32 PM Spybot-S&D IE Protection HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F} Blocks URLs that could install spyware, malware etc. Safer-Networking Ltd. 2.0.12.88 c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll 13/11/2012 9:06 PM avast! Online Security HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} IE Webrep plugin AVAST Software 9.0.2011.70 c:\program files\avast software\avast\aswwebrepie.dll 17/12/2013 12:11 AM Skype Browser Helper HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Skype Click to Call for Internet Explorer Skype Technologies S.A. 6.13.0.13771 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll 9/10/2013 6:57 PM HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Link Helper HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 10.1.5.33 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll 18/12/2012 8:32 PM Spybot-S&D IE Protection HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F} Blocks URLs that could install spyware, malware etc. Safer-Networking Ltd. 2.0.12.88 c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll 13/11/2012 9:06 PM avast! Online Security HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} IE Webrep plugin AVAST Software 9.0.2011.70 c:\program files\avast software\avast\aswwebrepie.dll 17/12/2013 12:11 AM Skype Browser Helper HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Skype Click to Call for Internet Explorer Skype Technologies S.A. 6.13.0.13771 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll 9/10/2013 6:57 PM HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ANotepad++64 HKCR\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} ShellHandler for Notepad++ (64 bit) 0.1.0.0 c:\program files (x86)\notepad++\nppshell_05.dll 18/06/2012 11:24 PM Atheros HKCR\CLSID\{B8952421-0E55-400B-94A6-FA858FC0A39F} Atheros Bluetooth Module Qualcomm Atheros Commnucations 8.0.0.216 c:\program files (x86)\bluetooth suite\btvappext.dll 5/12/2012 8:39 PM avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashsha64.dll 17/12/2013 6:35 AM CLVDShellExt HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} Cyberlink Shell Extension dynamic link library Cyberlink 8.0.0.1813 c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll 13/06/2012 10:16 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 1/01/1970 8:00 AM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 1/01/1970 8:00 AM WinRAR HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} WinRAR shell extension Alexander Roshal 5.0.3.0 c:\program files\winrar\rarext.dll 18/05/2013 12:23 AM HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashshell.dll 17/12/2013 6:27 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 13/11/2012 9:06 PM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 13/11/2012 9:06 PM WinRAR32 HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR shell extension Alexander Roshal 5.0.3.0 c:\program files\winrar\rarext32.dll 18/05/2013 12:23 AM HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers CLVDShellExt HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} Cyberlink Shell Extension dynamic link library Cyberlink 8.0.0.1813 c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll 13/06/2012 10:16 AM HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers 00avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashsha64.dll 17/12/2013 6:35 AM FTShellContext HKCR\CLSID\{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} Atheros Bluetooth Module Qualcomm Atheros Commnucations 8.0.0.216 c:\program files (x86)\bluetooth suite\shellcontextext.dll 5/12/2012 8:39 PM MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll 1/03/2013 4:39 AM HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers 00avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashshell.dll 17/12/2013 6:27 AM HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers Ath_CopyHook HKCR\CLSID\{8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} Bluetooth File Transfer Plugin Qualcomm Atheros Commnucations 1.0.0.0 c:\program files (x86)\bluetooth suite\folderviewimpl.dll 5/12/2012 8:39 PM FileZilla3CopyHook HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} fzshellext Dynamic Link Library 3.2.7.0 c:\program files (x86)\filezilla ftp client\fzshellext_64.dll 1/08/2009 6:34 PM HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers FileZilla3CopyHook HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} fzshellext Dynamic Link Library 3.7.3.0 c:\program files (x86)\filezilla ftp client\fzshellext.dll 8/08/2013 3:25 AM HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers ACE HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} AMD Desktop Control Panel Advanced Micro Devices, Inc. 6.14.10.2001 c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll 6/08/2012 11:46 PM igfxcui HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} igfxpph Module Intel Corporation 8.15.10.3379 c:\windows\system32\igfxpph.dll 19/12/2013 4:47 AM HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. 10.1.5.33 c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll 18/12/2012 9:02 PM HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashsha64.dll 17/12/2013 6:35 AM MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll 1/03/2013 4:39 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 1/01/1970 8:00 AM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll 1/01/1970 8:00 AM WinRAR HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} WinRAR shell extension Alexander Roshal 5.0.3.0 c:\program files\winrar\rarext.dll 18/05/2013 12:23 AM HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashshell.dll 17/12/2013 6:27 AM SDECon32 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 13/11/2012 9:06 PM SDECon64 HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC} Windows Explorer context menu integration Safer-Networking Ltd. 2.0.12.113 c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll 13/11/2012 9:06 PM WinRAR32 HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR shell extension Alexander Roshal 5.0.3.0 c:\program files\winrar\rarext32.dll 18/05/2013 12:23 AM HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers WinRAR HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} WinRAR shell extension Alexander Roshal 5.0.3.0 c:\program files\winrar\rarext.dll 18/05/2013 12:23 AM HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers WinRAR32 HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR shell extension Alexander Roshal 5.0.3.0 c:\program files\winrar\rarext32.dll 18/05/2013 12:23 AM HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers 00avast HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} avast! Shell Extension AVAST Software 9.0.2011.263 c:\program files\avast software\avast\ashsha64.dll 17/12/2013 6:35 AM HKLM\Software\Microsoft\Internet