Jump to content

Win 8.1 Infection - limited malware removal tools running

YtramC

By YtramC
in Resolved Malware Removal Logs

 Share

Recommended Posts

YtramC

YtramC

Posted
Posted

Hi

I have had an infection on my sons laptop which bascically disabled all my anti malware tools either preventing them from running or completing (causing them to hang). I think I have removed most of the infection but it seems as though something is hanging around.

MBAM will run but not scan as I get a Runtime error type 13 mismatch, it won't update either with the update button being greyed out and the database date showing 01/01/1601 (computer date is set correctly). I cannot run DDS as it gives a runtime error stating it is not compatible with Win 8.1 (it says Win 8 but not 8.1).

I can't get Hijackthis to run, nor Combofix, catchme, mbr, gmer, in fact almost nothing will run. I have tried installing Superantispyware but that fails as it is unable to create the install folder.

Can you help?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Kevin

Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Thanks for the quick reply, here's the contents of the result file.  I didn't get an Addition.txt file as I had run Farbar previously when attempting to clear the original malware infection.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Marty (administrator) on SAMSUNGI5 on 25-01-2014 19:10:18
Running from C:\Users\Marty\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [btTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [Quick Starter] - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2338352 2013-09-25] (Samsung Electronics CO., LTD.)
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\Ciaran\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Ciaran\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1823656 2013-12-12] (Valve Corporation)
HKU\Ciaran\...\Run: [sanDiskSecureAccess_Manager.exe] - C:\Users\Ciaran\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [31095432 2010-11-10] (Dmailer S.A.)
HKU\Ciaran\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\Ciaran\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\Ciaran\...\Policies\system: [DisableLockWorkstation] 0
HKU\Ciaran\...\Winlogon: [shell] explorer.exe [2328872 2013-11-14] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD1CF9B6A-F8D8-4EAD-BDB7-71AAD2044DD6&q={searchTerms}&SSPV=
SearchScopes: HKCU - {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
CHR Extension: (Google Search) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
CHR Extension: (Skype Click to Call) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-22] (AVAST Software)
U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-22] (AVAST Software)
U1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-14] (AVAST Software)
U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-14] ()
U1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2014-01-22] (AVAST Software)
U1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2014-01-22] (AVAST Software)
U3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [79672 2014-01-22] (AVAST Software)
U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-22] ()
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
U3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
U3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-01-22] ()
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-21] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-21] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-25 19:10 - 2014-01-25 19:10 - 00000000 ____D C:\Users\Marty\Downloads\FRST-OlderVersion
2014-01-24 23:56 - 2014-01-24 23:57 - 00286832 _____ C:\WINDOWS\Minidump\012414-28375-01.dmp
2014-01-24 23:55 - 2014-01-24 23:55 - 00000091 _____ C:\Users\Marty\Desktop\catchme.log
2014-01-24 23:24 - 2014-01-24 23:24 - 00000000 _____ C:\WINDOWS\system32\getservice.txt
2014-01-24 23:23 - 2014-01-24 23:23 - 00130337 _____ C:\Users\Marty\Downloads\getservices.zip
2014-01-24 23:23 - 2014-01-24 23:23 - 00000000 ____D C:\Users\Marty\Downloads\getservices
2014-01-24 23:05 - 2014-01-24 23:05 - 00290960 _____ C:\WINDOWS\Minidump\012414-28531-01.dmp
2014-01-24 21:38 - 2014-01-24 21:40 - 00005164 _____ C:\Users\Marty\Desktop\Rkill.txt
2014-01-24 20:45 - 2014-01-24 20:45 - 00688992 _____ (Swearware) C:\Users\Marty\Downloads\dds.com
2014-01-24 20:35 - 2014-01-24 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-24 20:11 - 2014-01-24 20:20 - 00000000 ____D C:\Users\Marty\Desktop\RK_Quarantine
2014-01-24 20:04 - 2014-01-24 20:04 - 00286832 _____ C:\WINDOWS\Minidump\012414-29031-01.dmp
2014-01-23 06:11 - 2014-01-24 22:49 - 00000796 _____ C:\WINDOWS\setupact.log
2014-01-23 06:11 - 2014-01-23 06:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-23 06:10 - 2014-01-25 01:46 - 01052509 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 01:01 - 2014-01-23 01:01 - 00000916 _____ C:\WINDOWS\PFRO.log
2014-01-23 00:34 - 2014-01-24 23:56 - 515196296 _____ C:\WINDOWS\MEMORY.DMP
2014-01-23 00:34 - 2014-01-23 00:34 - 00286832 _____ C:\WINDOWS\Minidump\012314-27921-01.dmp
2014-01-23 00:27 - 2014-01-24 22:54 - 00000000 ____D C:\ProgramData\SUPERSetup
2014-01-23 00:08 - 2014-01-23 00:08 - 00261778 _____ C:\Users\Marty\Documents\cc_20140123_000820.reg
2014-01-23 00:06 - 2014-01-23 00:06 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-23 00:06 - 2014-01-23 00:06 - 00000000 ____D C:\Program Files\CCleaner
2014-01-23 00:05 - 2014-01-23 00:05 - 04645232 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup409.exe
2014-01-22 22:59 - 2014-01-22 22:59 - 00000000 ____D C:\Users\Marty\Desktop\MBAR
2014-01-22 22:48 - 2014-01-22 22:49 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe
2014-01-22 22:20 - 2014-01-22 22:20 - 00000000 ____D C:\Program Files\Reason
2014-01-22 22:19 - 2014-01-22 22:19 - 01970440 _____ (Reason Company Software Inc.) C:\Users\Marty\Downloads\herdProtectScan_Setup.exe
2014-01-22 22:03 - 2014-01-22 22:04 - 04406784 _____ C:\Users\Marty\Downloads\RogueKillerX64.exe
2014-01-22 21:56 - 2014-01-22 21:56 - 00024384 _____ C:\Users\Marty\Downloads\Addition.txt
2014-01-22 21:55 - 2014-01-25 19:10 - 00016777 _____ C:\Users\Marty\Downloads\FRST.txt
2014-01-22 21:55 - 2014-01-25 19:10 - 00000000 ____D C:\FRST
2014-01-22 21:54 - 2014-01-25 19:10 - 02077696 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe
2014-01-22 21:37 - 2014-01-22 21:37 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marty\Downloads\autoruns.exe
2014-01-22 19:20 - 2014-01-22 19:21 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Marty\Downloads\ADSSpy.exe
2014-01-22 01:22 - 2014-01-22 01:22 - 00001690 _____ C:\WINDOWS\system32\.crusader
2014-01-22 01:12 - 2014-01-22 01:23 - 00032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-01-22 01:12 - 2014-01-22 01:22 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-22 01:11 - 2014-01-22 01:11 - 00930440 _____ (CNET Download.com) C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe
2014-01-22 01:02 - 2014-01-22 01:02 - 00001988 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-22 01:01 - 2014-01-22 01:02 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-01-22 01:01 - 2014-01-22 01:01 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-22 00:56 - 2014-01-22 00:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Marty\Downloads\maldead.exe
2014-01-22 00:08 - 2014-01-22 00:08 - 00000000 _____ C:\Users\Marty\Downloads\Ret.reg
2014-01-21 23:23 - 2014-01-21 23:23 - 00000227 _____ C:\WINDOWS\SysWOW64\mbr.log
2014-01-21 23:09 - 2014-01-24 21:38 - 00000227 _____ C:\Users\Marty\Downloads\mbr.log
2014-01-21 23:08 - 2014-01-21 23:08 - 00147456 _____ C:\Users\Marty\Downloads\catchme.exe
2014-01-21 23:08 - 2014-01-21 23:08 - 00089088 _____ C:\Users\Marty\Downloads\mbr.exe
2014-01-21 22:40 - 2014-01-21 22:41 - 29507728 _____ (SUPERAntiSpyware) C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe
2014-01-21 22:30 - 2014-01-24 23:56 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-21 22:29 - 2014-01-21 22:29 - 00379904 _____ C:\Users\Marty\Downloads\iexplore.exe
2014-01-21 22:11 - 2014-01-24 22:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-21 22:04 - 2014-01-21 22:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Marty\Downloads\tdsskiller.exe
2014-01-21 21:26 - 2014-01-21 21:26 - 01402880 _____ C:\Users\Marty\Downloads\HijackThis.msi
2014-01-21 20:31 - 2014-01-21 20:31 - 00001446 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 20:31 - 2014-01-21 20:31 - 00000000 ____D C:\Users\Marty\AppData\Roaming\AVAST Software
2014-01-21 20:30 - 2014-01-21 20:30 - 00000020 ___SH C:\Users\Marty\ntuser.ini
2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Users\Ciaran\Pavtube
2014-01-21 18:22 - 2014-01-21 18:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Pavtube
2014-01-21 18:02 - 2014-01-21 18:03 - 49108850 _____ (Pavtube Studio.                                             ) C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe
2014-01-21 10:17 - 2014-01-21 10:24 - 39286002 _____ C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip
2014-01-21 08:13 - 2014-01-23 00:07 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-21 08:11 - 2014-01-21 08:11 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00000000 ____D C:\Windows.old
2014-01-21 08:10 - 2014-01-21 08:10 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-21 08:10 - 2014-01-21 08:10 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-21 08:09 - 2014-01-21 08:09 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\MSBuild
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-21 08:06 - 2014-01-20 16:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-21 08:05 - 2014-01-20 16:20 - 00000000 ____D C:\Recovery
2014-01-21 08:05 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-01-21 08:05 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-01-21 02:16 - 2014-01-23 01:01 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-21 02:16 - 2014-01-22 01:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\reader
2014-01-21 02:16 - 2014-01-21 02:16 - 00047548 _____ C:\Users\Ciaran\Downloads\Minecraft (2).jar
2014-01-21 02:16 - 2014-01-21 02:16 - 00000000 _____ C:\Users\Ciaran\13stdybt37.tmp
2014-01-21 02:12 - 2014-01-21 02:12 - 00783704 _____ C:\Users\Ciaran\Downloads\MC Force Op LauncherMC.rar
2014-01-20 20:46 - 2014-01-20 20:46 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Spoon
2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-20 16:54 - 2014-01-21 13:10 - 00000000 __RDO C:\Users\Ciaran\SkyDrive
2014-01-20 16:53 - 2014-01-20 16:53 - 00002060 _____ C:\Users\Public\Desktop\Support Center.lnk
2014-01-20 16:51 - 2014-01-20 16:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-20 16:50 - 2014-01-20 16:50 - 00001446 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-20 16:49 - 2014-01-20 16:49 - 00000020 ___SH C:\Users\Ciaran\ntuser.ini
2014-01-20 16:46 - 2014-01-20 16:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 16:25 - 2014-01-20 16:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-20 16:23 - 2014-01-25 00:00 - 00000000 ____D C:\Users\Marty
2014-01-20 16:23 - 2014-01-21 20:30 - 00000000 ____D C:\Users\Ciaran
2014-01-20 16:23 - 2014-01-20 16:36 - 00000000 ____D C:\Users\Administrator
2014-01-20 16:23 - 2014-01-20 16:25 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:23 - 2014-01-20 16:24 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:23 - 2014-01-20 16:24 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 16:22 - 2014-01-20 16:46 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2014-01-20 16:22 - 2014-01-20 16:46 - 00036198 _____ C:\WINDOWS\diagerr.xml
2014-01-20 16:17 - 2014-01-20 16:27 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-20 16:17 - 2014-01-20 16:17 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Synaptics
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Realtek
2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 ____D C:\Program Files\Intel
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\AMD
2014-01-18 20:48 - 2014-01-18 20:48 - 00001377 _____ C:\Users\Ciaran\Desktop\Play Plants vs. Zombies.lnk
2014-01-18 20:30 - 2014-01-18 20:30 - 00001078 _____ C:\Users\Ciaran\Desktop\Pokemon Showdown.lnk
2014-01-18 20:25 - 2014-01-18 20:26 - 24156191 _____ C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe
2014-01-18 18:30 - 2014-01-18 19:06 - 00001642 _____ C:\Users\Ciaran\Desktop\My Mod App CSG.txt
2014-01-18 18:15 - 2013-09-27 14:57 - 00675988 _____ C:\Users\Ciaran\Desktop\Minecraft.exe
2014-01-18 17:53 - 2014-01-18 17:53 - 00000136 _____ C:\Users\Ciaran\Desktop\Call of Duty® World at War.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00002125 _____ C:\Users\Public\Desktop\S Service.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Samsung
2014-01-18 17:02 - 2014-01-18 17:02 - 00002101 _____ C:\Users\Public\Desktop\Quick Starter.lnk
2014-01-18 16:48 - 2014-01-18 16:51 - 00000000 ___RD C:\Users\Ciaran\Documents\Desktop stuff
2014-01-18 00:31 - 2014-01-18 00:31 - 00209469 _____ C:\Users\Ciaran\Downloads\Level 72 Borderlands 2 Characters (1).rar
2014-01-18 00:27 - 2014-01-18 00:27 - 01226271 _____ C:\Users\Ciaran\Downloads\saveedit_r227.zip
2014-01-17 23:32 - 2014-01-17 23:33 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\Ciaran\Downloads\GyazoSetup.exe
2014-01-07 16:01 - 2014-01-07 16:01 - 00401776 _____ (Softonic                                        ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe
2014-01-05 19:11 - 2014-01-05 19:11 - 00616312 _____ (Windows 8.1 32 Bit  64Bit  Free Download Serial Key) C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe
2014-01-05 16:47 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (3).zip
2014-01-05 16:46 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (2).zip
2013-12-31 14:02 - 2013-12-31 14:03 - 05662741 _____ C:\Users\Ciaran\Downloads\gta8.zip
2013-12-30 19:21 - 2013-12-30 19:21 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\openvr
2013-12-29 16:29 - 2013-12-29 16:29 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (1).zip
2013-12-28 22:03 - 2013-12-28 22:03 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 22:00 - 2013-12-28 22:00 - 00915368 _____ (Oracle Corporation) C:\Users\Ciaran\Downloads\chromeinstall-7u45.exe
2013-12-28 21:21 - 2013-12-28 21:21 - 00817443 _____ C:\Users\Ciaran\Downloads\PokeGen_full.zip
2013-12-26 17:47 - 2013-12-26 17:47 - 00510409 _____ C:\Users\Ciaran\Downloads\privoxy_setup_3.0.21.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-25 19:10 - 2014-01-25 19:10 - 00000000 ____D C:\Users\Marty\Downloads\FRST-OlderVersion
2014-01-25 19:10 - 2014-01-22 21:55 - 00016777 _____ C:\Users\Marty\Downloads\FRST.txt
2014-01-25 19:10 - 2014-01-22 21:55 - 00000000 ____D C:\FRST
2014-01-25 19:10 - 2014-01-22 21:54 - 02077696 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe
2014-01-25 19:08 - 2013-11-14 15:28 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-25 19:06 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-25 01:46 - 2014-01-23 06:10 - 01052509 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-25 01:43 - 2013-10-23 18:51 - 00000000 ____D C:\Users\Marty\AppData\Local\CrashDumps
2014-01-25 01:34 - 2013-10-23 18:50 - 00000000 ____D C:\Users\Marty\AppData\Local\LogMeIn Hamachi
2014-01-25 01:32 - 2013-08-22 21:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2014-01-25 00:16 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-25 00:00 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Marty
2014-01-24 23:57 - 2014-01-24 23:56 - 00286832 _____ C:\WINDOWS\Minidump\012414-28375-01.dmp
2014-01-24 23:56 - 2014-01-23 00:34 - 515196296 _____ C:\WINDOWS\MEMORY.DMP
2014-01-24 23:56 - 2014-01-21 22:30 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-24 23:55 - 2014-01-24 23:55 - 00000091 _____ C:\Users\Marty\Desktop\catchme.log
2014-01-24 23:24 - 2014-01-24 23:24 - 00000000 _____ C:\WINDOWS\system32\getservice.txt
2014-01-24 23:23 - 2014-01-24 23:23 - 00130337 _____ C:\Users\Marty\Downloads\getservices.zip
2014-01-24 23:23 - 2014-01-24 23:23 - 00000000 ____D C:\Users\Marty\Downloads\getservices
2014-01-24 23:05 - 2014-01-24 23:05 - 00290960 _____ C:\WINDOWS\Minidump\012414-28531-01.dmp
2014-01-24 22:59 - 2014-01-21 22:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-24 22:54 - 2014-01-23 00:27 - 00000000 ____D C:\ProgramData\SUPERSetup
2014-01-24 22:49 - 2014-01-23 06:11 - 00000796 _____ C:\WINDOWS\setupact.log
2014-01-24 21:40 - 2014-01-24 21:38 - 00005164 _____ C:\Users\Marty\Desktop\Rkill.txt
2014-01-24 21:38 - 2014-01-21 23:09 - 00000227 _____ C:\Users\Marty\Downloads\mbr.log
2014-01-24 21:37 - 2013-05-14 20:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 21:21 - 2013-10-23 22:21 - 00000000 ____D C:\WINDOWS\pss
2014-01-24 21:20 - 2014-01-24 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-24 20:45 - 2014-01-24 20:45 - 00688992 _____ (Swearware) C:\Users\Marty\Downloads\dds.com
2014-01-24 20:20 - 2014-01-24 20:11 - 00000000 ____D C:\Users\Marty\Desktop\RK_Quarantine
2014-01-24 20:04 - 2014-01-24 20:04 - 00286832 _____ C:\WINDOWS\Minidump\012414-29031-01.dmp
2014-01-23 06:11 - 2014-01-23 06:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-23 01:01 - 2014-01-23 01:01 - 00000916 _____ C:\WINDOWS\PFRO.log
2014-01-23 01:01 - 2014-01-21 02:16 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-23 01:01 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\schemas
2014-01-23 01:01 - 2013-05-14 21:09 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 00:34 - 2014-01-23 00:34 - 00286832 _____ C:\WINDOWS\Minidump\012314-27921-01.dmp
2014-01-23 00:08 - 2014-01-23 00:08 - 00261778 _____ C:\Users\Marty\Documents\cc_20140123_000820.reg
2014-01-23 00:07 - 2014-01-21 08:13 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-23 00:07 - 2013-05-27 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-23 00:06 - 2014-01-23 00:06 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-23 00:06 - 2014-01-23 00:06 - 00000000 ____D C:\Program Files\CCleaner
2014-01-23 00:05 - 2014-01-23 00:05 - 04645232 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup409.exe
2014-01-22 22:59 - 2014-01-22 22:59 - 00000000 ____D C:\Users\Marty\Desktop\MBAR
2014-01-22 22:49 - 2014-01-22 22:48 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe
2014-01-22 22:20 - 2014-01-22 22:20 - 00000000 ____D C:\Program Files\Reason
2014-01-22 22:19 - 2014-01-22 22:19 - 01970440 _____ (Reason Company Software Inc.) C:\Users\Marty\Downloads\herdProtectScan_Setup.exe
2014-01-22 22:04 - 2014-01-22 22:03 - 04406784 _____ C:\Users\Marty\Downloads\RogueKillerX64.exe
2014-01-22 21:56 - 2014-01-22 21:56 - 00024384 _____ C:\Users\Marty\Downloads\Addition.txt
2014-01-22 21:37 - 2014-01-22 21:37 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marty\Downloads\autoruns.exe
2014-01-22 19:21 - 2014-01-22 19:20 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Marty\Downloads\ADSSpy.exe
2014-01-22 01:23 - 2014-01-22 01:12 - 00032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-01-22 01:22 - 2014-01-22 01:22 - 00001690 _____ C:\WINDOWS\system32\.crusader
2014-01-22 01:22 - 2014-01-22 01:12 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-22 01:22 - 2014-01-21 02:16 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\reader
2014-01-22 01:11 - 2014-01-22 01:11 - 00930440 _____ (CNET Download.com) C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe
2014-01-22 01:02 - 2014-01-22 01:02 - 00001988 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-22 01:02 - 2014-01-22 01:01 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-01-22 01:01 - 2014-01-22 01:01 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-22 01:01 - 2013-12-14 14:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-22 01:01 - 2013-05-14 19:45 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-22 01:01 - 2013-05-14 19:45 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-22 01:01 - 2013-05-14 19:45 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-22 01:01 - 2013-05-14 19:45 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-22 01:01 - 2013-05-14 19:45 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-22 00:56 - 2014-01-22 00:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Marty\Downloads\maldead.exe
2014-01-22 00:08 - 2014-01-22 00:08 - 00000000 _____ C:\Users\Marty\Downloads\Ret.reg
2014-01-21 23:23 - 2014-01-21 23:23 - 00000227 _____ C:\WINDOWS\SysWOW64\mbr.log
2014-01-21 23:08 - 2014-01-21 23:08 - 00147456 _____ C:\Users\Marty\Downloads\catchme.exe
2014-01-21 23:08 - 2014-01-21 23:08 - 00089088 _____ C:\Users\Marty\Downloads\mbr.exe
2014-01-21 22:41 - 2014-01-21 22:40 - 29507728 _____ (SUPERAntiSpyware) C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe
2014-01-21 22:29 - 2014-01-21 22:29 - 00379904 _____ C:\Users\Marty\Downloads\iexplore.exe
2014-01-21 22:04 - 2014-01-21 22:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Marty\Downloads\tdsskiller.exe
2014-01-21 21:35 - 2013-05-14 20:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-21 21:34 - 2013-05-14 20:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2014-01-21 21:26 - 2014-01-21 21:26 - 01402880 _____ C:\Users\Marty\Downloads\HijackThis.msi
2014-01-21 20:32 - 2012-12-25 17:41 - 00000000 ____D C:\Users\Marty\AppData\Local\Packages
2014-01-21 20:31 - 2014-01-21 20:31 - 00001446 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 20:31 - 2014-01-21 20:31 - 00000000 ____D C:\Users\Marty\AppData\Roaming\AVAST Software
2014-01-21 20:31 - 2013-05-13 20:15 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 20:31 - 2013-05-13 20:15 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-21 20:30 - 2014-01-21 20:30 - 00000020 ___SH C:\Users\Marty\ntuser.ini
2014-01-21 20:30 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Ciaran
2014-01-21 20:26 - 2013-10-24 00:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-21 20:08 - 2013-05-21 13:19 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Skype
2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Users\Ciaran\Pavtube
2014-01-21 18:22 - 2014-01-21 18:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Pavtube
2014-01-21 18:03 - 2014-01-21 18:02 - 49108850 _____ (Pavtube Studio.                                             ) C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe
2014-01-21 13:52 - 2013-08-28 19:55 - 00007596 _____ C:\Users\Ciaran\AppData\Local\Resmon.ResmonCfg
2014-01-21 13:30 - 2013-05-28 16:08 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Apple Computer
2014-01-21 13:21 - 2013-05-14 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 13:17 - 2013-11-30 21:17 - 00000000 ____D C:\Program Files (x86)\Pamela RichMood Editor
2014-01-21 13:10 - 2014-01-20 16:54 - 00000000 __RDO C:\Users\Ciaran\SkyDrive
2014-01-21 12:32 - 2013-08-22 22:44 - 00481024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-21 12:11 - 2013-09-27 15:23 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\.minecraft
2014-01-21 11:51 - 2013-09-16 16:51 - 00000322 _____ C:\WINDOWS\Tasks\Dealply.job
2014-01-21 11:44 - 2013-05-17 09:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1229153242-3201741155-1693493588-1005
2014-01-21 11:39 - 2013-05-14 19:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 11:39 - 2013-05-14 19:25 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 10:24 - 2014-01-21 10:17 - 39286002 _____ C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip
2014-01-21 08:11 - 2014-01-21 08:11 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00000000 ____D C:\Windows.old
2014-01-21 08:11 - 2013-08-22 23:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2014-01-21 08:11 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-21 08:10 - 2014-01-21 08:10 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-21 08:10 - 2014-01-21 08:10 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Camera
2014-01-21 08:09 - 2014-01-21 08:09 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\MSBuild
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-21 02:16 - 2014-01-21 02:16 - 00047548 _____ C:\Users\Ciaran\Downloads\Minecraft (2).jar
2014-01-21 02:16 - 2014-01-21 02:16 - 00000000 _____ C:\Users\Ciaran\13stdybt37.tmp
2014-01-21 02:12 - 2014-01-21 02:12 - 00783704 _____ C:\Users\Ciaran\Downloads\MC Force Op LauncherMC.rar
2014-01-20 20:53 - 2013-05-13 21:41 - 00000000 ____D C:\ProgramData\WinClon
2014-01-20 20:46 - 2014-01-20 20:46 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Spoon
2014-01-20 17:16 - 2013-05-14 19:45 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-01-20 17:13 - 2013-05-21 14:34 - 00000000 ____D C:\Users\Ciaran\AppData\Local\LogMeIn Hamachi
2014-01-20 17:12 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-20 17:00 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\restore
2014-01-20 16:54 - 2013-11-14 16:08 - 00000000 ___HD C:\$Windows.~BT
2014-01-20 16:54 - 2012-12-25 18:03 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Packages
2014-01-20 16:53 - 2014-01-20 16:53 - 00002060 _____ C:\Users\Public\Desktop\Support Center.lnk
2014-01-20 16:51 - 2014-01-20 16:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-20 16:50 - 2014-01-20 16:50 - 00001446 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-20 16:50 - 2013-05-14 21:09 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-20 16:49 - 2014-01-20 16:49 - 00000020 ___SH C:\Users\Ciaran\ntuser.ini
2014-01-20 16:48 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-20 16:47 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-20 16:46 - 2014-01-20 16:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-20 16:46 - 2014-01-20 16:22 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2014-01-20 16:46 - 2014-01-20 16:22 - 00036198 _____ C:\WINDOWS\diagerr.xml
2014-01-20 16:39 - 2013-08-22 23:36 - 00000000 __RSD C:\WINDOWS\Media
2014-01-20 16:39 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-20 16:37 - 2013-05-13 22:48 - 00880342 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-20 16:36 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Administrator
2014-01-20 16:30 - 2013-08-22 21:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 16:29 - 2012-07-26 13:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\spool
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\IME
2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2014-01-20 16:28 - 2013-05-13 21:39 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2014-01-20 16:27 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-20 16:27 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-20 16:27 - 2013-11-14 15:17 - 00000000 ____D C:\WINDOWS\ShellNew
2014-01-20 16:27 - 2013-08-22 23:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Resources
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\IME
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Help
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Cursors
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-20 16:27 - 2013-05-22 20:40 - 00000000 ____D C:\WINDOWS\en
2014-01-20 16:27 - 2012-08-06 05:11 - 00000000 ____D C:\ProgramData\PRICache
2014-01-20 16:25 - 2014-01-20 16:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-20 16:25 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:25 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2014-01-20 16:25 - 2013-05-19 16:54 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-20 16:24 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:24 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:24 - 2013-11-08 19:06 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-01-20 16:24 - 2013-08-09 19:12 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-01-20 16:24 - 2013-07-21 22:11 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecontrol for Minecraft
2014-01-20 16:24 - 2013-07-11 18:34 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2014-01-20 16:24 - 2013-05-21 13:08 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZombieModding
2014-01-20 16:24 - 2013-05-20 14:37 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2014-01-20 16:20 - 2014-01-21 08:05 - 00000000 ____D C:\Recovery
2014-01-20 16:17 - 2014-01-20 16:17 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Synaptics
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Realtek
2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 ____D C:\Program Files\Intel
2014-01-20 16:16 - 2013-04-12 16:17 - 00000000 ____D C:\AMD
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\AMD
2014-01-20 16:14 - 2013-08-22 21:36 - 00000000 __RHD C:\Users\Default
2014-01-20 15:55 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2014-01-18 21:40 - 2013-09-20 09:44 - 00000000 ____D C:\Program Files (x86)\UEFI WinFlash
2014-01-18 20:48 - 2014-01-18 20:48 - 00001377 _____ C:\Users\Ciaran\Desktop\Play Plants vs. Zombies.lnk
2014-01-18 20:48 - 2013-05-14 19:31 - 00000000 ____D C:\ProgramData\PopCap Games
2014-01-18 20:30 - 2014-01-18 20:30 - 00001078 _____ C:\Users\Ciaran\Desktop\Pokemon Showdown.lnk
2014-01-18 20:28 - 2013-05-31 21:18 - 00000000 ____D C:\Users\Ciaran\AppData\Local\CrashDumps
2014-01-18 20:27 - 2013-09-06 21:03 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Pokemon Showdown
2014-01-18 20:27 - 2013-09-06 21:02 - 00001871 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
2014-01-18 20:26 - 2014-01-18 20:25 - 24156191 _____ C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe
2014-01-18 19:06 - 2014-01-18 18:30 - 00001642 _____ C:\Users\Ciaran\Desktop\My Mod App CSG.txt
2014-01-18 17:53 - 2014-01-18 17:53 - 00000136 _____ C:\Users\Ciaran\Desktop\Call of Duty® World at War.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00002125 _____ C:\Users\Public\Desktop\S Service.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Samsung
2014-01-18 17:03 - 2012-09-19 18:04 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-18 17:02 - 2014-01-18 17:02 - 00002101 _____ C:\Users\Public\Desktop\Quick Starter.lnk
2014-01-18 17:02 - 2013-05-14 21:10 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Samsung
2014-01-18 17:02 - 2013-05-13 22:42 - 00000000 ____D C:\Users\Marty\AppData\Local\Samsung
2014-01-18 17:02 - 2013-05-13 20:37 - 00000000 ____D C:\ProgramData\Samsung
2014-01-18 16:53 - 2013-06-02 11:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-18 16:51 - 2014-01-18 16:48 - 00000000 ___RD C:\Users\Ciaran\Documents\Desktop stuff
2014-01-18 16:51 - 2013-08-04 18:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 16:48 - 2013-05-14 20:24 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-18 04:02 - 2013-10-07 11:23 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-18 00:44 - 2013-11-10 20:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-18 00:31 - 2014-01-18 00:31 - 00209469 _____ C:\Users\Ciaran\Downloads\Level 72 Borderlands 2 Characters (1).rar
2014-01-18 00:27 - 2014-01-18 00:27 - 01226271 _____ C:\Users\Ciaran\Downloads\saveedit_r227.zip
2014-01-17 23:33 - 2014-01-17 23:32 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\Ciaran\Downloads\GyazoSetup.exe
2014-01-07 16:01 - 2014-01-07 16:01 - 00401776 _____ (Softonic                                        ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe
2014-01-05 19:11 - 2014-01-05 19:11 - 00616312 _____ (Windows 8.1 32 Bit  64Bit  Free Download Serial Key) C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe
2014-01-05 16:47 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (3).zip
2014-01-05 16:47 - 2014-01-05 16:46 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (2).zip
2013-12-31 14:03 - 2013-12-31 14:02 - 05662741 _____ C:\Users\Ciaran\Downloads\gta8.zip
2013-12-30 19:21 - 2013-12-30 19:21 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\openvr
2013-12-29 16:29 - 2013-12-29 16:29 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (1).zip
2013-12-28 22:03 - 2013-12-28 22:03 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 22:00 - 2013-12-28 22:00 - 00915368 _____ (Oracle Corporation) C:\Users\Ciaran\Downloads\chromeinstall-7u45.exe
2013-12-28 21:21 - 2013-12-28 21:21 - 00817443 _____ C:\Users\Ciaran\Downloads\PokeGen_full.zip
2013-12-26 17:47 - 2013-12-26 17:47 - 00510409 _____ C:\Users\Ciaran\Downloads\privoxy_setup_3.0.21.exe
 
