Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop running slow,Am I infected!!


  • This topic is locked This topic is locked
28 replies to this topic

#1 Hookie

Hookie

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 26 February 2015 - 03:45 PM

Hi Guys,

 

For the past week my system has almost slowed to a crawl, I didn't change or install anything but it takes ages for programs to load and Browsers to open.

I ran Malware bites and it found a lot of things, they were all quarantined but when I rebooted nothing has changed, laptop still slow.

I decided to run sfc /scannow from a command prompt, also chddsk to see if any files or disks were corrupted but the scans found nothing.

 

The next thing I did was reinstall the windows files from a recovery position but that also has proved negative.

 

I would be really obliged if someone could look into this matter.

 

Thank you.

 

System Specs..

 

Windows 7 Home Premium 64-bit SP1

 

 

Intel Pentium P6200 @ 2.13GHz 38 °C
Arrandale 32nm Technolog

2.00GB Single-Channel DDR3 @ 532MHz

298GB Western Digital WDC WD3200BPVT-35ZEST0 (SATA)

 


"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


BC AdBot (Login to Remove)

 


#2 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 28 February 2015 - 11:19 AM

Hi Guys,

 

For the past week my system has almost slowed to a crawl, I didn't change or install anything but it takes ages for programs to load and Browsers to open.

I ran Malware bites and it found a lot of things, they were all quarantined but when I rebooted nothing has changed, laptop still slow.

I decided to run sfc /scannow from a command prompt, also chddsk to see if any files or disks were corrupted but the scans found nothing.

 

The next thing I did was reinstall the windows files from a recovery position but that also has proved negative.

 

I would be really obliged if someone could look into this matter.

 

Thank you.

 

System Specs..

 

Windows 7 Home Premium 64-bit SP1

 

 

Intel Pentium P6200 @ 2.13GHz 38 °C
 Arrandale 32nm Technolog

2.00GB Single-Channel DDR3 @ 532MHz

298GB Western Digital WDC WD3200BPVT-35ZEST0 (SATA)

 

 

 