Explorer\Toolbar avast! Online Security HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} IE Webrep plugin AVAST Software 9.0.2011.70 c:\program files\avast software\avast\aswwebrepie64.dll 17/12/2013 12:12 AM HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar avast! Online Security HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} IE Webrep plugin AVAST Software 9.0.2011.70 c:\program files\avast software\avast\aswwebrepie.dll 17/12/2013 12:11 AM HKLM\Software\Microsoft\Internet Explorer\Extensions Skype Click to Call C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll Skype Click to Call for Internet Explorer Skype Technologies S.A. 6.13.0.13771 c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll 9/10/2013 6:50 PM HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions Skype Click to Call C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Skype Click to Call for Internet Explorer Skype Technologies S.A. 6.13.0.13771 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll 9/10/2013 6:57 PM Spybot - Search && Destroy Configuration C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll Blocks URLs that could install spyware, malware etc. Safer-Networking Ltd. 2.0.12.88 c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll 13/11/2012 9:06 PM HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\System32\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\system32\l3codeca.acm 22/08/2013 7:32 PM VIDC.FPS1 frapsv64.dll Fraps Beepa P/L 3.5.99.15619 c:\windows\system32\frapsv64.dll 26/02/2013 2:55 PM vidc.mjpg bdmjpeg64.dll c:\windows\system32\bdmjpeg64.dll 5/08/2013 2:11 PM vidc.mpeg bdmpegv64.dll c:\windows\system32\bdmpegv64.dll 5/08/2013 2:11 PM msacm.bdmpeg bdmpega64.acm c:\windows\system32\bdmpega64.acm 5/08/2013 2:11 PM HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\SysWOW64\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\syswow64\l3codeca.acm 22/08/2013 12:03 PM vidc.cvid iccvid.dll Cinepak© Codec Radius Inc. 1.10.0.12 c:\windows\syswow64\iccvid.dll 22/08/2013 12:03 PM VIDC.FPS1 frapsvid.dll Fraps Beepa P/L 3.5.99.15619 c:\windows\syswow64\frapsvid.dll 26/02/2013 2:55 PM vidc.mjpg bdmjpeg.dll c:\windows\syswow64\bdmjpeg.dll 5/08/2013 2:11 PM vidc.mpeg bdmpegv.dll c:\windows\syswow64\bdmpegv.dll 5/08/2013 2:11 PM msacm.bdmpeg bdmpega.acm c:\windows\syswow64\bdmpega.acm 5/08/2013 2:11 PM HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance Bandisoft MPEG-1 Video Decoder HKCR\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} Bandisoft Directshow Filter www.Bandisoft.com 1.0.5.16 c:\program files (x86)\bandimpeg1\bdfilters64.dll 5/08/2013 2:11 PM Bandisoft MPEG-1 Audio Decoder HKCR\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} Bandisoft Directshow Filter www.Bandisoft.com 1.0.5.16 c:\program files (x86)\bandimpeg1\bdfilters64.dll 5/08/2013 2:11 PM HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance ATI Ticker HKCR\CLSID\{10AD8B9D-222E-44D1-881B-0EA79E1B2D6E} c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax 6/08/2012 11:44 PM CyberLink Audio Wizard HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321} CyberLink Audio Wizard Filter CyberLink Corp. 1.0.0.4414 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax 14/08/2009 9:26 PM CyberLink Line21 Decoder (PDVD10) HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1} CyberLink Line21 Decoder Filter CyberLink Corp. 4.0.0.10324 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax 24/07/2009 10:21 AM CyberLink DVD Navigator (PDVD10) HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11} CyberLink DVD Navigation Filter CyberLink Corp. 8.1.3802.0 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax 2/02/2012 8:46 PM CyberLink AudioCD Filter (PDVD10) HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F} CyberLink AudioCD Filter CyberLink Corp. 5.0.0.7823 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax 23/06/2009 10:00 PM CyberLink Matroska Splitter(PDVD10) HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454} CyberLink Matroska Splitter CyberLink Corp. 1.0.0.1902 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax 2/07/2010 5:20 PM CyberLink TimeStretch Filter (PDVD10) HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E} CLAuTS.ax CyberLink Corp. 2.0.0.3404 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax 4/10/2010 11:39 AM CyberLink RealMedia Splitter(PDVD10) HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666} CyberLink RealMedia Splitter CyberLink Corp. 1.0.0.1706 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax 6/05/2010 5:42 PM CyberLink MPEG Splitter HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C} CyberLink MPEG Splitter CyberLink Corp. 3.4.0.3408 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax 8/10/2010 4:23 PM MMACE ProcAmp HKCR\CLSID\{4A6E162C-6F51-4956-86D0-A72729178B9B} c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll 6/08/2012 11:45 PM CyberLink Audio Decoder (PDVD10) HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C} CyberLink Audio Decoder Filter CyberLink Corp. 9.0.0.1722 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax 22/05/2012 4:03 PM CyberLink Video/SP Decoder (PDVD10) HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB} CyberLink Video/SP Filter CyberLink Corp. 8.4.0.2505 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax 5/01/2011 7:11 PM CyberLink HD/BD Mixer (PDVD10) HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E} CLHBMixer 2.0.0.5211 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax 11/04/2012 6:03 PM CyberLink Audio Effect (PDVD10) HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D} CyberLink Audio Effect Filter CyberLink Corporation 6.0.0.7225 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax 25/12/2009 4:54 PM CyberLink Digest Filter (PDVD10) HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A} DigestFilter Dynamic Link Library 1.0.0.4028 c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll 28/04/2010 8:54 PM MMACE SoftEmu HKCR\CLSID\{854F4628-CE51-42C4-80E9-80DAE27FAAAE} c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll 6/08/2012 11:45 PM Bandisoft MPEG-1 Video Decoder HKCR\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689} Bandisoft Directshow Filter www.Bandisoft.com 1.0.5.16 c:\program files (x86)\bandimpeg1\bdfilters.dll 5/08/2013 2:11 PM Cyberlink SubTitle Importor (PDVD10) HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91} CLSubTitle.ax CyberLink Corp. 2.0.0.1823 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax 23/06/2011 3:22 PM MMACE Deinterlace HKCR\CLSID\{9E665ED7-958C-410C-9C56-05DA783E7933} c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll 6/08/2012 11:45 PM CyberLink HAM Decoder HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED} CyberLink Video Decoder Filter CyberLink Corp. 1.0.5540.4128 