Some content of TEMP:
====================
C:\Users\Marty\AppData\Local\Temp\catchme.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-20 16:14
 
==================== End Of Log ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word “Zip”

Double click zip file and extract to your  Desktop:


Zoekd.jpg


you will now have 3 versions of the tool on the Desktop:


Zoeke.jpg

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:


Zoekb.jpg


Copy and paste the following script from the code box and paste into the field.


standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;


Select the "Run Script" tab. The following window will open:



Zoekc.jpg



Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Zoekf.jpg

Post the produced log in your next reply…..

 

Kevin
 

Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-01-2014 01

Ran by Marty at 2014-01-26 10:44:53 Run:1

Running from C:\Users\Marty\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\Ciaran\...\Winlogon: [shell] explorer.exe [2328872 2013-11-14] (Microsoft Corporation) <==== ATTENTION 

End

*****************

 

HKU\Ciaran\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Having to post this in two parts as the post won't save!

 

Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Marty on Sun 26/01/2014 at 10:49:37.97.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marty\Desktop\zoek.com [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
26/01/2014 10:52:21 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
 
==== Installed Programs ======================
 
Action Replay DSi Code Manager  
Adobe Reader X (10.1.6) MUI  
AllSharePlayLink  
AMD APP SDK Runtime  
AMD Catalyst Install Manager  
Apple Software Update  
avast Free Antivirus  
Bandicam  
Bandisoft MPEG-1 Decoder  
Bruteforce Save Data  
Call of Duty® - World at War  
Call of Duty® - World at War 1.1 Patch  
Call of Duty® - World at War 1.2 Patch  
Call of Duty® - World at War 1.3 Patch  
Call of Duty® - World at War 1.4 Patch  
Call of Duty® - World at War 1.5 Patch  
Call of Duty® - World at War 1.6 Patch  
Call of Duty® - World at War 1.7 Patch  
Catalyst Control Center - Branding  
Catalyst Control Center  
Catalyst Control Center Graphics Previews Common  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
Catalyst Control Center Profiles Mobile  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CCleaner  
CyberLink Power2Go 8  
CyberLink PowerDVD 10  
D3DX10  
Easy File Share  
Fraps (remove only)  
Google Chrome  
Google Update Helper  
Help Desk  
HxD Hex Editor version 1.7.7.0  
Intel AppUp(SM) center  
Intel® Control Center  
Intel® Processor Graphics  
Intel® Rapid Storage Technology  
LogMeIn Hamachi  
Malwarebytes Anti-Malware version 1.75.0.1300  
Microsoft Application Error Reporting  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Professional Plus 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft XNA Framework Redistributable 4.0  
MotioninJoy ds3 driver version 0.6.0003  
Movie Maker  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
Nexus Mod Manager  
Notepad++  
Photo Common  
Photo Gallery  
Plants vs. Zombies  
Pokemon Showdown  
PX Profile Update  
Qualcomm Atheros Bluetooth Suite (64)  
Qualcomm Atheros Client Installation Program  
Quick Starter  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Realtek USB 2.0 Card Reader  
Recovery  
S Agent  
S Service  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition   
Settings  
Skype Click to Call  
SkypeT 6.10  
Spybot - Search & Destroy  
SpywareBlaster 5.0  
Steam  
Support Center  
Support Center FAQ  
SW Update  
Synaptics Pointing Device Driver  
Team Fortress 2  
Terraria  
The Elder Scrolls V: Skyrim  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition  
User Guide  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
WinRAR 5.00 beta 3 (64-bit)  
 
==== Running Processes ======================
 
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
C:\ProgramData\DoowwNloadd keeeper deleted
C:\ProgramData\Download keeaper deleted
C:\ProgramData\InstallMate deleted
C:\ProgramData\Trymedia deleted
C:\WINDOWS\Tasks\Dealply.job deleted
C:\windows\SysNative\Tasks\Dealply deleted
C:\WINDOWS\wininit.ini deleted
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8084 MB
CPU Info: Intel® Core i5-3210M CPU @ 2.50GHz
CPU Speed: 2501.8 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Microsoft Hosted Network Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SN-208BB
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 7 Button Wheel Mouse Present
Hard Disks: C:  441.2GB
Hard Disks - Free: C:  156.4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE |  | SECCSD - 1072009
Time Zone: W. Australia Standard Time
Motherboard *: SAMSUNG ELECTRONICS CO., LTD. NP350V5C-S06AU
Country: Australia 
Language: ENA 
 