Here are the "FRST" logs.... 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Ciara (administrator) on CIARA-PC on 28-02-2015 15:07:53
Running from C:\Users\Ciara\Desktop
Loaded Profiles: Ciara (Available profiles: Ciara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics CO., LTD.) C:\Program Files\SAMSUNG\S Agent\CommonAgent.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4019999692-2262056385-1140761108-1000] =>
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> DefaultScope {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019999692-2262056385-1140761108-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ciara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\Extensions\abs@avira.com [2015-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-24]
FF Extension: No Name - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\extensions\{68f658bd-ad72-25fd-b383-44131ef25b4d} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Word CaptureX Extension) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
StartMenuInternet: Google Chrome.R342IS2NKL72OO6VWPECVX5MK4 - C:\Users\Ciara\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 SBIOSIO; \??\C:\Users\Ciara\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 15:07 - 2015-02-28 15:09 - 00018442 _____ () C:\Users\Ciara\Desktop\FRST.txt
2015-02-28 15:07 - 2015-02-28 15:07 - 00000000 ____D () C:\FRST
2015-02-28 00:09 - 2015-02-28 15:05 - 00000964 _____ () C:\windows\setupact.log
2015-02-28 00:09 - 2015-02-28 00:09 - 00000000 _____ () C:\windows\setuperr.log
2015-02-27 12:02 - 2015-02-27 12:03 - 00001184 _____ () C:\windows\IE11_main.log
2015-02-27 00:49 - 2011-07-28 01:25 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2015-02-27 00:49 - 2011-07-27 10:08 - 00174640 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-02-27 00:49 - 2011-07-27 10:08 - 00007440 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-02-27 00:49 - 2010-11-21 03:24 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-02-27 00:49 - 2010-11-21 03:23 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-27 00:49 - 2009-06-10 20:45 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2015-02-26 19:31 - 2015-02-26 19:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-26 19:19 - 2015-02-26 19:19 - 02087936 _____ (Farbar) C:\Users\Ciara\Desktop\FRST64.exe
2015-02-26 19:17 - 2015-02-26 19:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ciara\Desktop\HijackThis.exe
2015-02-26 19:15 - 2015-02-26 19:15 - 00602112 _____ (OldTimer Tools) C:\Users\Ciara\Desktop\OTL.exe
2015-02-26 19:12 - 2015-02-26 19:12 - 00000000 _____ () C:\Users\Ciara\Desktop\ComboFix.exe
2015-02-26 16:06 - 2015-02-26 16:14 - 00000435 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-02-26 15:55 - 2015-02-26 15:56 - 00000000 ____D () C:\Users\Ciara\Documents\Youcam
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Roaming\CyberLink
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Cyberlink
2015-02-26 15:54 - 2015-02-26 15:54 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-26 14:38 - 2015-02-26 14:38 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Samsung
2015-02-26 14:26 - 2015-02-26 14:26 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-02-26 14:25 - 2015-02-26 14:25 - 00001906 _____ () C:\Users\Public\Desktop\SW Update.lnk
2015-02-26 12:54 - 2015-02-26 12:54 - 00231760 _____ () C:\Users\Ciara\Downloads\CrucialUKScan.exe
2015-02-26 01:47 - 2015-02-26 01:47 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 01:47 - 2015-02-26 01:47 - 00000000 ____D () C:\Program Files\Speccy
2015-02-25 21:07 - 2015-01-08 23:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:07 - 2015-01-08 23:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 17:45 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-24 16:49 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-02-24 16:49 - 2014-05-08 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-24 16:49 - 2012-02-11 06:36 - 00559104 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2015-02-24 16:49 - 2012-02-11 06:36 - 00067072 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2015-02-24 16:48 - 2014-09-05 02:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-24 16:48 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-02-23 21:31 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-23 21:31 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-23 21:31 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-23 21:31 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-23 21:31 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-23 21:31 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-23 21:31 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-23 21:31 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-23 21:26 - 2015-02-23 21:26 - 00762252 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-23 21:08 - 2015-02-23 21:08 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_NuidFltr_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-02-23 21:06 - 2015-02-23 21:06 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-02-23 21:02 - 2015-02-23 21:02 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-02-23 21:01 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-23 21:01 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-23 21:01 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-02-23 21:01 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-23 21:01 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-02-23 20:57 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-02-23 20:57 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-02-23 20:57 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-02-23 20:57 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2015-02-23 20:55 - 2012-07-26 03:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2015-02-23 20:55 - 2012-07-26 02:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2015-02-23 20:55 - 2012-07-26 02:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2015-02-23 20:55 - 2012-06-02 14:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-02-23 20:37 - 2014-06-27 02:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-02-23 20:37 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-02-23 20:35 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 20:35 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 20:35 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-02-23 20:35 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2015-02-23 20:35 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-23 20:35 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-02-23 20:35 - 2012-01-04 10:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2015-02-23 20:35 - 2012-01-04 08:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-02-23 20:34 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-02-23 20:34 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2012-12-07 13:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2015-02-23 20:34 - 2012-12-07 13:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2015-02-23 20:34 - 2012-12-07 12:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2015-02-23 20:34 - 2012-12-07 12:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2015-02-23 20:34 - 2012-12-07 11:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2015-02-23 20:32 - 2012-10-03 17:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 17:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2015-02-23 20:32 - 2012-10-03 17:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2015-02-23 20:32 - 2012-10-03 16:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-02-23 20:31 - 2014-12-12 05:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 20:31 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 20:31 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 20:31 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 20:28 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-02-23 20:28 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2015-02-23 20:28 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2015-02-23 20:27 - 2014-06-25 02:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-02-23 20:27 - 2014-06-25 01:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-08-21 21:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2015-02-23 20:27 - 2011-05-04 05:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 05:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2015-02-23 20:27 - 2011-05-04 04:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 04:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2015-02-23 20:26 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-02-23 20:26 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-02-23 20:26 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2015-02-23 20:26 - 2013-05-10 05:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2015-02-23 20:26 - 2013-05-10 03:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2015-02-23 20:26 - 2012-07-06 20:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2015-02-23 20:24 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-08-01 11:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-02-23 20:24 - 2014-08-01 11:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-02-23 20:24 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2015-02-23 20:24 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-02-23 20:24 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-23 20:23 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-23 20:23 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-02-23 20:23 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-02-23 20:23 - 2011-06-16 05:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