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax 28/05/2012 10:30 PM CyberLink Tzan Filter (PDVD10) HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116} CyberLink Tzan Filter CyberLink Corp. 3.5.0.4515 c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax 15/09/2011 2:04 PM CyberLink RealVideo Decoder(PDVD10) HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682} CyberLink RealMedia Video Decoder CyberLink Corp. 1.0.0.1225 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax 25/12/2009 11:42 AM Cyberlink SubTitle Importor 2.0 (PDVD10) HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C} CLSubTitle.ax CyberLink Corp. 2.0.0.1823 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax 23/06/2011 3:22 PM CyberLink Video Decoder (PDVD10) HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E} CyberLink Video Decoder Filter CyberLink Corp. 1.0.5540.4128 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax 28/05/2012 10:30 PM CyberLink MPEG-4 Splitter (PDVD10) HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9} CyberLink MPEG-4 Splitter CyberLink Corp. 1.1.0.2906 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax 6/05/2010 6:39 PM CyberLink RealAudio Decoder(PDVD10) HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF} CyberLink RealMedia Audio Decoder CyberLink Corp. 1.0.0.1225 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax 25/12/2009 11:44 AM Bandisoft MPEG-1 Audio Decoder HKCR\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05} Bandisoft Directshow Filter www.Bandisoft.com 1.0.5.16 c:\program files (x86)\bandimpeg1\bdfilters.dll 5/08/2013 2:11 PM CyberLink FLV Splitter(PDVD10) HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580} CyberLink FLV Splitter CyberLink Corp. 1.0.0.3327 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax 27/09/2011 3:30 PM Cyberlink Demuxer 2.0 HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38} CLDemuxer2 Cyberlink 2.0.6.2518 c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax 18/01/2011 8:29 PM ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Ciaran\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Ciaran\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=38 folders=10 175655 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfullyC:\Users\Ciaran\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Users\Marty\AppData\Local\Temp will be emptied at rebootC:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptiedC:\Users\Marty\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 26/01/2014 at 11:16:06.79 ======================
- January 26, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Having to post this in two parts as the post won't save! Zoek.exe v5.0.0.0 Updated 25-January-2014Tool run by Marty on Sun 26/01/2014 at 10:49:37.97.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Marty\Desktop\zoek.com [scan all users] [script inserted] ==== System Restore Info ====================== 26/01/2014 10:52:21 AM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfullyHKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully ==== Installed Programs ====================== Action Replay DSi Code Manager Adobe Reader X (10.1.6) MUI AllSharePlayLink AMD APP SDK Runtime AMD Catalyst Install Manager Apple Software Update avast Free Antivirus Bandicam Bandisoft MPEG-1 Decoder Bruteforce Save Data Call of Duty® - World at War Call of Duty® - World at War 1.1 Patch Call of Duty® - World at War 1.2 Patch Call of Duty® - World at War 1.3 Patch Call of Duty® - World at War 1.4 Patch Call of Duty® - World at War 1.5 Patch Call of Duty® - World at War 1.6 Patch Call of Duty® - World at War 1.7 Patch Catalyst Control Center - Branding Catalyst Control Center Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Mobile ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CyberLink Power2Go 8 CyberLink PowerDVD 10 D3DX10 Easy File Share Fraps (remove only) Google Chrome Google Update Helper Help Desk HxD Hex Editor version 1.7.7.0 Intel AppUp(SM) center Intel® Control Center Intel® Processor Graphics Intel® Rapid Storage Technology LogMeIn Hamachi Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 MotioninJoy ds3 driver version 0.6.0003 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Nexus Mod Manager Notepad++ Photo Common Photo Gallery Plants vs. Zombies Pokemon Showdown PX Profile Update Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Client Installation Program Quick Starter Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Recovery S Agent S Service Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Settings Skype Click to Call SkypeT 6.10 Spybot - Search & Destroy SpywareBlaster 5.0 Steam Support Center Support Center FAQ SW Update Synaptics Pointing Device Driver Team Fortress 2 Terraria The Elder Scrolls V: Skyrim Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition User Guide Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 5.00 beta 3 (64-bit) ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\WINDOWS\SysWOW64\cmd.exeC:\WINDOWS\SysWOW64\cmd.exeC:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\Malwarebytes' Anti-Malware (portable) deletedC:\ProgramData\DoowwNloadd keeeper deletedC:\ProgramData\Download keeaper deletedC:\ProgramData\InstallMate deletedC:\ProgramData\Trymedia deletedC:\WINDOWS\Tasks\Dealply.job deletedC:\windows\SysNative\Tasks\Dealply deletedC:\WINDOWS\wininit.ini deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200)Memory (RAM): 8084 MBCPU Info: Intel® Core i5-3210M CPU @ 2.50GHzCPU Speed: 2501.8 MHzSound Card: Speakers (Realtek High Definiti | Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bitNetwork: Network PresentNetwork Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Hosted Network Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485WB-EG Wireless Network AdapterCD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SN-208BBPorts: COM Ports NOT Present. LPT Port NOT Present. Mouse: 7 Button Wheel Mouse PresentHard Disks: C: 441.2GBHard Disks - Free: C: 156.4GBManufacturer *: American Megatrends Inc.BIOS Info: AT/AT COMPATIBLE | | SECCSD - 1072009Time Zone: W. Australia Standard TimeMotherboard *: SAMSUNG ELECTRONICS CO., LTD. NP350V5C-S06AUCountry: Australia Language: ENA ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated)Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: avast! Antivirus disabled (Outdated)Default Browser: Google Chrome 32.0.1700.76Internet Explorer Version: 11.0.9600.16476 Google Chrome version: 32.0.1700.76Adobe Reader version: 10.1.6.1 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ====2014-01-22 16:34:08 CB71A2BA6B7E39703F27074E70E87D57 515196296 ----a-w- C:\WINDOWS\MEMORY.DMP2014-01-20 08:22:58 D67224440BD9237634871CCA92E8E009 36198 ----a-w- C:\WINDOWS\diagwrn.xml2014-01-20 08:22:58 D67224440BD9237634871CCA92E8E009 