==== System Specs (Software) ======================
 
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 32.0.1700.76
Internet Explorer Version: 11.0.9600.16476 
Google Chrome version: 32.0.1700.76
Adobe Reader version: 10.1.6.1
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
2014-01-22 16:34:08 CB71A2BA6B7E39703F27074E70E87D57 515196296 ----a-w- C:\WINDOWS\MEMORY.DMP
2014-01-20 08:22:58 D67224440BD9237634871CCA92E8E009 36198 ----a-w- C:\WINDOWS\diagwrn.xml
2014-01-20 08:22:58 D67224440BD9237634871CCA92E8E009 36198 ----a-w- C:\WINDOWS\diagerr.xml
====== C:\Users\Marty\AppData\Local\Temp ====
2014-01-24 15:55:32 2F8F1D62382AD78ACEB22C4E22C5EC59 53248 ----a-w- C:\Users\Marty\AppData\Local\Temp\catchme.dll
2014-01-24 15:04:02 6D2526DFD03F7358878B602925783AFF 56496 ----a-w- C:\Users\Marty\AppData\Local\Temp\pxriipoc.sys
====== Java Cache =====
2013-12-28 14:05:39 FB676C41DED9D63ED7A52E9BC8958AC2 23285 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1274c281-237d2bec
2013-12-28 14:05:40 1BB8240D8E3E327FB8279ACFE79EDE01 21851 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3e1fc34a-5582db2b
2013-12-28 14:04:20 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-48f96807
2013-12-28 14:05:29 54E4E842ED33F9E82FDC1BFCFC0AFA61 28530 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2ab6698f-16348e89
2013-12-28 14:05:20 205A2F8ACF7E9588DA4A71B82C80338F 3753 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\53cc754f-17b8b0b7
2013-12-28 14:04:02 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-3de96a05
2013-12-28 14:04:02 6B710DFF85C1C94A8E3803848F9FDB94 99 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap
2013-12-28 14:05:30 8FA676729D83475E29DC8117328AAB6B 28723 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1b7be912-45b06c0f
2013-12-28 14:06:00 DB1E386F1C8E4AA1A81A8E316EAECC37 29262 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2790d2d3-66988446
2013-12-28 14:04:00 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-4ec22f22
2013-12-28 14:05:28 97B95433729F93DA5A37F20921AA2F63 28627 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\56327813-543f720a
2013-12-28 14:05:31 9F6157982B8F082C27F9B56926804EA0 28826 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\5ebccbd3-6703b437
2013-12-28 14:05:50 6B3CA70986451E35DD22CD1D85B086C2 28520 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\57ca25d4-10b211c8
2013-12-28 14:05:13 D9A68C25CB3BCCF8493D627881DA7A87 1330 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\26a7b695-7e6cbc5d
2013-12-28 14:05:22 E8B20DC3789863DA978D1923EF62D224 330 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\35580016-278a5911
2013-12-28 14:05:53 7832D34A31BD48D92F052902D47486CE 22477 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4413fb97-4c07918a
2013-12-28 14:05:26 1F259506FEE25721570A8A074803E7B8 21665 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\14e00398-7bb94193
2013-12-28 14:05:21 708ACB369353F7F4BBE7456C05C9CE75 330 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2aeca15a-4df8b13d
2013-12-28 14:04:52 3AA0C00DBE878E6C7A55816723522551 78 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1896485b-6.0.lap
2013-12-28 14:05:27 5622D34A9FF4D061A18F30B9D82123BC 28695 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6c4118db-352a8a0d
2013-12-28 14:05:23 A880D2D31D573D87D45841A41E676B27 382 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\31a9115d-3112448d
2013-12-28 14:05:44 F781856A39513E033469AAB1ED80F6E8 1013 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\57b9d9c3-5ef14891
2013-12-28 14:05:52 5B1A3F7951DC1A61A2B2DC06E181C92D 29355 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\486dacdf-6421801d
2013-12-28 14:05:25 E6BF52A48CC5A7A464E1379A9BCA7F12 28222 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41a58fa3-4720028b
2013-12-28 14:05:11 CA37390765E3197BC7C70CEADDC51F8D 356045 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\22c41b65-7737b648
2013-12-28 14:06:05 F7495D697E1950ED636B20F04D8B80EE 333 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3aa54fa5-53a8f6f6
2013-12-28 14:05:34 6500EF05CCD6E35F3700D5DFA1FE9F1F 23324 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\25741c44-778ebb95
2013-12-28 14:04:56 6D2FB8606AD7C43A0193AF5E04666947 766497 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1ec68c6a-2e814f62
2013-12-28 14:04:03 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-7bd1bf24
2013-12-28 14:05:43 E4819CF2EAD20BA22248F0DE744590C8 148 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\64829570-2868b607
2013-12-28 14:06:03 E63DD118CADC5EBE1701023AB963761F 13471 ----a-w- C:\Users\Ciaran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\e6896f0-2b1ad636
====== C:\WINDOWS\SysWOW64 =====
2014-01-21 00:11:30 5AA28997F6A30EB196A5AB09F684B7BE 70680 ----a-w- C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-21 00:11:20 3A27CEE08AF2EC8383CDDC1F4B36DBC3 348160 ----a-w- C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-21 00:11:16 ED8ED1CE6CAB56103230E2097763DC2B 695808 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-21 00:11:16 B6D28E8DC13F9EAF8B74BDB4F3DD9781 174592 ----a-w- C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-21 00:11:16 73D0837E97CD7368BCA7DE4E373B8503 103936 ----a-w- C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-21 00:11:10 59D269E3F7ACEDC1A32142E2AB2E200C 156672 ----a-w- C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-21 00:11:05 A199D32EAB410310E03E4652B69AB4D3 240128 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-21 00:10:47 BFAFE990C4A191E83843362B5AC64A9B 17112576 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-21 00:10:47 B2E1F7B212502BB49AAD4EFAD37C5CF5 2166784 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-21 00:10:47 A60A222D3126DD9E380F9D8B651BC13D 4243968 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-21 00:10:47 927FA6456AD6D7630F6854828D2FD16B 1820160 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2014-01-21 00:10:47 84EAF0A08C7742697816E148C066D757 1928192 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-21 00:10:47 4B638CE3DAA3A082E576C0DDF9D635D4 11221504 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-21 00:10:47 08881C59F795C356DE12067E44FFD260 703488 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-21 00:10:47 0763C5D8660436D4D961F72609E33BBE 1157632 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-21 00:10:11 EF521F45ED9CD68D0DCEC26707B020E9 1765376 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-21 00:10:11 E566813229A53EA26D4A7C5070950BF1 584192 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-21 00:10:11 D51874F106BE779DDDB377C73F0EFFE7 198656 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-21 00:10:11 C035F8C95E6C43B6EF9C414F4CAB5C7A 225792 ----a-w- C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-21 00:10:11 B3B07EB7F28D2A1E8379B8E6FB8560AD 544768 ----a-w- C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-21 00:10:11 A4A91575D08F9835F6A5E94AF218B8FF 1765384 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-21 00:10:11 853A58B2A28BEECC9A2165E51B885D02 27136 ----a-w- C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-21 00:10:11 71679002DF3F22501055273FC37A8838 11674624 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2014-01-21 00:10:11 6EB2DB0F493C5F2797597D77CF5466D4 1391104 ----a-w- C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-21 00:10:11 53C44E56F2AA0780E15266451407EA98 2266624 ----a-w- C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-21 00:10:11 0E7C4A6AB3B898DED89B7DFD99893265 1816576 ----a-w- C:\WINDOWS\SysWOW64\Display.dll
2014-01-21 00:10:11 0E05E41073CD9E52D04C52AB46DDE817 479744 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-21 00:10:11 00AF22B51F217DC4C536F6039577B28C 406400 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-21 00:05:37 262AD0EF90F757FB715B3EDD6A8E469C 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-01-21 00:05:37 2083BD93AE43F9494318B422FF8943D1 102608 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-21 00:05:37 134F0E458D2DBDC297CD785F53F7129F 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-01-24 15:24:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\Sysnative\getservice.txt
2014-01-21 17:22:15 B16036C13847BF3C861FF1BE22D5F9E8 1690 ----a-w- C:\WINDOWS\Sysnative\.crusader
2014-01-21 00:11:30 447CB6699A8EAD2BC516991738A16277 75360 ----a-w- C:\WINDOWS\Sysnative\imagehlp.dll
2014-01-21 00:11:24 EF5A9D7523E4530D2030D4EA2D90FEC3 787968 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll
2014-01-21 00:11:20 5F84D8C3831A559CEB55F894CD24E2B5 393216 ----a-w- C:\WINDOWS\Sysnative\WMPhoto.dll
2014-01-21 00:11:16 E3E168E733B0E8383BA5635542FDB96F 848384 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll
2014-01-21 00:11:16 D8E3A4701376CCFD0BE542D745FA4809 3395920 ----a-w- C:\WINDOWS\Sysnative\WSService.dll
2014-01-21 00:11:16 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\WINDOWS\Sysnative\WSCollect.exe
2014-01-21 00:11:16 30AE1D2A418A6C128CF3BD6EA37354DB 138240 ----a-w- C:\WINDOWS\Sysnative\OEMLicense.dll
2014-01-21 00:11:16 294AAE73D0D7BDAACC5224BC7334077B 206336 ----a-w- C:\WINDOWS\Sysnative\WSClient.dll
2014-01-21 00:11:10 41E3F3C1E24549BBB94C53692333D3BE 197120 ----a-w- C:\WINDOWS\Sysnative\scrrun.dll
2014-01-21 00:11:05 8CDDE0EF2D86658A6E6434DA72D87249 615936 ----a-w- C:\WINDOWS\Sysnative\MDMAgent.exe
2014-01-21 00:11:05 5F4963EE6A349987644F3E382FB739B5 287744 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll
2014-01-21 00:10:47 FA30E3DC75EA42FE19B819F30FBDED8D 1995264 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl
2014-01-21 00:10:47 EDF5C6A9F33FBD3D717D1B77A9864C64 12996608 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2014-01-21 00:10:47 C8CF11D73017CC588411FCB936891CF4 1395200 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2014-01-21 00:10:47 9B6678DB9C6A232C5A84D2FDFFF8B0E1 2334208 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2014-01-21 00:10:47 95EED00D70485F6F82983EB7C03CC42A 817664 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll
2014-01-21 00:10:47 7016991D493B9F9FA492E75BD13D031D 2764288 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2014-01-21 00:10:47 6491B719695D713335B431FCF0EAE28B 5769216 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2014-01-21 00:10:47 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe
2014-01-21 00:10:47 16B0A65F52531B769B891DC251ECC6C0 23183360 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-01-21 00:10:29 288D15FEA82F67E57D57ACFCE087CC20 4191744 ----a-w- C:\WINDOWS\Sysnative\win32k.sys
2014-01-21 00:10:24 DAF4EB53C4BBA5EB50CF0C24EE03B688 568832 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe
2014-01-21 00:10:24 CCB41A9C41E7FE42FF4D7FE52246DE20 4105728 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll
2014-01-21 00:10:11 EA73FD82772A15E33AC7C6237BC33B82 1843712 ----a-w- C:\WINDOWS\Sysnative\Display.dll
2014-01-21 00:10:11 CC9B5E86ACAE6E2006BCC2EB8EB18DD6 747008 ----a-w- C:\WINDOWS\Sysnative\wlidcli.dll
2014-01-21 00:10:11 A8736CA232A41865B0D5096CC34BDE6D 1642016 ----a-w- C:\WINDOWS\Sysnative\winload.efi
2014-01-21 00:10:11 A5A8472C5ADD614F19CED8F526D09605 115712 ----a-w- C:\WINDOWS\Sysnative\winbici.dll
2014-01-21 00:10:11 A4F1FAB606C7C131615C1314E175688E 2570240 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers.dll
2014-01-21 00:10:11 8D6BA4DF52ABE844E9A580C4152706C7 637952 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe
2014-01-21 00:10:11 8B1ADEAB83B3D9AE1B4519A2DBAF0FCE 7399256 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2014-01-21 00:10:11 82DA00C5CA00040FDFF0737456E9B843 1345536 ----a-w- C:\WINDOWS\Sysnative\winresume.exe
2014-01-21 00:10:11 71F496BD6BEE4D82D68C6C0C08C445C0 922624 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2014-01-21 00:10:11 6E0F458EF535F3A04154C337A54B60F1 1756160 ----a-w- C:\WINDOWS\Sysnative\WMPDMC.exe
2014-01-21 00:10:11 6BC62C560C804622EA590C33CE3B0793 1476184 ----a-w- C:\WINDOWS\Sysnative\winresume.efi
2014-01-21 00:10:11 59575523BCA5E8555208621719A32F62 516496 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2014-01-21 00:10:11 56FCA8AA450BD181A0BA94F25E244C46 566784 ----a-w- C:\WINDOWS\Sysnative\wpncore.dll
2014-01-21 00:10:11 56E0F1DA4E3157049A686CC064A900B5 744448 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2014-01-21 00:10:11 4E905C48CA38770B2C62508E32DB974B 2143744 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2014-01-21 00:10:11 418CE7366D46EB9F008DD8CEDE9A2CEC 30208 ----a-w- C:\WINDOWS\Sysnative\CredentialMigrationHandler.dll
2014-01-21 00:10:11 3095D55353A22224E7972F9B552AA69D 2896896 ----a-w- C:\WINDOWS\Sysnative\msftedit.dll
2014-01-21 00:10:11 1A818AF9E4AFC277C19082B9B644C5E7 358896 ----a-w- C:\WINDOWS\Sysnative\dcomp.dll
2014-01-21 00:10:11 1A4F993F209A307C2BC67F2D8D725851 1506680 ----a-w- C:\WINDOWS\Sysnative\winload.exe
2014-01-21 00:10:11 18102CA0EB09DCFE520E69152590EE93 2140888 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll
2014-01-21 00:10:11 1630521CA49271034F998B332F7F3469 254464 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2014-01-21 00:10:11 0B726D9ED75C787D6FFAF1E3873BCC70 1302528 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2014-01-21 00:10:11 09B5BC53721801F73B194AB5953F5975 13177344 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2014-01-21 00:05:35 A0E7332DC41BB85FBE8E266B8CDF5AC4 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe
2014-01-21 00:05:34 DF290FC4E1116D92F34D8B6410AE544E 124112 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2014-01-21 00:05:33 E35AD6DAECED1213658E0976A16D6266 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll
2014-01-20 08:46:28 1049A0B81331B29ACF31CE0D17383FB0 22744 ----a-w- C:\WINDOWS\Sysnative\emptyregdb.dat
====== C:\WINDOWS\Sysnative\drivers =====
2014-01-21 17:12:59 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys
2014-01-21 17:01:59 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\WINDOWS\Sysnative\drivers\aswstm.sys
2014-01-21 00:10:11 F6EBE514D13ECE7EDC23440039CDF9AB 372568 ----a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys
2014-01-21 00:10:11 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2014-01-21 00:10:11 A3D1CB64DF885ACE126543E6D7067348 1530200 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-01-21 00:10:11 9E167CDB2AEEF7994434543D0543AEEB 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2014-01-21 00:10:11 3B44CB989757428208CCFCC028C13110 325464 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2014-01-21 00:10:11 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 ----a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys
2014-01-21 00:10:11 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\SerCx2.sys
2014-01-20 09:09:28 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-20 08:17:38 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_SynTP_01009.Wdf
====== C:\WINDOWS\Tasks ======
2014-01-21 17:01:59 A04B323370611888BF783237EF9F4CE0 350 ---ha-w- C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-20 08:51:38 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\WPD
2014-01-20 08:17:38 B49BD9A0889ED366864CFCE2279E8EB9 264 ----a-w- C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-01-22 14:20:07 -------- d-----w- C:\Program Files\Reason
2014-01-21 00:06:19 -------- d-----w- C:\Program Files\Reference Assemblies
2014-01-21 00:06:19 -------- d-----w- C:\Program Files\MSBuild
2014-01-20 08:17:24 -------- d-----w- C:\Program Files\Synaptics
2014-01-20 08:17:04 -------- d-----w- C:\Program Files\Realtek
2014-01-20 08:16:50 -------- d-----w- C:\Program Files\Intel
2014-01-20 08:15:53 -------- d-----w- C:\Program Files\AMD
======= C:\PROGRA~2 =====
2014-01-21 00:06:21 -------- d-----w- C:\PROGRA~2\Reference Assemblies
2014-01-21 00:06:21 -------- d-----w- C:\PROGRA~2\MSBuild
2014-01-20 08:17:01 -------- d-----w- C:\PROGRA~2\Intel
2014-01-20 08:16:39 -------- d-----w- C:\PROGRA~2\COMMON~1\Intel
2014-01-20 08:16:21 -------- d-----w- C:\PROGRA~2\COMMON~1\InstallShield
======= C: =====
====== C:\Users\Marty\AppData\Roaming ======
2014-01-21 12:31:05 -------- d-----w- C:\Users\Marty\AppData\Roaming\Identities
2014-01-21 10:22:59 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Pavtube
2014-01-21 00:09:08 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Microsoft
2014-01-20 18:16:40 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\reader
2014-01-20 18:16:24 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Windowsconfig
2014-01-20 12:46:33 -------- d-----w- C:\Users\Ciaran\AppData\Local\Spoon
2014-01-20 08:47:52 -------- d-s---w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Locallow\Microsoft
2014-01-20 08:46:54 -------- d-s---w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft
2014-01-20 08:46:34 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Adobe
2014-01-20 08:34:26 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer
2014-01-20 08:29:07 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 08:29:07 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 08:23:09 -------- d-s---w- C:\Users\Marty\AppData\Roaming\Microsoft
2014-01-20 08:23:09 -------- d-s---w- C:\Users\Ciaran\AppData\Roaming\Microsoft
2014-01-20 08:23:09 -------- d-----w- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 08:23:09 -------- d-----w- C:\Users\Marty\AppData\Local\Temp
2014-01-20 08:23:09 -------- d-----w- C:\Users\Marty\AppData\Local\Microsoft
2014-01-20 08:23:09 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 08:23:09 -------- d-----w- C:\Users\Ciaran\AppData\Local\Temp
2014-01-20 08:23:09 -------- d-----w- C:\Users\Ciaran\AppData\Local\Microsoft
2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 08:23:07 -------- d-s---w- C:\Users\Administrator\AppData\Roaming\Microsoft
2014-01-20 08:23:07 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 08:23:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Temp
2014-01-20 08:23:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft
2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 08:16:05 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2014-01-18 09:03:06 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\Samsung
2013-12-30 11:21:31 -------- d-----w- C:\Users\Ciaran\AppData\Roaming\openvr
====== C:\Users\Marty ======
2014-01-24 12:45:36 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Marty\Downloads\dds.com
2014-01-22 16:27:11 -------- d-----w- C:\ProgramData\SUPERSetup
2014-01-22 16:05:51 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- C:\Users\Marty\Downloads\ccsetup409.exe
2014-01-22 14:48:03 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe
2014-01-22 14:19:17 5200FB2E0D9BDF987B71CA6EF5559146 1970440 ----a-w- C:\Users\Marty\Downloads\herdProtectScan_Setup.exe
2014-01-22 14:03:53 23DDCE98703DBD12117308D86464B9A3 4406784 ----a-w- C:\Users\Marty\Downloads\RogueKillerX64.exe
2014-01-22 13:54:12 0DEB4CFDD268357745B2214AC84EB498 2078208 ----a-w- C:\Users\Marty\Downloads\FRST64.exe
2014-01-22 13:37:14 A6E0D27AF296C251D4F0C62D018D5DA5 661184 ----a-w- C:\Users\Marty\Downloads\autoruns.exe
2014-01-22 11:20:58 D171B1B840DD85EDB70DCC84AEDCE05E 37888 ----a-w- C:\Users\Marty\Downloads\ADSSpy.exe
2014-01-21 17:12:34 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-21 17:11:29 3A41815E8B51F2C408C90D56D6D5BF2A 930440 ----a-w- C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe
2014-01-21 16:56:14 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Marty\Downloads\maldead.exe
2014-01-21 15:08:58 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Users\Marty\Downloads\mbr.exe
2014-01-21 15:08:08 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Users\Marty\Downloads\catchme.exe
2014-01-21 14:40:59 EAD76FDD1533E209E9EE54B810419F3C 29507728 ----a-w- C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe
2014-01-21 14:29:49 F32D460C13482011E7BEA3B2F07A9965 379904 ----a-w- C:\Users\Marty\Downloads\iexplore.exe
2014-01-21 14:04:34 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Marty\Downloads\tdsskiller.exe
2014-01-21 12:30:36 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Marty\ntuser.ini
2014-01-21 10:23:01 -------- d-----w- C:\Users\Ciaran\Pavtube
2014-01-21 10:02:15 A9123FC049E4C4C0B146970F38612582 49108850 ----a-w- C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe
2014-01-20 18:16:44 -------- d--h--w- C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-20 18:16:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Ciaran\13stdybt37.tmp
2014-01-20 08:54:44 -------- d---a-r- C:\Users\Ciaran\SkyDrive
2014-01-20 08:49:42 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Ciaran\ntuser.ini
2014-01-20 08:23:09 -------- d--h--w- C:\Users\Marty\AppData
2014-01-20 08:23:09 -------- d--h--w- C:\Users\Ciaran\AppData
2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\Favorites
2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\Documents
2014-01-20 08:23:09 -------- d-----r- C:\Users\Marty\Desktop
2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\Favorites
2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\Documents
2014-01-20 08:23:09 -------- d-----r- C:\Users\Ciaran\Desktop
2014-01-20 08:23:07 -------- d--h--w- C:\Users\Administrator\AppData
2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\Favorites
2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\Documents
2014-01-20 08:23:07 -------- d-----r- C:\Users\Administrator\Desktop
2014-01-18 12:25:15 14DDFB2581E2623CDCA3E089DD0F6CBF 24156191 ----a-w- C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe
2014-01-18 10:15:14 3C166BAE84553D4CB27AF8ABDC61712D 675988 ----a-w- C:\Users\Ciaran\Desktop\Minecraft.exe
2014-01-17 15:32:59 01C73A1FE2F55C2B341333EC8EE45D8B 6013024 ----a-w- C:\Users\Ciaran\Downloads\GyazoSetup.exe
2013-12-28 14:03:38 -------- d-----w- C:\ProgramData\Oracle
2013-12-28 14:02:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
====== C: exe-files ==
2014-01-26 02:44:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\OTWNQ4YW\FRST64[2].exe
2014-01-26 02:44:16 0DEB4CFDD268357745B2214AC84EB498 2078208 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\R586DNO1\FRST64[1].exe
2014-01-26 02:44:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\OTWNQ4YW\FRST64[1].exe
2014-01-25 11:10:03 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\IE\6DMRSRIH\FRST64[1].exe
2014-01-24 13:57:46 6E265CEB0154C43E6834103384F83996 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$I4PDSBA.exe
2014-01-22 16:05:51 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- C:\Users\Marty\Downloads\ccsetup409.exe
2014-01-22 14:59:55 6CB8527528BFA9F690CD158EB61285C5 1175352 ----a-w- C:\Users\Marty\Desktop\MBAR\mbar\mbar.exe
2014-01-22 14:59:55 255411A7AC135FB4A1E90A2A6EA6C7C5 821560 ----a-w- C:\Users\Marty\Desktop\MBAR\mbar\Plugins\fixdamage.exe
2014-01-22 14:48:03 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe
2014-01-22 14:19:17 5200FB2E0D9BDF987B71CA6EF5559146 1970440 ----a-w- C:\Users\Marty\Downloads\herdProtectScan_Setup.exe
2014-01-22 14:03:53 23DDCE98703DBD12117308D86464B9A3 4406784 ----a-w- C:\Users\Marty\Downloads\RogueKillerX64.exe
2014-01-22 13:54:12 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Marty\Downloads\FRST-OlderVersion\FRST64.exe
2014-01-22 13:54:12 0DEB4CFDD268357745B2214AC84EB498 2078208 ----a-w- C:\Users\Marty\Downloads\FRST64.exe
2014-01-22 13:37:14 A6E0D27AF296C251D4F0C62D018D5DA5 661184 ----a-w- C:\Users\Marty\Downloads\autoruns.exe
2014-01-22 11:20:58 D171B1B840DD85EDB70DCC84AEDCE05E 37888 ----a-w- C:\Users\Marty\Downloads\ADSSpy.exe
2014-01-21 17:11:29 3A41815E8B51F2C408C90D56D6D5BF2A 930440 ----a-w- C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe
2014-01-21 16:56:14 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Marty\Downloads\maldead.exe
2014-01-21 15:08:58 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Users\Marty\Downloads\mbr.exe
2014-01-21 15:08:08 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Users\Marty\Downloads\catchme.exe
2014-01-21 14:40:59 EAD76FDD1533E209E9EE54B810419F3C 29507728 ----a-w- C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe
2014-01-21 14:29:49 F32D460C13482011E7BEA3B2F07A9965 379904 ----a-w- C:\Users\Marty\Downloads\iexplore.exe
2014-01-21 14:04:34 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Marty\Downloads\tdsskiller.exe
2014-01-21 10:02:15 A9123FC049E4C4C0B146970F38612582 49108850 ----a-w- C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe
2014-01-21 05:10:16 6D4C5E2F2C2E83586F18AE795BD085CE 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IE8VABU.exe
2014-01-21 05:10:13 80660FB62C01A751DE52198DF5D51FE8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IIKZOZ3.exe
2014-01-21 04:39:49 E9580E8B716A405947189F67D57B14C7 22016 ----a-w- C:\Users\Ciaran\AppData\Local\Spoon\Sandbox\GTA V\2.0.0.4\local\stubexe\0xF4E590F60CD9F392\GTA V.exe
2014-01-21 04:36:49 B3A513E8CC56140054EAE4E29B562A62 22016 ----a-w- C:\Users\Ciaran\AppData\Local\Spoon\Sandbox\GTA V Save Editor\2.0.0.91\local\stubexe\0x37D7F90D5ED62805\GTA V.exe
2014-01-21 00:11:16 F8309DE5A45867745C7AA835DF50AA29 25304 ----a-w- C:\Windows\WinStore\WSHost.exe
2014-01-21 00:11:16 3E245CCA42D78B9626A79FE77E111D7B 84480 ----a-w- C:\Windows\System32\WSCollect.exe
2014-01-21 00:11:05 8CDDE0EF2D86658A6E6434DA72D87249 615936 ----a-w- C:\Windows\System32\MDMAgent.exe
2014-01-21 00:10:47 78CCC9D9665DC2A4DDC31CD99ED374FC 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-01-21 00:10:47 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-01-21 00:10:47 0E1D755673453108415F802C90704327 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-01-21 00:10:24 DAF4EB53C4BBA5EB50CF0C24EE03B688 568832 ----a-w- C:\Windows\System32\SkyDrive.exe
2014-01-21 00:10:11 8D6BA4DF52ABE844E9A580C4152706C7 637952 ----a-w- C:\Windows\System32\SettingSyncHost.exe
2014-01-21 00:10:11 8B1ADEAB83B3D9AE1B4519A2DBAF0FCE 7399256 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-01-21 00:10:11 82DA00C5CA00040FDFF0737456E9B843 1345536 ----a-w- C:\Windows\System32\winresume.exe
2014-01-21 00:10:11 82DA00C5CA00040FDFF0737456E9B843 1345536 ----a-w- C:\Windows\System32\Boot\winresume.exe
2014-01-21 00:10:11 6EB2DB0F493C5F2797597D77CF5466D4 1391104 ----a-w- C:\Windows\SysWOW64\WMPDMC.exe
2014-01-21 00:10:11 6E0F458EF535F3A04154C337A54B60F1 1756160 ----a-w- C:\Windows\System32\WMPDMC.exe
2014-01-21 00:10:11 56C3B53715CBEBF70502AC4FA149DCE0 1365168 ----a-w- C:\Windows\Camera\Camera.exe
2014-01-21 00:10:11 1A4F993F209A307C2BC67F2D8D725851 1506680 ----a-w- C:\Windows\System32\winload.exe
2014-01-21 00:10:11 0E05E41073CD9E52D04C52AB46DDE817 479744 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2014-01-21 00:05:37 134F0E458D2DBDC297CD785F53F7129F 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-01-21 00:05:35 A0E7332DC41BB85FBE8E266B8CDF5AC4 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-01-20 18:16:54 !HASH: COULD NOT OPEN FILE !!!!! 1163511 ----a-w- C:\Users\Ciaran\AppData\Roaming\Windowsconfig\bin\61832566.exe
2014-01-20 18:15:32 255A9E7A46D9AC8CA1AEAC6F6C399129 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IOVBQT1.exe
2014-01-20 18:13:15 DC08D54B8950355AD901447B606AB0AD 802816 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$ROVBQT1.exe
2014-01-20 13:01:32 645050ED313C9C44518DA3336A41A44C 20321192 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1001\$R4PDSBA.exe
2014-01-20 12:48:20 53368748CA20FF9D56F9814EF137A58F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$IA43UOE.exe
2014-01-20 12:47:17 645050ED313C9C44518DA3336A41A44C 20321192 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$RE8VABU.exe
2014-01-20 12:46:27 E0E749037A8379DA2A4453936C3B94DA 19375698 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$RA43UOE.exe
2014-01-20 12:46:13 E0E749037A8379DA2A4453936C3B94DA 19375698 ----a-w- C:\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$RIKZOZ3.exe
2014-01-20 08:17:03 CB0CAECF7EE7C34A07066BE69C71198D 153048 ----a-w- C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\x64\Drv64.exe
2014-01-20 08:17:01 801404F787E75E33ACCD49E2CD04CAA4 998872 ----a-w- C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\Setup.exe
2014-01-20 08:16:28 F89558047E71F655A4DDB99E893213ED 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
=== C: other files ==
2014-01-24 15:23:11 A379353A785418482D443AC39DA9AAA6 130337 ----a-w- C:\Users\Marty\Downloads\getservices.zip
2014-01-24 15:04:02 6D2526DFD03F7358878B602925783AFF 56496 ----a-w- C:\Users\Marty\AppData\Local\Temp\pxriipoc.sys
2014-01-24 12:45:36 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\Marty\Downloads\dds.com
2014-01-21 17:12:59 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-01-21 17:01:59 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-21 02:17:36 3916E56119984C7EFC1D0959946BB941 39286002 ----a-w- C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip
2014-01-21 00:10:29 288D15FEA82F67E57D57ACFCE087CC20 4191744 ----a-w- C:\Windows\System32\win32k.sys
2014-01-21 00:10:11 F6EBE514D13ECE7EDC23440039CDF9AB 372568 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2014-01-21 00:10:11 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\Windows\System32\drivers\pdc.sys
2014-01-21 00:10:11 A3D1CB64DF885ACE126543E6D7067348 1530200 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-01-21 00:10:11 9E167CDB2AEEF7994434543D0543AEEB 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-01-21 00:10:11 3B44CB989757428208CCFCC028C13110 325464 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2014-01-21 00:10:11 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 ----a-w- C:\Windows\System32\drivers\intelpep.sys
2014-01-21 00:10:11 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\Windows\System32\drivers\SerCx2.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Quick Starter"="C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Quick Starter"="C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
 
==== Startup Folders ======================
 
2014-01-20 18:16:26 8854 ----a-w- C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\avast\Undetermined Task.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/05/2013 07:25 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/05/2013 07:25 PM]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [16/10/2012 07:01 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 10:59 AM]
 
Bejeweled - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
Google Docs - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
http //www.byteus.com/ - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\damfdlnokaepcfbddmgmicaapgijegon
Plants vs Zombies HD Reloaded - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkhoacaklmakefhjplfdnadddjfhaof
http //www.battlepvp.com/ - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghbelnnfciahenhhfohdkolapemllml
Skype for Chromium - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Plants vs Zombies - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina
Google Wallet - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Background Tab - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic
Gmail - Ciaran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chrome Fix ======================
 
C:\Users\Ciaran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_grand-theft-auto-san-andreas-patch.en.softonic.com_0.localstorage deleted successfully
C:\Users\Ciaran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_grand-theft-auto-san-andreas-patch.en.softonic.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1838EEB7-D790-4C38-977B-7610FC411ABC} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1838EEB7-D790-4C38-977B-7610FC411ABC} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== HijackThis Entries ======================
 
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Part 2

 

 
==== Sysinternals Autoruns Log ======================
 
HKLM\System\CurrentControlSet\Services
   AdobeARMservice
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.7.2.0
     c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
     3/12/2012 3:34 PM
   AMD External Events Utility
     %SystemRoot%\system32\atiesrxx.exe
     AMD External Events Service Module
     AMD
     6.14.11.1159
     c:\windows\system32\atiesrxx.exe
     7/11/2013 1:22 AM
   AtherosSvc
     C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
     Atheros BT Stack Service Agent
     Qualcomm Atheros Commnucations
     8.0.0.216
     c:\program files (x86)\bluetooth suite\adminservice.exe
     5/12/2012 8:38 PM
   avast! Antivirus
     "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
     Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\avastsvc.exe
     17/12/2013 6:31 AM
   cphs
     %SystemRoot%\SysWow64\IntelCpHeciSvc.exe
     Intel® Content Protection HECI Service - enables communication with the Content Protection FW
     Intel Corporation
     9.0.20.9000
     c:\windows\syswow64\intelcphecisvc.exe
     14/06/2013 7:35 AM
   Easy Launcher
     C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
     easy setting
     Samsung Electronics CO., LTD.
     2.0.0.10
     c:\program files (x86)\samsung\settings\cmdserver\easylauncher.exe
     30/11/2012 4:17 PM
   gupdate
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     16/02/2012 10:43 AM
   gupdatem
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     16/02/2012 10:43 AM
   Hamachi2Svc
     "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
     Hamachi Client Tunneling Engine
     LogMeIn Inc.
     2.2.0.109
     c:\program files (x86)\logmein hamachi\hamachi-2.exe
     29/11/2013 11:14 PM
   IAStorDataMgrSvc
     "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
     Provides storage event notification and manages communication between the storage driver and user space applications.
     Intel Corporation
     11.6.0.1030
     c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe
     2/09/2012 9:05 AM
   LMIGuardianSvc
     "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
     Support LogMeIn processes with quality assurance feedback
     LogMeIn, Inc.
     10.1.0.1640
     c:\program files (x86)\logmein hamachi\lmiguardiansvc.exe
     11/10/2013 6:38 PM
   SDScannerService
     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
     Offers malware scanning services to Spybot-S&D modules.
     Safer-Networking Ltd.
     2.0.12.205
     c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
     13/11/2012 9:07 PM
   SDUpdateService
     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
     Downloads Spybot updates and installs them.
     Safer-Networking Ltd.
     2.0.12.76
     c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe
     13/11/2012 9:07 PM
   SDWSCService
     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
     Integrates Spybot into the Windows Security Center.
     Safer-Networking Ltd.
     2.0.12.2
     c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
     13/11/2012 9:07 PM
   Skype C2C Service
     "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
     Skype Click to Call Update Service
     Skype Technologies S.A.
     6.13.0.13771
     c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe
     9/10/2013 6:58 PM
   SkypeUpdate
     "C:\Program Files (x86)\Skype\Updater\Updater.exe"
     Enables the detection, download and installation of updates for Skype.
     Skype Technologies
     6.8.1.61523
     c:\program files (x86)\skype\updater\updater.exe
     5/09/2013 5:31 PM
   Steam Client Service
     "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
     Steam Client Service monitors and updates Steam content
     Valve Corporation
     2.4.35.50
     c:\program files (x86)\common files\steam\steamservice.exe
     12/12/2013 2:57 AM
   SWUpdateService
     C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE
     SW Update Agent
     Samsung Electronics CO., LTD.
     2.1.21.0
     c:\programdata\samsung\sw update service\swmagent.exe
     21/10/2013 8:06 PM
   ZAtheros Bt and Wlan Coex Agent
     C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
     Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and Bluetooth.
     Atheros
     8.0.0.270
     c:\program files (x86)\bluetooth suite\ath_coexagent.exe
     23/11/2012 3:41 PM
 