36198 ----a-w- C:\WINDOWS\diagerr.xml====== C:\Users\Marty\AppData\Local\Temp ====2014-01-24 15:55:32 2F8F1D62382AD78ACEB22C4E22C5EC59 53248 ----a-w- C:\Users\Marty\AppData\Local\Temp\catchme.dll2014-01-24 15:04:02 6D2526DFD03F7358878B602925783AFF 56496 ----a-w- C:\Users\Marty\AppData\Local\Temp\pxriipoc.sys====== Java Cache =====2013-12-28 14:05:39 FB676C41DED9D63ED7A52E9BC8958AC2 23285 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1274c281-237d2bec2013-12-28 14:05:40 1BB8240D8E3E327FB8279ACFE79EDE01 21851 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3e1fc34a-5582db2b2013-12-28 14:04:20 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-48f968072013-12-28 14:05:29 54E4E842ED33F9E82FDC1BFCFC0AFA61 28530 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2ab6698f-16348e892013-12-28 14:05:20 205A2F8ACF7E9588DA4A71B82C80338F 3753 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\53cc754f-17b8b0b72013-12-28 14:04:02 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-3de96a052013-12-28 14:04:02 6B710DFF85C1C94A8E3803848F9FDB94 99 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap2013-12-28 14:05:30 8FA676729D83475E29DC8117328AAB6B 28723 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1b7be912-45b06c0f2013-12-28 14:06:00 DB1E386F1C8E4AA1A81A8E316EAECC37 29262 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2790d2d3-669884462013-12-28 14:04:00 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-4ec22f222013-12-28 14:05:28 97B95433729F93DA5A37F20921AA2F63 28627 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\56327813-543f720a2013-12-28 14:05:31 9F6157982B8F082C27F9B56926804EA0 28826 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\5ebccbd3-6703b4372013-12-28 14:05:50 6B3CA70986451E35DD22CD1D85B086C2 28520 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\57ca25d4-10b211c82013-12-28 14:05:13 D9A68C25CB3BCCF8493D627881DA7A87 1330 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\26a7b695-7e6cbc5d2013-12-28 14:05:22 E8B20DC3789863DA978D1923EF62D224 330 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\35580016-278a59112013-12-28 14:05:53 7832D34A31BD48D92F052902D47486CE 22477 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4413fb97-4c07918a2013-12-28 14:05:26 1F259506FEE25721570A8A074803E7B8 21665 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\14e00398-7bb941932013-12-28 14:05:21 708ACB369353F7F4BBE7456C05C9CE75 330 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2aeca15a-4df8b13d2013-12-28 14:04:52 3AA0C00DBE878E6C7A55816723522551 78 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1896485b-6.0.lap2013-12-28 14:05:27 5622D34A9FF4D061A18F30B9D82123BC 28695 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c4118db-352a8a0d2013-12-28 14:05:23 A880D2D31D573D87D45841A41E676B27 382 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\31a9115d-3112448d2013-12-28 14:05:44 F781856A39513E033469AAB1ED80F6E8 1013 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\57b9d9c3-5ef148912013-12-28 14:05:52 5B1A3F7951DC1A61A2B2DC06E181C92D 29355 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\486dacdf-6421801d2013-12-28 14:05:25 E6BF52A48CC5A7A464E1379A9BCA7F12 28222 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41a58fa3-4720028b2013-12-28 14:05:11 CA37390765E3197BC7C70CEADDC51F8D 356045 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\22c41b65-7737b6482013-12-28 14:06:05 F7495D697E1950ED636B20F04D8B80EE 333 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3aa54fa5-53a8f6f62013-12-28 14:05:34 6500EF05CCD6E35F3700D5DFA1FE9F1F 23324 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25741c44-778ebb952013-12-28 14:04:56 6D2FB8606AD7C43A0193AF5E04666947 766497 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1ec68c6a-2e814f622013-12-28 14:04:03 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-7bd1bf242013-12-28 14:05:43 E4819CF2EAD20BA22248F0DE744590C8 148 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\64829570-2868b6072013-12-28 14:06:03 E63DD118CADC5EBE1701023AB963761F 13471 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\e6896f0-2b1ad636====== C:\WINDOWS\SysWOW64 =====2014-01-21 00:11:30 5AA28997F6A30EB196A5AB09F684B7BE 70680 ----a-w- C:\WINDOWS\SysWOW64\imagehlp.dll2014-01-21 00:11:20 3A27CEE08AF2EC8383CDDC1F4B36DBC3 348160 ----a-w- C:\WINDOWS\SysWOW64\WMPhoto.dll2014-01-21 00:11:16 ED8ED1CE6CAB56103230E2097763DC2B 695808 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll2014-01-21 00:11:16 B6D28E8DC13F9EAF8B74BDB4F3DD9781 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll2014-01-21 00:11:16 73D0837E97CD7368BCA7DE4E373B8503 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll2014-01-21 00:11:10 59D269E3F7ACEDC1A32142E2AB2E200C 156672 ----a-w- C:\WINDOWS\SysWOW64\scrrun.dll2014-01-21 00:11:05 A199D32EAB410310E03E4652B69AB4D3 240128 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll2014-01-21 00:10:47 BFAFE990C4A191E83843362B5AC64A9B 17112576 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll2014-01-21 00:10:47 B2E1F7B212502BB49AAD4EFAD37C5CF5 2166784 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll2014-01-21 00:10:47 A60A222D3126DD9E380F9D8B651BC13D 4243968 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll2014-01-21 00:10:47 927FA6456AD6D7630F6854828D2FD16B 1820160 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll2014-01-21 00:10:47 84EAF0A08C7742697816E148C066D757 1928192 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl2014-01-21 00:10:47 4B638CE3DAA3A082E576C0DDF9D635D4 11221504 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll2014-01-21 00:10:47 08881C59F795C356DE12067E44FFD260 703488 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll2014-01-21 00:10:47 0763C5D8660436D4D961F72609E33BBE 1157632 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll2014-01-21 00:10:11 EF521F45ED9CD68D0DCEC26707B020E9 1765376 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll2014-01-21 00:10:11 E566813229A53EA26D4A7C5070950BF1 584192 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll2014-01-21 00:10:11 D51874F106BE779DDDB377C73F0EFFE7 198656 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2014-01-21 00:10:11 C035F8C95E6C43B6EF9C414F4CAB5C7A 225792 ----a-w- C:\WINDOWS\SysWOW64\dcomp.dll2014-01-21 00:10:11 B3B07EB7F28D2A1E8379B8E6FB8560AD 544768 ----a-w- C:\WINDOWS\SysWOW64\wlidcli.dll2014-01-21 00:10:11 A4A91575D08F9835F6A5E94AF218B8FF 1765384 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll2014-01-21 00:10:11 853A58B2A28BEECC9A2165E51B885D02 27136 ----a-w- C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll2014-01-21 00:10:11 71679002DF3F22501055273FC37A8838 11674624 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll2014-01-21 00:10:11 6EB2DB0F493C5F2797597D77CF5466D4 1391104 ----a-w- C:\WINDOWS\SysWOW64\WMPDMC.exe2014-01-21 00:10:11 53C44E56F2AA0780E15266451407EA98 