HKLM\System\CurrentControlSet\Services
   3ware
     System32\drivers\3ware.sys
     LSI 3ware SCSI Storport Driver
     LSI
     5.1.0.51
     c:\windows\system32\drivers\3ware.sys
     12/04/2013 6:49 AM
   ADP80XX
     System32\drivers\ADP80XX.SYS
     PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller
     PMC-Sierra
     1.0.0.254
     c:\windows\system32\drivers\adp80xx.sys
     13/07/2013 5:47 AM
   amdkmdag
     \SystemRoot\system32\DRIVERS\atikmdag.sys
     ATI Radeon Kernel Mode Driver
     Advanced Micro Devices, Inc.
     8.1.1.1331
     c:\windows\system32\drivers\atikmdag.sys
     7/11/2013 2:08 AM
   amdkmdap
     \SystemRoot\system32\DRIVERS\atikmpag.sys
     AMD multi-vendor Miniport Driver
     Advanced Micro Devices, Inc.
     8.14.1.6340
     c:\windows\system32\drivers\atikmpag.sys
     7/11/2013 12:54 AM
   amdsata
     System32\drivers\amdsata.sys
     AHCI 1.3 Device Driver
     Advanced Micro Devices
     1.1.4.14
     c:\windows\system32\drivers\amdsata.sys
     9/07/2013 6:54 AM
   amdsbs
     System32\drivers\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
     AMD Technologies Inc.
     3.7.1540.43
     c:\windows\system32\drivers\amdsbs.sys
     12/12/2012 5:21 AM
   amdxata
     System32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.4.14
     c:\windows\system32\drivers\amdxata.sys
     9/07/2013 6:45 AM
   arcsas
     System32\drivers\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     PMC-Sierra, Inc.
     7.2.0.30261
     c:\windows\system32\drivers\arcsas.sys
     9/07/2013 8:50 AM
   aswMonFlt
     \??\C:\windows\system32\drivers\aswMonFlt.sys
     avast! mini-filter driver (aswMonFlt)
     AVAST Software
     9.0.2011.263
     c:\windows\system32\drivers\aswmonflt.sys
     17/12/2013 6:28 AM
   aswRdr
     \??\C:\windows\system32\drivers\aswRdr2.sys
     avast! WFP Redirect driver
     AVAST Software
     9.0.2006.149
     c:\windows\system32\drivers\aswrdr2.sys
     11/10/2013 7:11 PM
   aswRvrt
     aswRvrt
     avast! Revert
     9.0.2004.130
     c:\windows\system32\drivers\aswrvrt.sys
     4/10/2013 3:48 PM
   aswSnx
     \??\C:\windows\system32\drivers\aswSnx.sys
     avast! virtualization driver (aswSnx)
     AVAST Software
     9.0.2011.263
     c:\windows\system32\drivers\aswsnx.sys
     17/12/2013 6:29 AM
   aswSP
     \??\C:\windows\system32\drivers\aswSP.sys
     avast! Self Protection
     AVAST Software
     9.0.2010.245
     c:\windows\system32\drivers\aswsp.sys
     9/12/2013 3:09 PM
   aswStm
     \??\C:\WINDOWS\system32\drivers\aswStm.sys
     avast! StreamFilter Callout Driver
     AVAST Software
     9.0.2011.265
     c:\windows\system32\drivers\aswstm.sys
     20/12/2013 6:11 PM
   aswVmm
     aswVmm
     avast! VM Monitor
     9.0.2010.245
     c:\windows\system32\drivers\aswvmm.sys
     9/12/2013 3:04 PM
   AthBTPort
     \SystemRoot\system32\DRIVERS\btath_flt.sys
     Qualcomm Atheros FILTER driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_flt.sys
     21/11/2012 3:35 PM
   athr
     \SystemRoot\system32\DRIVERS\athw8x.sys
     Qualcomm Atheros Extensible Wireless LAN device driver
     Qualcomm Atheros Communications, Inc.
     3.0.1.145
     c:\windows\system32\drivers\athw8x.sys
     17/01/2013 5:15 PM
   b06bdrv
     System32\drivers\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     7.4.14.0
     c:\windows\system32\drivers\bxvbda.sys
     5/02/2013 3:47 AM
   bcmfn2
     \SystemRoot\System32\drivers\bcmfn2.sys
     BCM Function 2  Device Driver
     Windows ® Win 7 DDK provider
     6.3.9391.6
     c:\windows\system32\drivers\bcmfn2.sys
     3/08/2013 7:59 AM
   BTATH_A2DP
     \SystemRoot\system32\drivers\btath_a2dp.sys
     Qualcomm Atheros A2DP driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_a2dp.sys
     21/11/2012 3:35 PM
   btath_avdt
     \SystemRoot\system32\drivers\btath_avdt.sys
     Qualcomm Atheros Bluetooth AVDT driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_avdt.sys
     2/11/2012 1:35 PM
   BTATH_HCRP
     \SystemRoot\System32\drivers\btath_hcrp.sys
     Qualcomm Atheros HCRP driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_hcrp.sys
     2/11/2012 1:36 PM
   BTATH_HID
     \SystemRoot\system32\DRIVERS\btath_hid.sys
     Qualcomm Atheros HID driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_hid.sys
     2/11/2012 1:36 PM
   BTATH_LWFLT
     \SystemRoot\system32\DRIVERS\btath_lwflt.sys
     Qualcomm Atheros FILTER driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_lwflt.sys
     2/11/2012 1:35 PM
   BTATH_RCP
     \SystemRoot\System32\drivers\btath_rcp.sys
     Qualcomm Atheros AVRCP driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btath_rcp.sys
     2/11/2012 1:36 PM
   BtFilter
     \SystemRoot\system32\DRIVERS\btfilter.sys
     Qualcomm Atheros BtFilter Driver
     Qualcomm Atheros
     8.0.0.216
     c:\windows\system32\drivers\btfilter.sys
     21/11/2012 3:35 PM
   CLVirtualDrive
     \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
     CyberLink CLVirtualDrive Driver
     CyberLink
     1.0.0.621
     c:\windows\system32\drivers\clvirtualdrive.sys
     26/12/2011 9:26 PM
   ebdrv
     System32\drivers\evbda.sys
     Broadcom NetXtreme II 10 GigE VBD
     Broadcom Corporation
     7.4.33.1
     c:\windows\system32\drivers\evbda.sys
     8/04/2013 10:30 PM
   hamachi
     \SystemRoot\system32\DRIVERS\Hamdrv.sys
     LogMeIn Hamachi Virtual Miniport Driver
     LogMeIn Inc.
     8.1.2.1
     c:\windows\system32\drivers\hamdrv.sys
     29/11/2013 11:19 PM
   hitmanpro37
     \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys
     HitmanPro 3.7 Support Driver
     1.3.7.9
     c:\windows\system32\drivers\hitmanpro37.sys
     20/08/2013 4:04 AM
   HpSAMD
     System32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     8.0.4.0
     c:\windows\system32\drivers\hpsamd.sys
     27/03/2013 5:36 AM
   iaLPSSi_GPIO
     \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
     Intel® Serial IO GPIO Controller Driver
     Intel Corporation
     1.1.163.0
     c:\windows\system32\drivers\ialpssi_gpio.sys
     26/06/2013 10:22 PM
   iaLPSSi_I2C
     \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
     Intel® Serial IO I2C Controller Driver
     Intel Corporation
     1.1.163.0
     c:\windows\system32\drivers\ialpssi_i2c.sys
     26/06/2013 10:22 PM
   iaStorA
     System32\drivers\iaStorA.sys
     Intel Rapid Storage Technology driver - x64
     Intel Corporation
     11.6.0.1030
     c:\windows\system32\drivers\iastora.sys
     2/09/2012 9:01 AM
   iaStorAV
     System32\drivers\iaStorAV.sys
     Intel Rapid Storage Technology driver (inbox) - x64
     Intel Corporation
     12.0.1.1018
     c:\windows\system32\drivers\iastorav.sys
     1/08/2013 8:00 AM
   iaStorV
     System32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - x64
     Intel Corporation
     8.6.2.1019
     c:\windows\system32\drivers\iastorv.sys
     12/04/2011 2:48 AM
   igfx
     \SystemRoot\system32\DRIVERS\igdkmd64.sys
     Intel Graphics Kernel Mode Driver
     Intel Corporation
     10.18.10.3379
     c:\windows\system32\drivers\igdkmd64.sys
     19/12/2013 4:49 AM
   intaud_WaveExtensible
     \SystemRoot\system32\drivers\intelaud.sys
     Intel© WiDi Solution
     Intel Corporation
     4.5.30.0
     c:\windows\system32\drivers\intelaud.sys
     27/09/2013 5:38 AM
   IntcAzAudAddService
     \SystemRoot\system32\drivers\RTKVHD64.sys
     Realtek® High Definition Audio Function Driver
     Realtek Semiconductor Corp.
     6.0.1.6702
     c:\windows\system32\drivers\rtkvhd64.sys
     10/08/2012 6:03 PM
   IntcDAud
     \SystemRoot\system32\DRIVERS\IntcDAud.sys
     Intel® Display Audio Driver
     Intel® Corporation
     6.14.0.3097
     c:\windows\system32\drivers\intcdaud.sys
     19/06/2012 10:40 PM
   iwdbus
     \SystemRoot\System32\drivers\iwdbus.sys
     Intel© WiDi Solution
     Intel Corporation
     4.5.30.0
     c:\windows\system32\drivers\iwdbus.sys
     27/09/2013 5:38 AM
   LSI_SAS
     System32\drivers\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.34.3.82
     c:\windows\system32\drivers\lsi_sas.sys
     29/03/2013 1:42 AM
   LSI_SAS2
     System32\drivers\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.60.82
     c:\windows\system32\drivers\lsi_sas2.sys
     29/03/2013 1:45 AM
   LSI_SAS3
     System32\drivers\lsi_sas3.sys
     LSI SAS Gen3 Driver (StorPort)
     LSI Corporation
     2.50.65.1
     c:\windows\system32\drivers\lsi_sas3.sys
     16/03/2013 7:38 AM
   LSI_SSS
     System32\drivers\lsi_sss.sys
     LSI SSS PCIe/Flash Driver (StorPort)
     LSI Corporation
     2.10.61.81
     c:\windows\system32\drivers\lsi_sss.sys
     16/03/2013 7:39 AM
   megasas
     System32\drivers\megasas.sys
     MEGASAS RAID Controller Driver for Windows
     LSI Corporation
     6.3.9466.0
     c:\windows\system32\drivers\megasas.sys
     24/07/2013 5:08 AM
   megasr
     System32\drivers\megasr.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     15.2.2013.129
     c:\windows\system32\drivers\megasr.sys
     4/06/2013 6:02 AM
   MEIx64
     \SystemRoot\System32\drivers\HECIx64.sys
     Intel® Management Engine Interface
     Intel Corporation
     9.0.0.1287
     c:\windows\system32\drivers\hecix64.sys
     18/12/2012 3:32 AM
   mvumis
     System32\drivers\mvumis.sys
     Marvell Flash Controller Driver
     Marvell Semiconductor, Inc.
     1.0.5.1015
     c:\windows\system32\drivers\mvumis.sys
     21/03/2013 1:14 AM
   nvraid
     System32\drivers\nvraid.sys
     NVIDIA© nForce RAID Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvraid.sys
     13/09/2011 8:01 AM
   nvstor
     System32\drivers\nvstor.sys
     NVIDIA© nForce Sata Performance Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvstor.sys
     13/09/2011 7:53 AM
   RadioHIDMini
     \SystemRoot\System32\drivers\RadioHIDMini.sys
     HID Radio Switch mini driver for USB Fx2 Device
     Windows ® Win 7 DDK provider
     6.2.8400.4218
     c:\windows\system32\drivers\radiohidmini.sys
     27/07/2012 7:57 PM
   RSUSBVSTOR
     \SystemRoot\System32\Drivers\RtsUVStor.sys
     Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8
     Realtek Semiconductor Corp.
     6.1.8400.39030
     c:\windows\system32\drivers\rtsuvstor.sys
     15/06/2012 1:43 PM
   RTL8168
     \SystemRoot\system32\DRIVERS\Rt630x64.sys
     Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver                
     Realtek                                            
     8.1.510.2013
     c:\windows\system32\drivers\rt630x64.sys
     10/05/2013 5:59 PM
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     13/09/2006 9:18 PM
   SiSRaid2
     System32\drivers\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     25/09/2008 2:28 AM
   SiSRaid4
     System32\drivers\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     2/10/2008 5:56 AM
   stexstor
     System32\drivers\stexstor.sys
     Promise SuperTrak EX Series Driver for Windows x64
     Promise Technology, Inc.
     5.1.0.10
     c:\windows\system32\drivers\stexstor.sys
     27/11/2012 8:02 AM
   SynTP
     \SystemRoot\system32\DRIVERS\SynTP.sys
     Synaptics Touchpad Driver
     Synaptics Incorporated
     16.2.14.2
     c:\windows\system32\drivers\syntp.sys
     17/10/2012 8:40 AM
   viaide
     System32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     22/08/2013 7:40 PM
   vsmraid
     System32\drivers\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     7.0.9200.6320
     c:\windows\system32\drivers\vsmraid.sys
     24/01/2013 4:35 AM
   VSTXRAID
     System32\drivers\vstxraid.sys
     VIA StorX RAID Controller Driver
     VIA Corporation
     8.0.9200.8110
     c:\windows\system32\drivers\vstxraid.sys
     22/01/2013 3:00 AM
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
   AthCredentialProvider
     HKCR\CLSID\{ACFC407B-266C-8504-8DAE-F3E276336E4B}
     Bluetooth Credential Provider
     Qualcomm Atheros Commnucations
     8.0.0.216
     c:\windows\system32\athcredentialprovider.dll
     5/12/2012 8:38 PM
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
   AthCredentialProvider
     HKCR\CLSID\{ACFC407B-266C-8504-8DAE-F3E276336E4B}
     Bluetooth Credential Provider
     Qualcomm Atheros Commnucations
     8.0.0.216
     c:\windows\system32\athcredentialprovider.dll
     5/12/2012 8:38 PM
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
   igfxcui
     igfxdev.dll
     igfxdev Module
     Intel Corporation
     8.15.10.3379
     c:\windows\system32\igfxdev.dll
     19/12/2013 4:46 AM
 
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
   _Wow64cpu
     Wow64cpu.dll
     File not found: C:\WINDOWS\syswow64\Wow64cpu.dll
     
   _Wow64win
     Wow64win.dll
     File not found: C:\WINDOWS\syswow64\Wow64win.dll
     
   _Wow64
     Wow64.dll
     File not found: C:\WINDOWS\syswow64\Wow64.dll
     
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   IgfxTray
     "C:\WINDOWS\system32\igfxtray.exe"
     igfxTray Module
     Intel Corporation
     8.15.10.3379
     c:\windows\system32\igfxtray.exe
     19/12/2013 4:46 AM
   HotKeysCmds
     "C:\WINDOWS\system32\hkcmd.exe"
     hkcmd Module
     Intel Corporation
     8.15.10.3379
     c:\windows\system32\hkcmd.exe
     19/12/2013 4:47 AM
   Persistence
     "C:\WINDOWS\system32\igfxpers.exe"
     persistence Module
     Intel Corporation
     8.15.10.3379
     c:\windows\system32\igfxpers.exe
     19/12/2013 4:47 AM
   RtHDVCpl
     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
     Realtek HD Audio Manager
     Realtek Semiconductor
     1.0.0.806
     c:\program files\realtek\audio\hda\ravcpl64.exe
     10/08/2012 5:12 PM
   BtTray
     "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
     BtTray
     Qualcomm Atheros
     8.0.0.216
     c:\program files (x86)\bluetooth suite\bttray.exe
     5/12/2012 8:39 PM
   BtvStack
     "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
     Extension Core
     Qualcomm Atheros Commnucations
     8.0.0.216
     c:\program files (x86)\bluetooth suite\btvstack.exe
     5/12/2012 8:39 PM
   SynTPEnh
     %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
     Synaptics TouchPad Enhancements
     Synaptics Incorporated
     16.2.14.2
     c:\program files\synaptics\syntp\syntpenh.exe
     17/10/2012 9:24 AM
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
   StartCCC
     "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
     Catalyst© Control Center Launcher
     Advanced Micro Devices, Inc.
     3.5.0.0
     c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe
     6/08/2012 11:44 PM
   IAStorIcon
     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
     Delayed launcher
     Intel Corporation
     1.0.0.2
     c:\program files (x86)\intel\intel® rapid storage technology\iastoriconlaunch.exe
     13/09/2012 5:18 AM
   CLMLServer_For_P2G8
     "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
     CyberLink MediaLibray Service
     CyberLink
     8.0.0.608
     c:\program files (x86)\cyberlink\power2go8\clmlsvc_p2g8.exe
     8/06/2012 11:20 AM
   CLVirtualDrive
     "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
     CyberLink Virtual Drive
     CyberLink Corp.
     8.0.0.1912
     c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe
     12/07/2012 7:50 PM
   RemoteControl10
     "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
     PowerDVD RC Service
     CyberLink Corp.
     10.0.4415.0
     c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
     15/08/2012 8:41 PM
   Adobe Reader Speed Launcher
     "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
     Adobe Acrobat SpeedLauncher
     Adobe Systems Incorporated
     10.1.5.33
     c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe
     18/12/2012 8:59 PM
   Adobe ARM
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
     Adobe Reader and Acrobat Manager
     Adobe Systems Incorporated
     1.7.2.0
     c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
     3/12/2012 3:34 PM
   Intel AppUp(SM) center
     "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
     Intel Services Manager
     Intel Corporation
     1.14.1.36458
     c:\program files (x86)\intel\intelappstore\bin\ismagent.exe
     24/05/2012 8:46 PM
   SDTray
     "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
     Spybot - Search & Destroy tray access
     Safer-Networking Ltd.
     2.0.12.127
     c:\program files (x86)\spybot - search & destroy 2\sdtray.exe
     13/11/2012 9:08 PM
   LogMeIn Hamachi Ui
     "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
     Hamachi Client Application
     LogMeIn Inc.
     2.2.0.109
     c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe
     29/11/2013 11:07 PM
   AvastUI.exe
     "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
     avast! Antivirus
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\avastui.exe
     17/12/2013 6:34 AM
 
HKLM\SOFTWARE\Classes\Protocols\Handler
   skype-ie-addon-data
     HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}
     Skype Click to Call for Internet Explorer
     Skype Technologies S.A.
     6.13.0.13771
     c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll
     9/10/2013 6:50 PM
 
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
   Themes Setup
     /UserInstall
     File not found: /UserInstall
     
   Windows Desktop Update
     U
     File not found: U
     
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   Quick Starter
     C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
     Quick Starter
     Samsung Electronics CO., LTD.
     1.0.2.15
     c:\program files (x86)\samsung\quick starter\quick starter.exe
     25/09/2013 5:48 PM
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Link Helper
     HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     10.1.5.33
     c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
     18/12/2012 8:32 PM
   Spybot-S&D IE Protection
     HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
     Blocks URLs that could install spyware, malware etc.
     Safer-Networking Ltd.
     2.0.12.88
     c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll
     13/11/2012 9:06 PM
   avast! Online Security
     HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
     IE Webrep plugin
     AVAST Software
     9.0.2011.70
     c:\program files\avast software\avast\aswwebrepie.dll
     17/12/2013 12:11 AM
   Skype Browser Helper
     HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
     Skype Click to Call for Internet Explorer
     Skype Technologies S.A.
     6.13.0.13771
     c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
     9/10/2013 6:57 PM
 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Link Helper
     HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     10.1.5.33
     c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
     18/12/2012 8:32 PM
   Spybot-S&D IE Protection
     HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
     Blocks URLs that could install spyware, malware etc.
     Safer-Networking Ltd.
     2.0.12.88
     c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll
     13/11/2012 9:06 PM
   avast! Online Security
     HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
     IE Webrep plugin
     AVAST Software
     9.0.2011.70
     c:\program files\avast software\avast\aswwebrepie.dll
     17/12/2013 12:11 AM
   Skype Browser Helper
     HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
     Skype Click to Call for Internet Explorer
     Skype Technologies S.A.
     6.13.0.13771
     c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
     9/10/2013 6:57 PM
 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   ANotepad++64
     HKCR\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}
     ShellHandler for Notepad++ (64 bit)
     0.1.0.0
     c:\program files (x86)\notepad++\nppshell_05.dll
     18/06/2012 11:24 PM
   Atheros
     HKCR\CLSID\{B8952421-0E55-400B-94A6-FA858FC0A39F}
     Atheros Bluetooth Module
     Qualcomm Atheros Commnucations
     8.0.0.216
     c:\program files (x86)\bluetooth suite\btvappext.dll
     5/12/2012 8:39 PM
   avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashsha64.dll
     17/12/2013 6:35 AM
   CLVDShellExt
     HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
     Cyberlink Shell Extension dynamic link library
     Cyberlink
     8.0.0.1813
     c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll
     13/06/2012 10:16 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     1/01/1970 8:00 AM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     1/01/1970 8:00 AM
   WinRAR
     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     5.0.3.0
     c:\program files\winrar\rarext.dll
     18/05/2013 12:23 AM
 
HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
   avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashshell.dll
     17/12/2013 6:27 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     13/11/2012 9:06 PM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     13/11/2012 9:06 PM
   WinRAR32
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     5.0.3.0
     c:\program files\winrar\rarext32.dll
     18/05/2013 12:23 AM
 
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers
   CLVDShellExt
     HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
     Cyberlink Shell Extension dynamic link library
     Cyberlink
     8.0.0.1813
     c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll
     13/06/2012 10:16 AM
 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
   00avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashsha64.dll
     17/12/2013 6:35 AM
   FTShellContext
     HKCR\CLSID\{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
     Atheros Bluetooth Module
     Qualcomm Atheros Commnucations
     8.0.0.216
     c:\program files (x86)\bluetooth suite\shellcontextext.dll
     5/12/2012 8:39 PM
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
     1/03/2013 4:39 AM
 
HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
   00avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashshell.dll
     17/12/2013 6:27 AM
 
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
   Ath_CopyHook
     HKCR\CLSID\{8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
     Bluetooth File Transfer Plugin
     Qualcomm Atheros Commnucations
     1.0.0.0
     c:\program files (x86)\bluetooth suite\folderviewimpl.dll
     5/12/2012 8:39 PM
   FileZilla3CopyHook
     HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
     fzshellext Dynamic Link Library
     3.2.7.0
     c:\program files (x86)\filezilla ftp client\fzshellext_64.dll
     1/08/2009 6:34 PM
 
HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers
   FileZilla3CopyHook
     HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
     fzshellext Dynamic Link Library
     3.7.3.0
     c:\program files (x86)\filezilla ftp client\fzshellext.dll
     8/08/2013 3:25 AM
 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   ACE
     HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
     AMD Desktop Control Panel
     Advanced Micro Devices, Inc.
     6.14.10.2001
     c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll
     6/08/2012 11:46 PM
   igfxcui
     HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
     igfxpph Module
     Intel Corporation
     8.15.10.3379
     c:\windows\system32\igfxpph.dll
     19/12/2013 4:47 AM
 
HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     10.1.5.33
     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
     18/12/2012 9:02 PM
 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashsha64.dll
     17/12/2013 6:35 AM
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
     1/03/2013 4:39 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     1/01/1970 8:00 AM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll
     1/01/1970 8:00 AM
   WinRAR
     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     5.0.3.0
     c:\program files\winrar\rarext.dll
     18/05/2013 12:23 AM
 
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
   avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashshell.dll
     17/12/2013 6:27 AM
   SDECon32
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     13/11/2012 9:06 PM
   SDECon64
     HKCR\CLSID\{44176360-2BBF-4EC1-93CE-384B8681A0BC}
     Windows Explorer context menu integration
     Safer-Networking Ltd.
     2.0.12.113
     c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll
     13/11/2012 9:06 PM
   WinRAR32
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     5.0.3.0
     c:\program files\winrar\rarext32.dll
     18/05/2013 12:23 AM
 
HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
   WinRAR
     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     5.0.3.0
     c:\program files\winrar\rarext.dll
     18/05/2013 12:23 AM
 
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers
   WinRAR32
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     5.0.3.0
     c:\program files\winrar\rarext32.dll
     18/05/2013 12:23 AM
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
   00avast
     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
     avast! Shell Extension
     AVAST Software
     9.0.2011.263
     c:\program files\avast software\avast\ashsha64.dll
     17/12/2013 6:35 AM
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
   avast! Online Security
     HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
     IE Webrep plugin
     AVAST Software
     9.0.2011.70
     c:\program files\avast software\avast\aswwebrepie64.dll
     17/12/2013 12:12 AM
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
   avast! Online Security
     HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
     IE Webrep plugin
     AVAST Software
     9.0.2011.70
     c:\program files\avast software\avast\aswwebrepie.dll
     17/12/2013 12:11 AM
 
HKLM\Software\Microsoft\Internet Explorer\Extensions
   Skype Click to Call
     C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
     Skype Click to Call for Internet Explorer
     Skype Technologies S.A.
     6.13.0.13771
     c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll
     9/10/2013 6:50 PM
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
   Skype Click to Call
     C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
     Skype Click to Call for Internet Explorer
     Skype Technologies S.A.
     6.13.0.13771
     c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
     9/10/2013 6:57 PM
   Spybot - Search && Destroy Configuration
     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
     Blocks URLs that could install spyware, malware etc.
     Safer-Networking Ltd.
     2.0.12.88
     c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll
     13/11/2012 9:06 PM
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     22/08/2013 7:32 PM
   VIDC.FPS1
     frapsv64.dll
     Fraps
     Beepa P/L
     3.5.99.15619
     c:\windows\system32\frapsv64.dll
     26/02/2013 2:55 PM
   vidc.mjpg
     bdmjpeg64.dll
     c:\windows\system32\bdmjpeg64.dll
     5/08/2013 2:11 PM
   vidc.mpeg
     bdmpegv64.dll
     c:\windows\system32\bdmpegv64.dll
     5/08/2013 2:11 PM
   msacm.bdmpeg
     bdmpega64.acm
     c:\windows\system32\bdmpega64.acm
     5/08/2013 2:11 PM
 
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\SysWOW64\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\syswow64\l3codeca.acm
     22/08/2013 12:03 PM
   vidc.cvid
     iccvid.dll
     Cinepak© Codec
     Radius Inc.
     1.10.0.12
     c:\windows\syswow64\iccvid.dll
     22/08/2013 12:03 PM
   VIDC.FPS1
     frapsvid.dll
     Fraps
     Beepa P/L
     3.5.99.15619
     c:\windows\syswow64\frapsvid.dll
     26/02/2013 2:55 PM
   vidc.mjpg
     bdmjpeg.dll
     c:\windows\syswow64\bdmjpeg.dll
     5/08/2013 2:11 PM
   vidc.mpeg
     bdmpegv.dll
     c:\windows\syswow64\bdmpegv.dll
     5/08/2013 2:11 PM
   msacm.bdmpeg
     bdmpega.acm
     c:\windows\syswow64\bdmpega.acm
     5/08/2013 2:11 PM
 
HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   Bandisoft MPEG-1 Video Decoder
     HKCR\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.5.16
     c:\program files (x86)\bandimpeg1\bdfilters64.dll
     5/08/2013 2:11 PM
   Bandisoft MPEG-1 Audio Decoder
     HKCR\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.5.16
     c:\program files (x86)\bandimpeg1\bdfilters64.dll
     5/08/2013 2:11 PM
 
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   ATI Ticker
     HKCR\CLSID\{10AD8B9D-222E-44D1-881B-0EA79E1B2D6E}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax
     6/08/2012 11:44 PM
   CyberLink Audio Wizard
     HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321}
     CyberLink Audio Wizard Filter
     CyberLink Corp.
     1.0.0.4414
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax
     14/08/2009 9:26 PM
   CyberLink Line21 Decoder (PDVD10)
     HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1}
     CyberLink Line21 Decoder Filter
     CyberLink Corp.
     4.0.0.10324
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax
     24/07/2009 10:21 AM
   CyberLink DVD Navigator (PDVD10)
     HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11}
     CyberLink DVD Navigation Filter
     CyberLink Corp.
     8.1.3802.0
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax
     2/02/2012 8:46 PM
   CyberLink AudioCD Filter (PDVD10)
     HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F}
     CyberLink AudioCD Filter
     CyberLink Corp.
     5.0.0.7823
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax
     23/06/2009 10:00 PM
   CyberLink Matroska Splitter(PDVD10)
     HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454}
     CyberLink Matroska Splitter
     CyberLink Corp.
     1.0.0.1902
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax
     2/07/2010 5:20 PM
   CyberLink TimeStretch Filter (PDVD10)
     HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E}
     CLAuTS.ax
     CyberLink Corp.
     2.0.0.3404
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax
     4/10/2010 11:39 AM
   CyberLink RealMedia Splitter(PDVD10)
     HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666}
     CyberLink RealMedia Splitter
     CyberLink Corp.
     1.0.0.1706
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax
     6/05/2010 5:42 PM
   CyberLink MPEG Splitter
     HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}
     CyberLink MPEG Splitter
     CyberLink Corp.
     3.4.0.3408
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax
     8/10/2010 4:23 PM
   MMACE ProcAmp
     HKCR\CLSID\{4A6E162C-6F51-4956-86D0-A72729178B9B}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll
     6/08/2012 11:45 PM
   CyberLink Audio Decoder (PDVD10)
     HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C}
     CyberLink Audio Decoder Filter
     CyberLink Corp.
     9.0.0.1722
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax
     22/05/2012 4:03 PM
   CyberLink Video/SP Decoder (PDVD10)
     HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB}
     CyberLink Video/SP Filter
     CyberLink Corp.
     8.4.0.2505
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax
     5/01/2011 7:11 PM
   CyberLink HD/BD Mixer (PDVD10)
     HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E}
     CLHBMixer
      
     2.0.0.5211
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax
     11/04/2012 6:03 PM
   CyberLink Audio Effect (PDVD10)
     HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D}
     CyberLink Audio Effect Filter
     CyberLink Corporation
     6.0.0.7225
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax
     25/12/2009 4:54 PM
   CyberLink Digest Filter (PDVD10)
     HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A}
     DigestFilter Dynamic Link Library
     1.0.0.4028
     c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll
     28/04/2010 8:54 PM
   MMACE SoftEmu
     HKCR\CLSID\{854F4628-CE51-42C4-80E9-80DAE27FAAAE}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll
     6/08/2012 11:45 PM
   Bandisoft MPEG-1 Video Decoder
     HKCR\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.5.16
     c:\program files (x86)\bandimpeg1\bdfilters.dll
     5/08/2013 2:11 PM
   Cyberlink SubTitle Importor (PDVD10)
     HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91}
     CLSubTitle.ax
     CyberLink Corp.
     2.0.0.1823
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
     23/06/2011 3:22 PM
   MMACE Deinterlace
     HKCR\CLSID\{9E665ED7-958C-410C-9C56-05DA783E7933}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll
     6/08/2012 11:45 PM
   CyberLink HAM Decoder
     HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED}
     CyberLink Video Decoder Filter
     CyberLink Corp.
     1.0.5540.4128
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
     28/05/2012 10:30 PM
   CyberLink Tzan Filter (PDVD10)
     HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116}
     CyberLink Tzan Filter
     CyberLink Corp.
     3.5.0.4515
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax
     15/09/2011 2:04 PM
   CyberLink RealVideo Decoder(PDVD10)
     HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682}
     CyberLink RealMedia Video Decoder
     CyberLink Corp.
     1.0.0.1225
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax
     25/12/2009 11:42 AM
   Cyberlink SubTitle Importor 2.0 (PDVD10)
     HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C}
     CLSubTitle.ax
     CyberLink Corp.
     2.0.0.1823
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
     23/06/2011 3:22 PM
   CyberLink Video Decoder (PDVD10)
     HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E}
     CyberLink Video Decoder Filter
     CyberLink Corp.
     1.0.5540.4128
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
     28/05/2012 10:30 PM
   CyberLink MPEG-4 Splitter (PDVD10)
     HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}
     CyberLink MPEG-4 Splitter
     CyberLink Corp.
     1.1.0.2906
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax
     6/05/2010 6:39 PM
   CyberLink RealAudio Decoder(PDVD10)
     HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF}
     CyberLink RealMedia Audio Decoder
     CyberLink Corp.
     1.0.0.1225
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax
     25/12/2009 11:44 AM
   Bandisoft MPEG-1 Audio Decoder
     HKCR\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.5.16
     c:\program files (x86)\bandimpeg1\bdfilters.dll
     5/08/2013 2:11 PM
   CyberLink FLV Splitter(PDVD10)
     HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580}
     CyberLink FLV Splitter
     CyberLink Corp.
     1.0.0.3327
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax
     27/09/2011 3:30 PM
   Cyberlink Demuxer 2.0
     HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38}
     CLDemuxer2
     Cyberlink
     2.0.6.2518
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax
     18/01/2011 8:29 PM
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ciaran\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Ciaran\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=38 folders=10 175655 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Ciaran\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Marty\AppData\Local\Temp  will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Marty\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sun 26/01/2014 at 11:16:06.79 ======================
Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Hi Kevin

 

I can't run MBAM as I get a Run time error, Type 13 Mismatch.  I can't update it either as the Update button is greyed out and the date on the database file is displayed as 01/01/1601.

 

Should I uninstall the version I have and download and install a new version?

 

cheers

 

Marty

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwarebytes.org/mbam-clean.exe

 

Now do the following:

 

  •   

    [*] Click on Start and select Control Panel

    [*] Open Uninstall a Program

    [*] Uninstall Malwarebytes' Anti-Malware

    [*] Restart your computer, very important to do that!!

    [*] Run mbam-clean.exe

    [*] It will ask to restart your computer, please allow it to do so, very important!!

 

Next, D/L and install Malwarebytes again from here:-

 

mbamicontw5.gif Please download Malwarebytes Anti-Malware and save it to your desktop.

 

Double Click mbam-setup.exe to install the application. Open Malwarebytes and check for updates then run a quick scan..

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfindmalwarebytes
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Next,

 

Run FRST one more time, make sure all boxes under "White list" are checked. Also "Addion,txt" under Optional scan is also checked, 

 

Post logs to next reply...
 

Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Thanks Kevin

 

System Look log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:58 on 27/01/2014 by Marty
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "malwarebytes"
[HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit]
[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"
[HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit]
[HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware]
 