2266624 ----a-w- C:\WINDOWS\SysWOW64\msftedit.dll2014-01-21 00:10:11 0E7C4A6AB3B898DED89B7DFD99893265 1816576 ----a-w- C:\WINDOWS\SysWOW64\Display.dll2014-01-21 00:10:11 0E05E41073CD9E52D04C52AB46DDE817 479744 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe2014-01-21 00:10:11 00AF22B51F217DC4C536F6039577B28C 406400 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll2014-01-21 00:05:37 262AD0EF90F757FB715B3EDD6A8E469C 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll2014-01-21 00:05:37 2083BD93AE43F9494318B422FF8943D1 102608 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2014-01-21 00:05:37 134F0E458D2DBDC297CD785F53F7129F 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe====== C:\WINDOWS\SysWOW64\drivers =========== C:\WINDOWS\Sysnative =====2014-01-24 15:24:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\Sysnative\getservice.txt2014-01-21 17:22:15 B16036C13847BF3C861FF1BE22D5F9E8 1690 ----a-w- C:\WINDOWS\Sysnative\.crusader2014-01-21 00:11:30 447CB6699A8EAD2BC516991738A16277 75360 ----a-w- C:\WINDOWS\Sysnative\imagehlp.dll2014-01-21 00:11:24 EF5A9D7523E4530D2030D4EA2D90FEC3 787968 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll2014-01-21 00:11:20 5F84D8C3831A559CEB55F894CD24E2B5 393216 ----a-w- C:\WINDOWS\Sysnative\WMPhoto.dll2014-01-21 00:11:16 E3E168E733B0E8383BA5635542FDB96F 848384 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll2014-01-21 00:11:16 D8E3A4701376CCFD0BE542D745FA4809 3395920 ----a-w- C:\WINDOWS\Sysnative\WSService.dll2014-01-21 00:11:16 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\WINDOWS\Sysnative\WSCollect.exe2014-01-21 00:11:16 30AE1D2A418A6C128CF3BD6EA37354DB 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll2014-01-21 00:11:16 294AAE73D0D7BDAACC5224BC7334077B 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll2014-01-21 00:11:10 41E3F3C1E24549BBB94C53692333D3BE 197120 ----a-w- C:\WINDOWS\Sysnative\scrrun.dll2014-01-21 00:11:05 8CDDE0EF2D86658A6E6434DA72D87249 615936 ----a-w- C:\WINDOWS\Sysnative\MDMAgent.exe2014-01-21 00:11:05 5F4963EE6A349987644F3E382FB739B5 287744 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll2014-01-21 00:10:47 FA30E3DC75EA42FE19B819F30FBDED8D 1995264 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl2014-01-21 00:10:47 EDF5C6A9F33FBD3D717D1B77A9864C64 12996608 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll2014-01-21 00:10:47 C8CF11D73017CC588411FCB936891CF4 1395200 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll2014-01-21 00:10:47 9B6678DB9C6A232C5A84D2FDFFF8B0E1 2334208 ----a-w- C:\WINDOWS\Sysnative\wininet.dll2014-01-21 00:10:47 95EED00D70485F6F82983EB7C03CC42A 817664 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll2014-01-21 00:10:47 7016991D493B9F9FA492E75BD13D031D 2764288 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll2014-01-21 00:10:47 6491B719695D713335B431FCF0EAE28B 5769216 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll2014-01-21 00:10:47 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe2014-01-21 00:10:47 16B0A65F52531B769B891DC251ECC6C0 23183360 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll2014-01-21 00:10:29 288D15FEA82F67E57D57ACFCE087CC20 4191744 ----a-w- C:\WINDOWS\Sysnative\win32k.sys2014-01-21 00:10:24 DAF4EB53C4BBA5EB50CF0C24EE03B688 568832 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe2014-01-21 00:10:24 CCB41A9C41E7FE42FF4D7FE52246DE20 4105728 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll2014-01-21 00:10:11 EA73FD82772A15E33AC7C6237BC33B82 1843712 ----a-w- C:\WINDOWS\Sysnative\Display.dll2014-01-21 00:10:11 CC9B5E86ACAE6E2006BCC2EB8EB18DD6 747008 ----a-w- C:\WINDOWS\Sysnative\wlidcli.dll2014-01-21 00:10:11 A8736CA232A41865B0D5096CC34BDE6D 1642016 ----a-w- C:\WINDOWS\Sysnative\winload.efi2014-01-21 00:10:11 A5A8472C5ADD614F19CED8F526D09605 115712 ----a-w- C:\WINDOWS\Sysnative\winbici.dll2014-01-21 00:10:11 A4F1FAB606C7C131615C1314E175688E 2570240 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers.dll2014-01-21 00:10:11 8D6BA4DF52ABE844E9A580C4152706C7 637952 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe2014-01-21 00:10:11 8B1ADEAB83B3D9AE1B4519A2DBAF0FCE 7399256 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe2014-01-21 00:10:11 82DA00C5CA00040FDFF0737456E9B843 1345536 ----a-w- C:\WINDOWS\Sysnative\winresume.exe2014-01-21 00:10:11 71F496BD6BEE4D82D68C6C0C08C445C0 922624 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll2014-01-21 00:10:11 6E0F458EF535F3A04154C337A54B60F1 1756160 ----a-w- C:\WINDOWS\Sysnative\WMPDMC.exe2014-01-21 00:10:11 6BC62C560C804622EA590C33CE3B0793 1476184 ----a-w- C:\WINDOWS\Sysnative\winresume.efi2014-01-21 00:10:11 59575523BCA5E8555208621719A32F62 516496 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll2014-01-21 00:10:11 56FCA8AA450BD181A0BA94F25E244C46 566784 ----a-w- C:\WINDOWS\Sysnative\wpncore.dll2014-01-21 00:10:11 56E0F1DA4E3157049A686CC064A900B5 744448 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll2014-01-21 00:10:11 4E905C48CA38770B2C62508E32DB974B 2143744 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll2014-01-21 00:10:11 418CE7366D46EB9F008DD8CEDE9A2CEC 30208 ----a-w- C:\WINDOWS\Sysnative\CredentialMigrationHandler.dll2014-01-21 00:10:11 3095D55353A22224E7972F9B552AA69D 2896896 ----a-w- C:\WINDOWS\Sysnative\msftedit.dll2014-01-21 00:10:11 1A818AF9E4AFC277C19082B9B644C5E7 358896 ----a-w- C:\WINDOWS\Sysnative\dcomp.dll2014-01-21 00:10:11 1A4F993F209A307C2BC67F2D8D725851 1506680 ----a-w- C:\WINDOWS\Sysnative\winload.exe2014-01-21 00:10:11 18102CA0EB09DCFE520E69152590EE93 2140888 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll2014-01-21 00:10:11 1630521CA49271034F998B332F7F3469 254464 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll2014-01-21 00:10:11 0B726D9ED75C787D6FFAF1E3873BCC70 1302528 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll2014-01-21 00:10:11 09B5BC53721801F73B194AB5953F5975 13177344 ----a-w- C:\WINDOWS\Sysnative\twinui.dll2014-01-21 00:05:35 A0E7332DC41BB85FBE8E266B8CDF5AC4 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe2014-01-21 00:05:34 DF290FC4E1116D92F34D8B6410AE544E 124112 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll2014-01-21 00:05:33 E35AD6DAECED1213658E0976A16D6266 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll2014-01-20 08:46:28 1049A0B81331B29ACF31CE0D17383FB0 22744 ----a-w- C:\WINDOWS\Sysnative\emptyregdb.dat====== C:\WINDOWS\Sysnative\drivers =====2014-01-21 17:12:59 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys2014-01-21 17:01:59 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\WINDOWS\Sysnative\drivers\aswstm.sys2014-01-21 00:10:11 F6EBE514D13ECE7EDC23440039CDF9AB 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys2014-01-21 00:10:11 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys2014-01-21 00:10:11 A3D1CB64DF885ACE126543E6D7067348 1530200 