-= EOF =-
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Marty (administrator) on SAMSUNGI5 on 27-01-2014 17:59:31
Running from C:\Users\Marty\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [btTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [Quick Starter] - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2338352 2013-09-25] (Samsung Electronics CO., LTD.)
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\Ciaran\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Ciaran\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1823656 2013-12-12] (Valve Corporation)
HKU\Ciaran\...\Run: [sanDiskSecureAccess_Manager.exe] - C:\Users\Ciaran\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [31095432 2010-11-10] (Dmailer S.A.)
HKU\Ciaran\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\Ciaran\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\Ciaran\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut.jar ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = 
SearchScopes: HKLM-x32 - DefaultScope {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
CHR Extension: (Google Search) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
CHR Extension: (Skype Click to Call) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)
U2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
U2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
U2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-26] (AVAST Software)
U1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-14] (AVAST Software)
U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-14] ()
U1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-01-26] (AVAST Software)
U1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-01-26] (AVAST Software)
U3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-26] (AVAST Software)
U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-22] ()
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
U3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
U3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-01-22] ()
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-21] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-21] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-27 17:58 - 2014-01-27 17:58 - 00003618 _____ C:\Users\Marty\Downloads\SystemLook.txt
2014-01-27 17:57 - 2014-01-27 17:57 - 00165376 _____ C:\Users\Marty\Downloads\SystemLook_x64.exe
2014-01-27 12:16 - 2014-01-27 12:16 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Marty\Downloads\mbam-clean-1.60.2.0003.exe
2014-01-26 11:57 - 2014-01-26 11:57 - 00000000 ____D C:\Users\Marty\Desktop\Zoek
2014-01-26 11:07 - 2013-10-18 01:11 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2014-01-26 11:06 - 2014-01-26 11:06 - 00000000 ____D C:\Program Files (x86)\HiJackThis
2014-01-26 10:51 - 2014-01-26 11:16 - 00111415 _____ C:\zoek-results.log
2014-01-26 10:49 - 2014-01-26 11:05 - 00000000 ____D C:\zoek_backup
2014-01-26 10:15 - 2014-01-26 10:15 - 04086782 _____ C:\Users\Marty\Downloads\zoek.zip
2014-01-25 19:10 - 2014-01-26 10:44 - 00000000 ____D C:\Users\Marty\Downloads\FRST-OlderVersion
2014-01-24 23:56 - 2014-01-24 23:57 - 00286832 _____ C:\WINDOWS\Minidump\012414-28375-01.dmp
2014-01-24 23:55 - 2014-01-24 23:55 - 00000091 _____ C:\Users\Marty\Desktop\catchme.log
2014-01-24 23:24 - 2014-01-24 23:24 - 00000000 _____ C:\WINDOWS\system32\getservice.txt
2014-01-24 23:23 - 2014-01-24 23:23 - 00130337 _____ C:\Users\Marty\Downloads\getservices.zip
2014-01-24 23:23 - 2014-01-24 23:23 - 00000000 ____D C:\Users\Marty\Downloads\getservices
2014-01-24 23:05 - 2014-01-24 23:05 - 00290960 _____ C:\WINDOWS\Minidump\012414-28531-01.dmp
2014-01-24 21:38 - 2014-01-24 21:40 - 00005164 _____ C:\Users\Marty\Desktop\Rkill.txt
2014-01-24 20:45 - 2014-01-24 20:45 - 00688992 _____ (Swearware) C:\Users\Marty\Downloads\dds.com
2014-01-24 20:11 - 2014-01-24 20:20 - 00000000 ____D C:\Users\Marty\Desktop\RK_Quarantine
2014-01-24 20:04 - 2014-01-24 20:04 - 00286832 _____ C:\WINDOWS\Minidump\012414-29031-01.dmp
2014-01-23 06:11 - 2014-01-24 22:49 - 00000796 _____ C:\WINDOWS\setupact.log
2014-01-23 06:11 - 2014-01-23 06:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-23 06:10 - 2014-01-27 13:34 - 01281100 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 01:01 - 2014-01-27 13:11 - 00099338 _____ C:\WINDOWS\PFRO.log
2014-01-23 00:34 - 2014-01-24 23:56 - 515196296 _____ C:\WINDOWS\MEMORY.DMP
2014-01-23 00:34 - 2014-01-23 00:34 - 00286832 _____ C:\WINDOWS\Minidump\012314-27921-01.dmp
2014-01-23 00:27 - 2014-01-24 22:54 - 00000000 ____D C:\ProgramData\SUPERSetup
2014-01-23 00:08 - 2014-01-23 00:08 - 00261778 _____ C:\Users\Marty\Documents\cc_20140123_000820.reg
2014-01-23 00:06 - 2014-01-23 00:06 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-23 00:06 - 2014-01-23 00:06 - 00000000 ____D C:\Program Files\CCleaner
2014-01-23 00:05 - 2014-01-23 00:05 - 04645232 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup409.exe
2014-01-22 22:59 - 2014-01-22 22:59 - 00000000 ____D C:\Users\Marty\Desktop\MBAR
2014-01-22 22:48 - 2014-01-22 22:49 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe
2014-01-22 22:20 - 2014-01-22 22:20 - 00000000 ____D C:\Program Files\Reason
2014-01-22 22:19 - 2014-01-22 22:19 - 01970440 _____ (Reason Company Software Inc.) C:\Users\Marty\Downloads\herdProtectScan_Setup.exe
2014-01-22 22:03 - 2014-01-22 22:04 - 04406784 _____ C:\Users\Marty\Downloads\RogueKillerX64.exe
2014-01-22 21:56 - 2014-01-22 21:56 - 00024384 _____ C:\Users\Marty\Downloads\Addition.txt
2014-01-22 21:55 - 2014-01-27 17:59 - 00015420 _____ C:\Users\Marty\Downloads\FRST.txt
2014-01-22 21:55 - 2014-01-26 10:44 - 00000000 ____D C:\FRST
2014-01-22 21:54 - 2014-01-26 10:44 - 02078208 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe
2014-01-22 21:37 - 2014-01-22 21:37 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marty\Downloads\autoruns.exe
2014-01-22 19:20 - 2014-01-22 19:21 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Marty\Downloads\ADSSpy.exe
2014-01-22 01:22 - 2014-01-22 01:22 - 00001690 _____ C:\WINDOWS\system32\.crusader
2014-01-22 01:12 - 2014-01-22 01:23 - 00032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-01-22 01:12 - 2014-01-22 01:22 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-22 01:11 - 2014-01-22 01:11 - 00930440 _____ (CNET Download.com) C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe
2014-01-22 01:02 - 2014-01-26 12:01 - 00001988 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-22 01:01 - 2014-01-26 12:01 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-01-22 01:01 - 2014-01-26 12:01 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-22 00:56 - 2014-01-22 00:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Marty\Downloads\maldead.exe
2014-01-22 00:08 - 2014-01-22 00:08 - 00000000 _____ C:\Users\Marty\Downloads\Ret.reg
2014-01-21 23:23 - 2014-01-21 23:23 - 00000227 _____ C:\WINDOWS\SysWOW64\mbr.log
2014-01-21 23:09 - 2014-01-24 21:38 - 00000227 _____ C:\Users\Marty\Downloads\mbr.log
2014-01-21 23:08 - 2014-01-21 23:08 - 00147456 _____ C:\Users\Marty\Downloads\catchme.exe
2014-01-21 23:08 - 2014-01-21 23:08 - 00089088 _____ C:\Users\Marty\Downloads\mbr.exe
2014-01-21 22:40 - 2014-01-21 22:41 - 29507728 _____ (SUPERAntiSpyware) C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe
2014-01-21 22:30 - 2014-01-24 23:56 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-21 22:29 - 2014-01-21 22:29 - 00379904 _____ C:\Users\Marty\Downloads\iexplore.exe
2014-01-21 22:11 - 2014-01-24 22:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-21 22:04 - 2014-01-21 22:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Marty\Downloads\tdsskiller.exe
2014-01-21 21:26 - 2014-01-21 21:26 - 01402880 _____ C:\Users\Marty\Downloads\HijackThis.msi
2014-01-21 20:31 - 2014-01-21 20:31 - 00001446 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 20:31 - 2014-01-21 20:31 - 00000000 ____D C:\Users\Marty\AppData\Roaming\AVAST Software
2014-01-21 20:30 - 2014-01-21 20:30 - 00000020 ___SH C:\Users\Marty\ntuser.ini
2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Users\Ciaran\Pavtube
2014-01-21 18:22 - 2014-01-21 18:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Pavtube
2014-01-21 18:02 - 2014-01-21 18:03 - 49108850 _____ (Pavtube Studio.                                             ) C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe
2014-01-21 10:17 - 2014-01-21 10:24 - 39286002 _____ C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip
2014-01-21 08:13 - 2014-01-23 00:07 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-21 08:11 - 2014-01-21 08:11 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00000000 ____D C:\Windows.old
2014-01-21 08:10 - 2014-01-21 08:10 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-21 08:10 - 2014-01-21 08:10 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-21 08:09 - 2014-01-21 08:09 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\MSBuild
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-21 08:06 - 2014-01-20 16:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-21 08:05 - 2014-01-20 16:20 - 00000000 ____D C:\Recovery
2014-01-21 08:05 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-01-21 08:05 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-21 08:05 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-01-21 02:16 - 2014-01-23 01:01 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-21 02:16 - 2014-01-22 01:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\reader
2014-01-21 02:16 - 2014-01-21 02:16 - 00047548 _____ C:\Users\Ciaran\Downloads\Minecraft (2).jar
2014-01-21 02:16 - 2014-01-21 02:16 - 00000000 _____ C:\Users\Ciaran\13stdybt37.tmp
2014-01-21 02:12 - 2014-01-21 02:12 - 00783704 _____ C:\Users\Ciaran\Downloads\MC Force Op LauncherMC.rar
2014-01-20 20:46 - 2014-01-20 20:46 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Spoon
2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-20 16:54 - 2014-01-21 13:10 - 00000000 __RDO C:\Users\Ciaran\SkyDrive
2014-01-20 16:53 - 2014-01-20 16:53 - 00002060 _____ C:\Users\Public\Desktop\Support Center.lnk
2014-01-20 16:51 - 2014-01-20 16:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-20 16:50 - 2014-01-20 16:50 - 00001446 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-20 16:49 - 2014-01-20 16:49 - 00000020 ___SH C:\Users\Ciaran\ntuser.ini
2014-01-20 16:46 - 2014-01-20 16:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 16:25 - 2014-01-20 16:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-20 16:23 - 2014-01-25 00:00 - 00000000 ____D C:\Users\Marty
2014-01-20 16:23 - 2014-01-21 20:30 - 00000000 ____D C:\Users\Ciaran
2014-01-20 16:23 - 2014-01-20 16:36 - 00000000 ____D C:\Users\Administrator
2014-01-20 16:23 - 2014-01-20 16:25 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:23 - 2014-01-20 16:24 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:23 - 2014-01-20 16:24 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 16:23 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 16:22 - 2014-01-20 16:46 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2014-01-20 16:22 - 2014-01-20 16:46 - 00036198 _____ C:\WINDOWS\diagerr.xml
2014-01-20 16:17 - 2014-01-20 16:27 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-20 16:17 - 2014-01-20 16:17 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Synaptics
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Realtek
2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 ____D C:\Program Files\Intel
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\AMD
2014-01-18 20:48 - 2014-01-18 20:48 - 00001377 _____ C:\Users\Ciaran\Desktop\Play Plants vs. Zombies.lnk
2014-01-18 20:30 - 2014-01-18 20:30 - 00001078 _____ C:\Users\Ciaran\Desktop\Pokemon Showdown.lnk
2014-01-18 20:25 - 2014-01-18 20:26 - 24156191 _____ C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe
2014-01-18 18:30 - 2014-01-18 19:06 - 00001642 _____ C:\Users\Ciaran\Desktop\My Mod App CSG.txt
2014-01-18 18:15 - 2013-09-27 14:57 - 00675988 _____ C:\Users\Ciaran\Desktop\Minecraft.exe
2014-01-18 17:53 - 2014-01-18 17:53 - 00000136 _____ C:\Users\Ciaran\Desktop\Call of Duty® World at War.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00002125 _____ C:\Users\Public\Desktop\S Service.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Samsung
2014-01-18 17:02 - 2014-01-18 17:02 - 00002101 _____ C:\Users\Public\Desktop\Quick Starter.lnk
2014-01-18 16:48 - 2014-01-18 16:51 - 00000000 ___RD C:\Users\Ciaran\Documents\Desktop stuff
2014-01-18 00:31 - 2014-01-18 00:31 - 00209469 _____ C:\Users\Ciaran\Downloads\Level 72 Borderlands 2 Characters (1).rar
2014-01-18 00:27 - 2014-01-18 00:27 - 01226271 _____ C:\Users\Ciaran\Downloads\saveedit_r227.zip
2014-01-17 23:32 - 2014-01-17 23:33 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\Ciaran\Downloads\GyazoSetup.exe
2014-01-07 16:01 - 2014-01-07 16:01 - 00401776 _____ (Softonic                                        ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe
2014-01-05 19:11 - 2014-01-05 19:11 - 00616312 _____ (Windows 8.1 32 Bit  64Bit  Free Download Serial Key) C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe
2014-01-05 16:47 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (3).zip
2014-01-05 16:46 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (2).zip
2013-12-31 14:02 - 2013-12-31 14:03 - 05662741 _____ C:\Users\Ciaran\Downloads\gta8.zip
2013-12-30 19:21 - 2013-12-30 19:21 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\openvr
2013-12-29 16:29 - 2013-12-29 16:29 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (1).zip
2013-12-28 22:03 - 2013-12-28 22:03 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 22:00 - 2013-12-28 22:00 - 00915368 _____ (Oracle Corporation) C:\Users\Ciaran\Downloads\chromeinstall-7u45.exe
2013-12-28 21:21 - 2013-12-28 21:21 - 00817443 _____ C:\Users\Ciaran\Downloads\PokeGen_full.zip
 