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys2014-01-21 00:10:11 9E167CDB2AEEF7994434543D0543AEEB 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys2014-01-21 00:10:11 3B44CB989757428208CCFCC028C13110 325464 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS2014-01-21 00:10:11 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 ----a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys2014-01-21 00:10:11 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\SerCx2.sys2014-01-20 09:09:28 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf2014-01-20 08:17:38 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_SynTP_01009.Wdf====== C:\WINDOWS\Tasks ======2014-01-21 17:01:59 A04B323370611888BF783237EF9F4CE0 350 ---ha-w- C:\WINDOWS\Tasks\avast! Emergency Update.job2014-01-20 08:51:38 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\WPD2014-01-20 08:17:38 B49BD9A0889ED366864CFCE2279E8EB9 264 ----a-w- C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job====== C:\WINDOWS\Temp ============= C:\Program Files =====2014-01-22 14:20:07 -------- d-----w- C:\Program Files\Reason2014-01-21 00:06:19 -------- d-----w- C:\Program Files\Reference Assemblies2014-01-21 00:06:19 -------- d-----w- C:\Program Files\MSBuild2014-01-20 08:17:24 -------- d-----w- C:\Program Files\Synaptics2014-01-20 08:17:04 -------- d-----w- C:\Program Files\Realtek2014-01-20 08:16:50 -------- d-----w- C:\Program Files\Intel2014-01-20 08:15:53 -------- d-----w- C:\Program Files\AMD======= C:\PROGRA~2 =====2014-01-21 00:06:21 -------- d-----w- C:\PROGRA~2\Reference Assemblies2014-01-21 00:06:21 -------- d-----w- C:\PROGRA~2\MSBuild2014-01-20 08:17:01 -------- d-----w- C:\PROGRA~2\Intel2014-01-20 08:16:39 -------- d-----w- C:\PROGRA~2\COMMON~1\Intel2014-01-20 08:16:21 -------- d-----w- C:\PROGRA~2\COMMON~1\InstallShield======= C: =========== C:\Users\Marty\AppData\Roaming ======2014-01-21 12:31:05 -------- d-----w- C:\Users\Marty\AppData\Roaming\Identities2014-01-21 10:22:59 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Pavtube2014-01-21 00:09:08 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Microsoft2014-01-20 18:16:40 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\reader2014-01-20 18:16:24 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Windowsconfig2014-01-20 12:46:33 -------- d-----w- C:\Users\Ciaran\AppData\Local\Spoon2014-01-20 08:47:52 -------- d-s---w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Locallow\Microsoft2014-01-20 08:46:54 -------- d-s---w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft2014-01-20 08:46:34 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Adobe2014-01-20 08:34:26 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer2014-01-20 08:29:07 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help2014-01-20 08:29:07 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help2014-01-20 08:23:09 -------- d-s---w- C:\Users\Marty\AppData\Roaming\Microsoft2014-01-20 08:23:09 -------- d-s---w- C:\Users\Ciaran\AppData\Roaming\Microsoft2014-01-20 08:23:09 -------- d-----w- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-20 08:23:09 -------- d-----w- C:\Users\Marty\AppData\Local\Temp2014-01-20 08:23:09 -------- d-----w- C:\Users\Marty\AppData\Local\Microsoft2014-01-20 08:23:09 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-20 08:23:09 -------- d-----w- C:\Users\Ciaran\AppData\Local\Temp2014-01-20 08:23:09 -------- d-----w- C:\Users\Ciaran\AppData\Local\Microsoft2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-20 08:23:07 -------- d-s---w- C:\Users\Administrator\AppData\Roaming\Microsoft2014-01-20 08:23:07 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-01-20 08:23:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Temp2014-01-20 08:23:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-01-20 08:16:05 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft2014-01-18 09:03:06 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Samsung2013-12-30 11:21:31 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\openvr====== C:\Users\Marty ======2014-01-24 12:45:36 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Marty\Downloads\dds.com2014-01-22 16:27:11 -------- d-----w- C:\ProgramData\SUPERSetup2014-01-22 16:05:51 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- C:\Users\Marty\Downloads\ccsetup409.exe2014-01-22 14:48:03 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe2014-01-22 14:19:17 5200FB2E0D9BDF987B71CA6EF5559146 1970440 ----a-w- C:\Users\Marty\Downloads\herdProtectScan_Setup.exe2014-01-22 14:03:53 23DDCE98703DBD12117308D86464B9A3 4406784 ----a-w- C:\Users\Marty\Downloads\RogueKillerX64.exe2014-01-22 13:54:12 0DEB4CFDD268357745B2214AC84EB498 2078208 ----a-w- C:\Users\Marty\Downloads\FRST64.exe2014-01-22 13:37:14 A6E0D27AF296C251D4F0C62D018D5DA5 661184 ----a-w- C:\Users\Marty\Downloads\autoruns.exe2014-01-22 11:20:58 D171B1B840DD85EDB70DCC84AEDCE05E 37888 ----a-w- C:\Users\Marty\Downloads\ADSSpy.exe2014-01-21 17:12:34 -------- d-----w- C:\ProgramData\HitmanPro2014-01-21 17:11:29 3A41815E8B51F2C408C90D56D6D5BF2A 930440 ----a-w- C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe2014-01-21 16:56:14 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Marty\Downloads\maldead.exe2014-01-21 15:08:58 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Users\Marty\Downloads\mbr.exe2014-01-21 15:08:08 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Users\Marty\Downloads\catchme.exe2014-01-21 14:40:59 EAD76FDD1533E209E9EE54B810419F3C 29507728 ----a-w- C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe2014-01-21 14:29:49 F32D460C13482011E7BEA3B2F07A9965 379904 ----a-w- C:\Users\Marty\Downloads\iexplore.exe2014-01-21 14:04:34 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Marty\Downloads\tdsskiller.exe2014-01-21 12:30:36 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Marty\ntuser.ini2014-01-21 10:23:01 -------- d-----w- C:\Users\Ciaran\Pavtube2014-01-21 10:02:15 A9123FC049E4C4C0B146970F38612582 49108850 ----a-w- C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe2014-01-20 18:16:44 -------- d--h--w- C:\ProgramData\{$6666-4448-3690-4432-8983$}2014-01-20 18:16:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Ciaran\13stdybt37.tmp2014-01-20 08:54:44 -------- d---a-r- C:\Users\Ciaran\SkyDrive2014-01-20 08:49:42 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Ciaran\ntuser.ini2014-01-20 08:23:09 -------- d--h--w- C:\Users\Marty\AppData2014-01-20 08:23:09 -------- d--h--w- C:\Users\Ciaran\AppData2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\Favorites2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\Documents2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\Desktop2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\Favorites2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\Documents2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\Desktop2014-01-20 08:23:07 -------- d--h--w- C:\Users\Administrator\AppData2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\Favorites2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\Documents2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\Desktop2014-01-18 12:25:15 14DDFB2581E2623CDCA3E089DD0F6CBF 24156191 ----a-w- C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe2014-01-18 10:15:14 3C166BAE84553D4CB27AF8ABDC61712D 675988 ----a-w- C:\Users\Ciaran\Desktop\Minecraft.exe2014-01-17 15:32:59 01C73A1FE2F55C2B341333EC8EE45D8B 6013024 ----a-w- C:\Users\Ciaran\Downloads\GyazoSetup.exe2013-12-28 14:03:38 -------- d-----w- C:\ProgramData\Oracle2013-12-28 14:02:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files ==2014-01-26 02:44:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\OTWNQ4YW\FRST64[2].exe2014-01-26 02:44:16 0DEB4CFDD268357745B2214AC84EB498 2078208 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\R586DNO1\FRST64[1].exe2014-01-26 02:44:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\OTWNQ4YW\FRST64[1].exe2014-01-25 11:10:03 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\6DMRSRIH\FRST64[1].exe2014-01-24 13:57:46 6E265CEB0154C43E6834103384F83996 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$I4PDSBA.exe2014-01-22 16:05:51 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- C:\Users\Marty\Downloads\ccsetup409.exe2014-01-22 14:59:55 6CB8527528BFA9F690CD158EB61285C5 1175352 ----a-w- C:\Users\Marty\Desktop\MBAR\mbar\mbar.exe2014-01-22 14:59:55 255411A7AC135FB4A1E90A2A6EA6C7C5 821560 ----a-w- C:\Users\Marty\Desktop\MBAR\mbar\Plugins\fixdamage.exe2014-01-22 14:48:03 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe2014-01-22 14:19:17 5200FB2E0D9BDF987B71CA6EF5559146 1970440 ----a-w- C:\Users\Marty\Downloads\herdProtectScan_Setup.exe2014-01-22 14:03:53 23DDCE98703DBD12117308D86464B9A3 4406784 ----a-w- C:\Users\Marty\Downloads\RogueKillerX64.exe2014-01-22 13:54:12 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Marty\Downloads\FRST-OlderVersion\FRST64.exe2014-01-22 13:54:12 0DEB4CFDD268357745B2214AC84EB498 2078208 ----a-w- C:\Users\Marty\Downloads\FRST64.exe2014-01-22 13:37:14 A6E0D27AF296C251D4F0C62D018D5DA5 661184 ----a-w- C:\Users\Marty\Downloads\autoruns.exe2014-01-22 11:20:58 D171B1B840DD85EDB70DCC84AEDCE05E 37888 ----a-w- C:\Users\Marty\Downloads\ADSSpy.exe2014-01-21 17:11:29 3A41815E8B51F2C408C90D56D6D5BF2A 930440 ----a-w- C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe2014-01-21 16:56:14 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Marty\Downloads\maldead.exe2014-01-21 15:08:58 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Users\Marty\Downloads\mbr.exe2014-01-21 15:08:08 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Users\Marty\Downloads\catchme.exe2014-01-21 14:40:59 EAD76FDD1533E209E9EE54B810419F3C 29507728 ----a-w- C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe2014-01-21 14:29:49 F32D460C13482011E7BEA3B2F07A9965 379904 ----a-w- C:\Users\Marty\Downloads\iexplore.exe2014-01-21 14:04:34 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Marty\Downloads\tdsskiller.exe2014-01-21 10:02:15 A9123FC049E4C4C0B146970F38612582 49108850 ----a-w- C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe2014-01-21 05:10:16 6D4C5E2F2C2E83586F18AE795BD085CE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IE8VABU.exe2014-01-21 05:10:13 80660FB62C01A751DE52198DF5D51FE8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IIKZOZ3.exe2014-01-21 04:39:49 E9580E8B716A405947189F67D57B14C7 22016 ----a-w- C:\Users\Ciaran\AppData\Local\Spoon\Sandbox\GTA V\2.0.0.4\local\stubexe\0xF4E590F60CD9F392\GTA V.exe2014-01-21 04:36:49 B3A513E8CC56140054EAE4E29B562A62 22016 ----a-w- C:\Users\Ciaran\AppData\Local\Spoon\Sandbox\GTA V Save Editor\2.0.0.91\local\stubexe\0x37D7F90D5ED62805\GTA V.exe2014-01-21 00:11:16 F8309DE5A45867745C7AA835DF50AA29 25304 ----a-w- C:\Windows\WinStore\WSHost.exe2014-01-21 00:11:16 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\Windows\System32\WSCollect.exe2014-01-21 00:11:05 8CDDE0EF2D86658A6E6434DA72D87249 615936 ----a-w- C:\Windows\System32\MDMAgent.exe2014-01-21 00:10:47 78CCC9D9665DC2A4DDC31CD99ED374FC 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe2014-01-21 00:10:47 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\Windows\System32\ie4uinit.exe2014-01-21 00:10:47 0E1D755673453108415F802C90704327 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2014-01-21 00:10:24 DAF4EB53C4BBA5EB50CF0C24EE03B688 568832 ----a-w- C:\Windows\System32\SkyDrive.exe2014-01-21 00:10:11 8D6BA4DF52ABE844E9A580C4152706C7 637952 ----a-w- C:\Windows\System32\SettingSyncHost.exe2014-01-21 00:10:11 8B1ADEAB83B3D9AE1B4519A2DBAF0FCE 7399256 ----a-w- C:\Windows\System32\ntoskrnl.exe2014-01-21 00:10:11 82DA00C5CA00040FDFF0737456E9B843 1345536 ----a-w- C:\Windows\System32\winresume.exe2014-01-21 00:10:11 82DA00C5CA00040FDFF0737456E9B843 1345536 ----a-w- C:\Windows\System32\Boot\winresume.exe2014-01-21 00:10:11 6EB2DB0F493C5F2797597D77CF5466D4 1391104 ----a-w- C:\Windows\SysWOW64\WMPDMC.exe2014-01-21 00:10:11 6E0F458EF535F3A04154C337A54B60F1 1756160 ----a-w- C:\Windows\System32\WMPDMC.exe2014-01-21 00:10:11 56C3B53715CBEBF70502AC4FA149DCE0 1365168 ----a-w- C:\Windows\Camera\Camera.exe2014-01-21 00:10:11 1A4F993F209A307C2BC67F2D8D725851 1506680 ----a-w- C:\Windows\System32\winload.exe2014-01-21 00:10:11 0E05E41073CD9E52D04C52AB46DDE817 479744 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe2014-01-21 00:05:37 134F0E458D2DBDC297CD785F53F7129F 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe2014-01-21 00:05:35 A0E7332DC41BB85FBE8E266B8CDF5AC4 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe2014-01-20 18:16:54 !HASH: COULD NOT OPEN FILE !!!!! 1163511 ----a-w- C:\Users\Ciaran\AppData\Roaming\Windowsconfig\bin\61832566.exe2014-01-20 18:15:32 255A9E7A46D9AC8CA1AEAC6F6C399129 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IOVBQT1.exe2014-01-20 18:13:15 DC08D54B8950355AD901447B606AB0AD 802816 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$ROVBQT1.exe2014-01-20 13:01:32 645050ED313C9C44518DA3336A41A44C 20321192 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$R4PDSBA.exe2014-01-20 12:48:20 53368748CA20FF9D56F9814EF137A58F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IA43UOE.exe2014-01-20 12:47:17 645050ED313C9C44518DA3336A41A44C 20321192 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$RE8VABU.exe2014-01-20 12:46:27 E0E749037A8379DA2A4453936C3B94DA 19375698 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$RA43UOE.exe2014-01-20 12:46:13 E0E749037A8379DA2A4453936C3B94DA 19375698 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$RIKZOZ3.exe2014-01-20 08:17:03 CB0CAECF7EE7C34A07066BE69C71198D 153048 ----a-w- C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\x64\Drv64.exe2014-01-20 