==================== One Month Modified Files and Folders =======
 
2014-01-27 17:59 - 2014-01-22 21:55 - 00015420 _____ C:\Users\Marty\Downloads\FRST.txt
2014-01-27 17:58 - 2014-01-27 17:58 - 00003618 _____ C:\Users\Marty\Downloads\SystemLook.txt
2014-01-27 17:58 - 2013-11-14 15:28 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-27 17:57 - 2014-01-27 17:57 - 00165376 _____ C:\Users\Marty\Downloads\SystemLook_x64.exe
2014-01-27 17:57 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-27 13:34 - 2014-01-23 06:10 - 01281100 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-27 13:12 - 2013-10-23 18:50 - 00000000 ____D C:\Users\Marty\AppData\Local\LogMeIn Hamachi
2014-01-27 13:11 - 2014-01-23 01:01 - 00099338 _____ C:\WINDOWS\PFRO.log
2014-01-27 12:28 - 2013-05-14 20:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Marty\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-27 12:16 - 2014-01-27 12:16 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Marty\Downloads\mbam-clean-1.60.2.0003.exe
2014-01-26 12:02 - 2013-10-23 22:21 - 00000000 ____D C:\WINDOWS\pss
2014-01-26 12:01 - 2014-01-22 01:02 - 00001988 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-26 12:01 - 2014-01-22 01:01 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-01-26 12:01 - 2014-01-22 01:01 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-26 12:01 - 2013-12-14 14:11 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-26 12:01 - 2013-05-14 19:45 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-26 12:01 - 2013-05-14 19:45 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-26 12:01 - 2013-05-14 19:45 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-26 12:01 - 2013-05-14 19:45 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-26 11:58 - 2013-10-23 18:51 - 00000000 ____D C:\Users\Marty\AppData\Local\CrashDumps
2014-01-26 11:57 - 2014-01-26 11:57 - 00000000 ____D C:\Users\Marty\Desktop\Zoek
2014-01-26 11:16 - 2014-01-26 10:51 - 00111415 _____ C:\zoek-results.log
2014-01-26 11:06 - 2014-01-26 11:06 - 00000000 ____D C:\Program Files (x86)\HiJackThis
2014-01-26 11:05 - 2014-01-26 10:49 - 00000000 ____D C:\zoek_backup
2014-01-26 10:44 - 2014-01-25 19:10 - 00000000 ____D C:\Users\Marty\Downloads\FRST-OlderVersion
2014-01-26 10:44 - 2014-01-22 21:55 - 00000000 ____D C:\FRST
2014-01-26 10:44 - 2014-01-22 21:54 - 02078208 _____ (Farbar) C:\Users\Marty\Downloads\FRST64.exe
2014-01-26 10:15 - 2014-01-26 10:15 - 04086782 _____ C:\Users\Marty\Downloads\zoek.zip
2014-01-26 10:12 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-25 01:32 - 2013-08-22 21:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2014-01-25 00:00 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Marty
2014-01-24 23:57 - 2014-01-24 23:56 - 00286832 _____ C:\WINDOWS\Minidump\012414-28375-01.dmp
2014-01-24 23:56 - 2014-01-23 00:34 - 515196296 _____ C:\WINDOWS\MEMORY.DMP
2014-01-24 23:56 - 2014-01-21 22:30 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-24 23:55 - 2014-01-24 23:55 - 00000091 _____ C:\Users\Marty\Desktop\catchme.log
2014-01-24 23:24 - 2014-01-24 23:24 - 00000000 _____ C:\WINDOWS\system32\getservice.txt
2014-01-24 23:23 - 2014-01-24 23:23 - 00130337 _____ C:\Users\Marty\Downloads\getservices.zip
2014-01-24 23:23 - 2014-01-24 23:23 - 00000000 ____D C:\Users\Marty\Downloads\getservices
2014-01-24 23:05 - 2014-01-24 23:05 - 00290960 _____ C:\WINDOWS\Minidump\012414-28531-01.dmp
2014-01-24 22:59 - 2014-01-21 22:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-24 22:54 - 2014-01-23 00:27 - 00000000 ____D C:\ProgramData\SUPERSetup
2014-01-24 22:49 - 2014-01-23 06:11 - 00000796 _____ C:\WINDOWS\setupact.log
2014-01-24 21:40 - 2014-01-24 21:38 - 00005164 _____ C:\Users\Marty\Desktop\Rkill.txt
2014-01-24 21:38 - 2014-01-21 23:09 - 00000227 _____ C:\Users\Marty\Downloads\mbr.log
2014-01-24 20:45 - 2014-01-24 20:45 - 00688992 _____ (Swearware) C:\Users\Marty\Downloads\dds.com
2014-01-24 20:20 - 2014-01-24 20:11 - 00000000 ____D C:\Users\Marty\Desktop\RK_Quarantine
2014-01-24 20:04 - 2014-01-24 20:04 - 00286832 _____ C:\WINDOWS\Minidump\012414-29031-01.dmp
2014-01-23 06:11 - 2014-01-23 06:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-23 01:01 - 2014-01-21 02:16 - 00000000 ___HD C:\ProgramData\{$6666-4448-3690-4432-8983$}
2014-01-23 01:01 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\schemas
2014-01-23 01:01 - 2013-05-14 21:09 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 00:34 - 2014-01-23 00:34 - 00286832 _____ C:\WINDOWS\Minidump\012314-27921-01.dmp
2014-01-23 00:08 - 2014-01-23 00:08 - 00261778 _____ C:\Users\Marty\Documents\cc_20140123_000820.reg
2014-01-23 00:07 - 2014-01-21 08:13 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-23 00:07 - 2013-05-27 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-23 00:06 - 2014-01-23 00:06 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-23 00:06 - 2014-01-23 00:06 - 00000000 ____D C:\Program Files\CCleaner
2014-01-23 00:05 - 2014-01-23 00:05 - 04645232 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup409.exe
2014-01-22 22:59 - 2014-01-22 22:59 - 00000000 ____D C:\Users\Marty\Desktop\MBAR
2014-01-22 22:49 - 2014-01-22 22:48 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marty\Downloads\mbar-1.07.0.1008.exe
2014-01-22 22:20 - 2014-01-22 22:20 - 00000000 ____D C:\Program Files\Reason
2014-01-22 22:19 - 2014-01-22 22:19 - 01970440 _____ (Reason Company Software Inc.) C:\Users\Marty\Downloads\herdProtectScan_Setup.exe
2014-01-22 22:04 - 2014-01-22 22:03 - 04406784 _____ C:\Users\Marty\Downloads\RogueKillerX64.exe
2014-01-22 21:56 - 2014-01-22 21:56 - 00024384 _____ C:\Users\Marty\Downloads\Addition.txt
2014-01-22 21:37 - 2014-01-22 21:37 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Marty\Downloads\autoruns.exe
2014-01-22 19:21 - 2014-01-22 19:20 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Marty\Downloads\ADSSpy.exe
2014-01-22 01:23 - 2014-01-22 01:12 - 00032512 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-01-22 01:22 - 2014-01-22 01:22 - 00001690 _____ C:\WINDOWS\system32\.crusader
2014-01-22 01:22 - 2014-01-22 01:12 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-22 01:22 - 2014-01-21 02:16 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\reader
2014-01-22 01:11 - 2014-01-22 01:11 - 00930440 _____ (CNET Download.com) C:\Users\Marty\Downloads\cbsidlm-cbsi176-HitmanPro_3_64bit-ORG-75110395.exe
2014-01-22 01:01 - 2013-05-14 19:45 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-22 00:56 - 2014-01-22 00:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Marty\Downloads\maldead.exe
2014-01-22 00:08 - 2014-01-22 00:08 - 00000000 _____ C:\Users\Marty\Downloads\Ret.reg
2014-01-21 23:23 - 2014-01-21 23:23 - 00000227 _____ C:\WINDOWS\SysWOW64\mbr.log
2014-01-21 23:08 - 2014-01-21 23:08 - 00147456 _____ C:\Users\Marty\Downloads\catchme.exe
2014-01-21 23:08 - 2014-01-21 23:08 - 00089088 _____ C:\Users\Marty\Downloads\mbr.exe
2014-01-21 22:41 - 2014-01-21 22:40 - 29507728 _____ (SUPERAntiSpyware) C:\Users\Marty\Downloads\SUPERAntiSpyware (1).exe
2014-01-21 22:29 - 2014-01-21 22:29 - 00379904 _____ C:\Users\Marty\Downloads\iexplore.exe
2014-01-21 22:04 - 2014-01-21 22:04 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Marty\Downloads\tdsskiller.exe
2014-01-21 21:35 - 2013-05-14 20:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-21 21:34 - 2013-05-14 20:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2014-01-21 21:26 - 2014-01-21 21:26 - 01402880 _____ C:\Users\Marty\Downloads\HijackThis.msi
2014-01-21 20:32 - 2012-12-25 17:41 - 00000000 ____D C:\Users\Marty\AppData\Local\Packages
2014-01-21 20:31 - 2014-01-21 20:31 - 00001446 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-21 20:31 - 2014-01-21 20:31 - 00000000 ____D C:\Users\Marty\AppData\Roaming\AVAST Software
2014-01-21 20:31 - 2013-05-13 20:15 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 20:31 - 2013-05-13 20:15 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-21 20:30 - 2014-01-21 20:30 - 00000020 ___SH C:\Users\Marty\ntuser.ini
2014-01-21 20:30 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Ciaran
2014-01-21 20:26 - 2013-10-24 00:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-21 20:08 - 2013-05-21 13:19 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Skype
2014-01-21 18:23 - 2014-01-21 18:23 - 00000000 ____D C:\Users\Ciaran\Pavtube
2014-01-21 18:22 - 2014-01-21 18:22 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Pavtube
2014-01-21 18:03 - 2014-01-21 18:02 - 49108850 _____ (Pavtube Studio.                                             ) C:\Users\Ciaran\Downloads\hdvideoconverter_setup_r609505.exe
2014-01-21 13:52 - 2013-08-28 19:55 - 00007596 _____ C:\Users\Ciaran\AppData\Local\Resmon.ResmonCfg
2014-01-21 13:30 - 2013-05-28 16:08 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Apple Computer
2014-01-21 13:21 - 2013-05-14 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-21 13:17 - 2013-11-30 21:17 - 00000000 ____D C:\Program Files (x86)\Pamela RichMood Editor
2014-01-21 13:10 - 2014-01-20 16:54 - 00000000 __RDO C:\Users\Ciaran\SkyDrive
2014-01-21 12:32 - 2013-08-22 22:44 - 00481024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-21 12:11 - 2013-09-27 15:23 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\.minecraft
2014-01-21 11:44 - 2013-05-17 09:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1229153242-3201741155-1693493588-1005
2014-01-21 11:39 - 2013-05-14 19:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 11:39 - 2013-05-14 19:25 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 10:24 - 2014-01-21 10:17 - 39286002 _____ C:\Users\Ciaran\Desktop\CSG PACK BRENNAN0404 copy.zip
2014-01-21 08:11 - 2014-01-21 08:11 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-21 08:11 - 2014-01-21 08:11 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-01-21 08:11 - 2014-01-21 08:11 - 00000000 ____D C:\Windows.old
2014-01-21 08:11 - 2013-08-22 23:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2014-01-21 08:11 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-21 08:10 - 2014-01-21 08:10 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-01-21 08:10 - 2014-01-21 08:10 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-01-21 08:10 - 2014-01-21 08:10 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-01-21 08:10 - 2014-01-21 08:10 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-01-21 08:10 - 2014-01-21 08:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-01-21 08:10 - 2014-01-21 08:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-01-21 08:10 - 2014-01-21 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ___RD C:\WINDOWS\ToastData
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\FileManager
2014-01-21 08:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Camera
2014-01-21 08:09 - 2014-01-21 08:09 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files\MSBuild
2014-01-21 08:06 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2014-01-21 02:16 - 2014-01-21 02:16 - 00047548 _____ C:\Users\Ciaran\Downloads\Minecraft (2).jar
2014-01-21 02:16 - 2014-01-21 02:16 - 00000000 _____ C:\Users\Ciaran\13stdybt37.tmp
2014-01-21 02:12 - 2014-01-21 02:12 - 00783704 _____ C:\Users\Ciaran\Downloads\MC Force Op LauncherMC.rar
2014-01-20 20:53 - 2013-05-13 21:41 - 00000000 ____D C:\ProgramData\WinClon
2014-01-20 20:46 - 2014-01-20 20:46 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Spoon
2014-01-20 17:16 - 2013-05-14 19:45 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-01-20 17:13 - 2013-05-21 14:34 - 00000000 ____D C:\Users\Ciaran\AppData\Local\LogMeIn Hamachi
2014-01-20 17:12 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-01-20 17:00 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\restore
2014-01-20 16:54 - 2013-11-14 16:08 - 00000000 ___HD C:\$Windows.~BT
2014-01-20 16:54 - 2012-12-25 18:03 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Packages
2014-01-20 16:53 - 2014-01-20 16:53 - 00002060 _____ C:\Users\Public\Desktop\Support Center.lnk
2014-01-20 16:51 - 2014-01-20 16:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2014-01-20 16:50 - 2014-01-20 16:50 - 00001446 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-20 16:50 - 2013-05-14 21:09 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-20 16:49 - 2014-01-20 16:49 - 00000020 ___SH C:\Users\Ciaran\ntuser.ini
2014-01-20 16:48 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-20 16:47 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Registration
2014-01-20 16:46 - 2014-01-20 16:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2014-01-20 16:46 - 2014-01-20 16:22 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2014-01-20 16:46 - 2014-01-20 16:22 - 00036198 _____ C:\WINDOWS\diagerr.xml
2014-01-20 16:39 - 2013-08-22 23:36 - 00000000 __RSD C:\WINDOWS\Media
2014-01-20 16:39 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-20 16:37 - 2013-05-13 22:48 - 00880342 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-20 16:36 - 2014-01-20 16:23 - 00000000 ____D C:\Users\Administrator
2014-01-20 16:30 - 2013-08-22 21:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 16:29 - 2014-01-20 16:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 16:29 - 2012-07-26 13:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2014-01-20 16:28 - 2013-11-14 15:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\spool
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-20 16:28 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\IME
2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2014-01-20 16:28 - 2013-08-22 21:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2014-01-20 16:28 - 2013-05-13 21:39 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2014-01-20 16:27 - 2014-01-21 08:06 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-20 16:27 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files (x86)\Intel
2014-01-20 16:27 - 2013-11-14 15:17 - 00000000 ____D C:\WINDOWS\ShellNew
2014-01-20 16:27 - 2013-08-22 23:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Resources
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\IME
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Help
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Cursors
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-20 16:27 - 2013-05-22 20:40 - 00000000 ____D C:\WINDOWS\en
2014-01-20 16:27 - 2012-08-06 05:11 - 00000000 ____D C:\ProgramData\PRICache
2014-01-20 16:25 - 2014-01-20 16:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2014-01-20 16:25 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:25 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2014-01-20 16:25 - 2013-05-19 16:54 - 00000000 ___RD C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-20 16:24 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:24 - 2014-01-20 16:23 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-20 16:24 - 2013-11-08 19:06 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-01-20 16:24 - 2013-08-09 19:12 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-01-20 16:24 - 2013-07-21 22:11 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecontrol for Minecraft
2014-01-20 16:24 - 2013-07-11 18:34 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2014-01-20 16:24 - 2013-05-21 13:08 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZombieModding
2014-01-20 16:24 - 2013-05-20 14:37 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-20 16:24 - 2012-08-06 05:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2014-01-20 16:20 - 2014-01-21 08:05 - 00000000 ____D C:\Recovery
2014-01-20 16:17 - 2014-01-20 16:17 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Synaptics
2014-01-20 16:17 - 2014-01-20 16:17 - 00000000 ____D C:\Program Files\Realtek
2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 ____D C:\Program Files\Intel
2014-01-20 16:16 - 2013-04-12 16:17 - 00000000 ____D C:\AMD
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 ____D C:\Program Files\AMD
2014-01-20 16:14 - 2013-08-22 21:36 - 00000000 __RHD C:\Users\Default
2014-01-20 15:55 - 2012-07-26 16:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2014-01-18 21:40 - 2013-09-20 09:44 - 00000000 ____D C:\Program Files (x86)\UEFI WinFlash
2014-01-18 20:48 - 2014-01-18 20:48 - 00001377 _____ C:\Users\Ciaran\Desktop\Play Plants vs. Zombies.lnk
2014-01-18 20:48 - 2013-05-14 19:31 - 00000000 ____D C:\ProgramData\PopCap Games
2014-01-18 20:30 - 2014-01-18 20:30 - 00001078 _____ C:\Users\Ciaran\Desktop\Pokemon Showdown.lnk
2014-01-18 20:28 - 2013-05-31 21:18 - 00000000 ____D C:\Users\Ciaran\AppData\Local\CrashDumps
2014-01-18 20:27 - 2013-09-06 21:03 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Pokemon Showdown
2014-01-18 20:27 - 2013-09-06 21:02 - 00001871 _____ C:\Users\Ciaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
2014-01-18 20:26 - 2014-01-18 20:25 - 24156191 _____ C:\Users\Ciaran\Downloads\PokemonShowdownSetup (2).exe
2014-01-18 19:06 - 2014-01-18 18:30 - 00001642 _____ C:\Users\Ciaran\Desktop\My Mod App CSG.txt
2014-01-18 17:53 - 2014-01-18 17:53 - 00000136 _____ C:\Users\Ciaran\Desktop\Call of Duty® World at War.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00002125 _____ C:\Users\Public\Desktop\S Service.lnk
2014-01-18 17:03 - 2014-01-18 17:03 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\Samsung
2014-01-18 17:03 - 2012-09-19 18:04 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-18 17:02 - 2014-01-18 17:02 - 00002101 _____ C:\Users\Public\Desktop\Quick Starter.lnk
2014-01-18 17:02 - 2013-05-14 21:10 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Samsung
2014-01-18 17:02 - 2013-05-13 22:42 - 00000000 ____D C:\Users\Marty\AppData\Local\Samsung
2014-01-18 17:02 - 2013-05-13 20:37 - 00000000 ____D C:\ProgramData\Samsung
2014-01-18 16:53 - 2013-06-02 11:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-18 16:51 - 2014-01-18 16:48 - 00000000 ___RD C:\Users\Ciaran\Documents\Desktop stuff
2014-01-18 16:51 - 2013-08-04 18:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 16:48 - 2013-05-14 20:24 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-18 04:02 - 2013-10-07 11:23 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-18 00:44 - 2013-11-10 20:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-18 00:31 - 2014-01-18 00:31 - 00209469 _____ C:\Users\Ciaran\Downloads\Level 72 Borderlands 2 Characters (1).rar
2014-01-18 00:27 - 2014-01-18 00:27 - 01226271 _____ C:\Users\Ciaran\Downloads\saveedit_r227.zip
2014-01-17 23:33 - 2014-01-17 23:32 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\Ciaran\Downloads\GyazoSetup.exe
2014-01-07 16:01 - 2014-01-07 16:01 - 00401776 _____ (Softonic                                        ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe
2014-01-05 19:11 - 2014-01-05 19:11 - 00616312 _____ (Windows 8.1 32 Bit  64Bit  Free Download Serial Key) C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe
2014-01-05 16:47 - 2014-01-05 16:47 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (3).zip
2014-01-05 16:47 - 2014-01-05 16:46 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (2).zip
2013-12-31 14:03 - 2013-12-31 14:02 - 05662741 _____ C:\Users\Ciaran\Downloads\gta8.zip
2013-12-30 19:21 - 2013-12-30 19:21 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\openvr
2013-12-29 16:29 - 2013-12-29 16:29 - 06536236 _____ C:\Users\Ciaran\Downloads\huzuni (1).zip
2013-12-28 22:03 - 2013-12-28 22:03 - 00000000 ____D C:\ProgramData\Oracle
2013-12-28 22:00 - 2013-12-28 22:00 - 00915368 _____ (Oracle Corporation) C:\Users\Ciaran\Downloads\chromeinstall-7u45.exe
2013-12-28 21:21 - 2013-12-28 21:21 - 00817443 _____ C:\Users\Ciaran\Downloads\PokeGen_full.zip
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-20 16:14
 
==================== End Of Log ============================
Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by Marty at 2014-01-27 18:23:30
Running from C:\Users\Marty\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Action Replay DSi Code Manager (Version:  - )
Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6 - Adobe Systems Incorporated)
AllSharePlayLink (x32 Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
Bandicam (x32 Version: 1.9.1.419 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version:  - Bandisoft.com)
Bruteforce Save Data (x32 Version:  - )
Call of Duty® - World at War (x32 Version: 1.0 - Activision) Hidden
Call of Duty® - World at War (x32 Version: 1.7 - Activision)
Call of Duty® - World at War 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty® - World at War 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty® - World at War 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.3 Patch (x32 Version: 1.3 - Activision) Hidden
Call of Duty® - World at War 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty® - World at War 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty® - World at War 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty® - World at War 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty® - World at War 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.09 - Piriform)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (x32 Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Fraps (remove only) (x32 Version:  - )
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Help Desk (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HxD Hex Editor version 1.7.7.0 (x32 Version: 1.7.7.0 - Maël Hörz)
Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)
Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy ds3 driver version 0.6.0003 (Version: 0.5.0001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nexus Mod Manager (Version: 0.41.0 - Black Tree Gaming)
Notepad++ (x32 Version: 6.3.3 - Notepad++ Team)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies (x32 Version:  - PopCap Games)
Pokemon Showdown (x32 Version:  - "Pokemon Showdown")
PunkBuster Services (x32 Version: 0.986 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.216 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Quick Starter (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (x32 Version: 6.0.10.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (x32 Version: 1.0 - Samsung Electronics CO., LTD.)
Settings (x32 Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Support Center (Version: 2.1.1201 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.) Hidden
SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (Version: 16.2.14.2 - Synaptics Incorporated)
Team Fortress 2 (x32 Version:  - Valve)
Terraria (x32 Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
User Guide (x32 Version: 1.4.00 - Samsung Electronics CO., LTD.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 3 (64-bit) (Version: 5.00.3 - win.rar GmbH)
 
==================== Restore Points  =========================
 
20-01-2014 09:00:47 Removed Classic Shell
21-01-2014 13:27:11 Installed HiJackThis
22-01-2014 16:09:39 Removed HiJackThis
22-01-2014 17:00:42 Malwarebytes Anti-Rootkit Restore Point
24-01-2014 12:08:03 Removed Java 7 Update 45
26-01-2014 02:52:02 zoek.exe restore point
 
==================== Hosts content: ==========================
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1B46BD5A-A4B9-4C9E-899F-289BA5CE1038} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2120A345-D593-428A-9D78-C9A26E4988B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {24CE1821-0573-4EE3-B903-EDCC74AC19D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E7EE2EA-6604-4BEC-9E30-6FDFCC7FBF56} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36941691-BBAA-4CEE-BEAE-F0A5994D0002} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {47EBAA43-2536-4687-A67A-8053BB580F77} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {827FCF4A-C119-456E-9182-62372E4C8F68} - \Dealply No Task File
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AF3A8233-12BC-4429-B413-741C3F038576} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB65104C-8929-4044-BF08-10234AE5AF6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)
Task: {E5036AA2-FB62-4DC6-8514-CB0F2B5449E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F34A0204-AD3F-45BD-ADDC-98841810CE08} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {F34F94D8-750D-48E4-9F91-C82A38504CCA} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {F96F0E9B-CA33-4FEA-9CDE-133FBB1F5074} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-26] (AVAST Software)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-06-18 23:24 - 2012-06-18 23:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-12-21 00:02 - 2013-12-21 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-01-27 12:20 - 2014-01-27 03:21 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012601\algo.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-05-14 20:10 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-14 20:10 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-05-14 20:10 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-05-14 20:10 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-05-14 20:10 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-12-14 14:11 - 2013-12-14 14:11 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-18 18:42 - 2014-01-11 18:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-18 18:42 - 2014-01-11 18:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-18 18:42 - 2014-01-11 18:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-18 18:42 - 2014-01-11 18:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-18 18:42 - 2014-01-11 18:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Ciaran\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45113418.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45113418.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The requested service has already been started.
 
More help is available by typing NET HELPMSG 2182.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 8083.57 MB
Available physical RAM: 6270.17 MB
Total Pagefile: 16275.57 MB
Available Pagefile: 14428.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.24 GB) (Free:156.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 91FD340F)
 
Partition: GPT Partition Type
==================== End Of Log ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

There are several entries related to MB still showing in the registry, can only assume the clean up tool did not work correctly hence the error 183 alert....

 

Uninstall Spybot S&D, reboot the system.

 

Next,

 

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwarebytes.org/mbam-clean.exe

 

Run that tool, make sure to re-boot when complete.

 

Next,

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

See if Malwarebytes will now install, if not post any generated errors

 

Kevin

Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted
New log file, not sure if of any relevance but there is an apostrophe after Malwarebytes on the MBAM entries, is that supposed to be there?

 

SystemLook 30.07.11 by jpshortstuff

Log created at 21:37 on 27/01/2014 by Marty

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "malwarebytes"

[HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit]

[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]

@="C:\Program Files (x86)\Malwarebytes' Anti-Malware"

[HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit]

[HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware]

 

-= EOF =-

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit][-HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}][-HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit][-HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware]:FilesC:\Program Files (x86)\Malwarebytes' Anti-Malware:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Run the Malwarebytes clean up tool, re-boot and try another install....

 

Kevin..


 

Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

Got it!  The user permissions on all the anti malware programs had been removed by the malware.  Taking ownership and enabling the folder to use inherited permissions allowed the program to install.

 

MBAM installed and now running

 

here's the log from OTM:

 

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Malwarebytes Anti-Rootkit\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Rootkit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\ not found.
Registry key HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes Anti-Rootkit\ not found.
Registry key HKEY_USERS\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Malwarebytes' Anti-Malware\ not found.
========== FILES ==========
File/Folder C:\Program Files (x86)\Malwarebytes' Anti-Malware not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Ciaran
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2987671 bytes
->Java cache emptied: 8196 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 41177088 bytes
->Flash cache emptied: 5 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Marty
->Temp folder emptied: 5142567 bytes
->Temporary Internet Files folder emptied: 4314994 bytes
->Java cache emptied: 8196 bytes
->Google Chrome cache emptied: 40328730 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316193 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 20521840 bytes
 
Total Files Cleaned = 109.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01282014_091522
 
Files moved on Reboot...
C:\Users\Marty\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites
YtramC

YtramC

Posted
  • Author
Posted

MBAM installed and run perfectly, produced the following log, I selected all found items to be deleted.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.28.01
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Marty :: SAMSUNGI5 [administrator]
 
28/01/2014 10:33:37 AM
mbam-log-2014-01-28 (10-33-37).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 646216
Time elapsed: 1 hour(s), 16 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Users\Ciaran\Documents\Desktop stuff\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\Ciaran\Documents\Desktop stuff\Minecraft Force OP (1).exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Ciaran\Downloads\GTA 5 Online How to Host a Modded Lobby AFTER PATCH.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
C:\Users\Ciaran\Downloads\SFInstaller_SFFZ_filezilla_8979715_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Ciaran\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Ciaran\Downloads\SoftonicDownloader_for_grand-theft-auto-san-andreas.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Windows.old\$Recycle.Bin\S-1-5-21-1229153242-3201741155-1693493588-1005\$R3F6VO2.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
 
(end)
 
 
----------------
It seems that the malware had changed all the anti malware security permissions in the C:\programdata\ folders.  Taking ownership and enabling inheritance of permissions resolved the issue for me.
 
Thanks for the help, I don't think I would have been able to get this far without your advice and assistance
 
Is there anything else that I need to check or any advice on programs to use to prevent a similar attack?
 
cheers
 
Marty
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the reply/update,

 

Before we clean up and remove tools etc We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish



When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found


If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish



close program

copy and paste the report in next reply

 

Thank you,

 

Kevin
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.