08:17:01 801404F787E75E33ACCD49E2CD04CAA4 998872 ----a-w- C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\Setup.exe2014-01-20 08:16:28 F89558047E71F655A4DDB99E893213ED 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe=== C: other files ==2014-01-24 15:23:11 A379353A785418482D443AC39DA9AAA6 130337 ----a-w- C:\Users\Marty\Downloads\getservices.zip2014-01-24 15:04:02 6D2526DFD03F7358878B602925783AFF 56496 ----a-w- C:\Users\Marty\AppData\Local\Temp\pxriipoc.sys2014-01-24 12:45:36 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Marty\Downloads\dds.com2014-01-21 17:12:59 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys2014-01-21 17:01:59 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys2014-01-21 02:17:36 3916E56119984C7EFC1D0959946BB941 39286002 ----a-w- C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip2014-01-21 00:10:29 288D15FEA82F67E57D57ACFCE087CC20 4191744 ----a-w- C:\Windows\System32\win32k.sys2014-01-21 00:10:11 F6EBE514D13ECE7EDC23440039CDF9AB 372568 ----a-w- C:\Windows\System32\drivers\spaceport.sys2014-01-21 00:10:11 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\Windows\System32\drivers\pdc.sys2014-01-21 00:10:11 A3D1CB64DF885ACE126543E6D7067348 1530200 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2014-01-21 00:10:11 9E167CDB2AEEF7994434543D0543AEEB 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2014-01-21 00:10:11 3B44CB989757428208CCFCC028C13110 325464 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2014-01-21 00:10:11 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 ----a-w- C:\Windows\System32\drivers\intelpep.sys2014-01-21 00:10:11 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\Windows\System32\drivers\SerCx2.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Run]"Quick Starter"="C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun""IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60""CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe""CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R""RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe""Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe""Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe""Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4""SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe""LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start""AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Quick Starter"="C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe""HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe""Persistence"="C:\WINDOWS\system32\igfxpers.exe""RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s""BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe""BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe""SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2014-01-20 18:16:26 8854 ----a-w- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\avast\Undetermined Task.exe []C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/05/2013 07:25 PM]C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/05/2013 07:25 PM]C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [16/10/2012 07:01 PM] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]"C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe]"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionslifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 10:59 AM] Bejeweled - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigmGoogle Docs - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokakeGoogle Drive - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfYouTube - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoLast updated at time on date - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddbGoogle Search - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfhttp //www.byteus.com/ - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\damfdlnokaepcfbddmgmicaapgijegonPlants vs Zombies HD Reloaded - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkhoacaklmakefhjplfdnadddjfhaofhttp //www.battlepvp.com/ - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghbelnnfciahenhhfohdkolapemllmlSkype for Chromium - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflPlants vs Zombies - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpninaGoogle Wallet - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaBackground Tab - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonicGmail - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaGoogle Docs - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokakeGoogle Drive - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfYouTube - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfSkype for Chromium - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflGoogle Wallet - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Ciaran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_grand-theft-auto-san-andreas-patch.en.softonic.com_0.localstorage deleted successfullyC:\Users\Ciaran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_grand-theft-auto-san-andreas-patch.en.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPD1CF9B6A-F8D8-4EAD-BDB7-71AAD2044DD6&SSPV="[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{1838EEB7-D790-4C38-977B-7610FC411ABC} Unknown Url="Not_Found"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1838EEB7-D790-4C38-977B-7610FC411ABC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /RO4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKCU\..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exeO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exeO23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeO23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
- January 26, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-01-2014 01 Ran by Marty at 2014-01-26 10:44:53 Run:1 Running from C:\Users\Marty\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKU\Ciaran\...\Winlogon: [shell] explorer.exe [2328872 2013-11-14] (Microsoft Corporation) <==== ATTENTION End ***************** HKU\Ciaran\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. ==== End of Fixlog ====
- January 26, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Legend! Will run it all now
- January 26, 2014
- 29 replies
Win 8.1 Infection - limited malware removal tools running

YtramC replied to YtramC's topic in Resolved Malware Removal Logs

Hi Kevin I can't see the attached fixlist.txt file to download. I have downloaded Zoek and just need the fixlist.txt to run it all. Thanks and regards Marty
- January 26, 2014
- 29 replies

Sign In

YtramC

Posts

Joined

Last visited

Reputation

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Win 8.1 Infection - limited malware removal tools running

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information