2015-02-23 20:22 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-02-23 20:22 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-02-23 20:22 - 2014-09-25 02:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-02-23 20:22 - 2014-09-25 01:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-02-23 20:22 - 2014-06-24 03:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-02-23 20:22 - 2014-06-24 02:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-02-23 20:22 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-02-23 20:22 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2015-02-23 20:22 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2015-02-23 20:22 - 2013-03-19 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2015-02-23 20:22 - 2013-01-24 06:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-02-23 20:22 - 2012-08-22 18:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-02-23 20:22 - 2012-07-04 20:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2015-02-23 20:22 - 2011-12-30 06:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
2015-02-23 20:22 - 2011-12-30 05:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
2015-02-23 20:22 - 2011-06-16 04:33 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\xmllite.dll
2015-02-23 20:21 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-02-23 19:58 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2015-02-23 18:02 - 2015-02-23 18:02 - 00001133 _____ () C:\Users\Ciara\Desktop\Auslogics DiskDefrag.lnk
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-23 14:45 - 2015-02-28 14:32 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 14:45 - 2015-02-23 14:45 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 14:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-23 14:30 - 2015-02-23 14:30 - 00000000 ____D () C:\Users\Ciara\AppData\Local\WinZip
2015-02-23 14:26 - 2015-02-23 14:26 - 00002211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-23 14:25 - 2015-02-23 14:32 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-23 14:25 - 2015-02-23 14:26 - 00000000 ____D () C:\Program Files\WinZip
2015-02-23 14:25 - 2015-02-23 14:25 - 00000000 ____D () C:\Users\Ciara\Documents\Add-in Express
2015-02-23 14:18 - 2015-02-23 14:18 - 00000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2015-02-23 14:10 - 2015-02-23 14:10 - 00000000 ____D () C:\windows\pss
2015-02-23 14:03 - 2015-02-24 17:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 14:03 - 2015-02-23 14:03 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 14:03 - 2015-02-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 14:02 - 2015-02-24 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 17:02 - 2015-02-16 17:02 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Mindspark_Interactive_Net
2015-02-16 15:36 - 2015-02-16 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 22:40 - 2015-02-12 22:40 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-12 22:40 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 19:21 - 2015-01-23 04:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 19:21 - 2015-01-23 03:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:27 - 2015-01-14 05:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:27 - 2015-01-14 05:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:27 - 2015-01-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:27 - 2015-01-12 02:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 02:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:27 - 2015-01-12 02:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:27 - 2015-01-12 02:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 02:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:27 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:27 - 2015-01-12 02:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:27 - 2015-01-12 02:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 02:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:27 - 2015-01-12 02:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 01:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:27 - 2015-01-12 01:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:27 - 2015-01-12 01:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:27 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 01:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:27 - 2015-01-12 01:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 01:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:27 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:27 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:27 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:27 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:26 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:26 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:26 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:26 - 2015-01-12 02:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:26 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:24 - 2015-01-13 03:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:23 - 2015-01-15 08:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:23 - 2015-01-15 08:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:23 - 2015-01-15 08:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:23 - 2015-01-15 08:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:23 - 2015-01-15 08:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:23 - 2015-01-15 08:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:23 - 2015-01-15 08:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:23 - 2015-01-15 08:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:23 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:23 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:23 - 2015-01-15 07:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:23 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:23 - 2015-01-15 04:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:22 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:22 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:21 - 2015-01-14 06:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 06:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:21 - 2015-01-14 06:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:21 - 2015-01-14 06:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 05:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:19 - 2015-01-09 02:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 15:05 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-28 15:04 - 2011-07-28 01:32 - 01896379 _____ () C:\windows\WindowsUpdate.log
2015-02-28 14:36 - 2014-06-01 21:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 13:44 - 2009-07-14 05:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-28 13:24 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 13:24 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 11:45 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\com
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\oobe
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\com
2015-02-26 17:14 - 2009-07-14 04:45 - 00447432 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-26 16:20 - 2011-07-27 09:42 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-26 16:11 - 2014-09-26 15:04 - 00000000 ____D () C:\Program Files\Boots F2CD
2015-02-26 16:08 - 2011-07-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-02-26 16:07 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-26 16:04 - 2011-07-27 09:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-02-26 15:58 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-02-26 15:58 - 2014-04-03 13:02 - 00000000 ____D () C:\Program Files (x86)\epson
2015-02-26 15:58 - 2014-04-03 12:57 - 00000000 ____D () C:\ProgramData\Epson
2015-02-26 15:56 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-26 14:48 - 2011-07-27 10:13 - 00001816 _____ () C:\windows\HotFixList.ini
2015-02-26 14:26 - 2011-07-27 09:59 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-26 14:25 - 2011-07-27 09:51 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-02-26 12:39 - 2014-11-05 19:31 - 00000000 ___RD () C:\Users\Ciara\iCloudDrive
2015-02-26 02:36 - 2014-06-01 21:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-26 02:25 - 2014-02-24 18:08 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Adobe
2015-02-26 02:23 - 2014-06-01 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-26 02:23 - 2014-06-01 21:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-25 22:58 - 2011-07-27 10:05 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-25 18:59 - 2014-03-28 16:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 17:06 - 2014-02-24 20:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-24 16:52 - 2014-03-28 17:25 - 00000000 ____D () C:\Users\Ciara\AppData\Local\CrashDumps
2015-02-24 16:18 - 2014-02-24 18:22 - 00117328 _____ () C:\Users\Ciara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 16:18 - 2009-07-14 05:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-02-24 15:56 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-23 18:11 - 2014-02-24 20:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\ProgramData\Avira
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-23 15:17 - 2011-07-27 10:48 - 00000000 ____D () C:\windows\ru
2015-02-23 14:17 - 2014-02-24 18:06 - 00000000 ____D () C:\Users\Ciara\AppData\Local\VirtualStore
2015-02-23 14:06 - 2011-02-11 19:57 - 00000000 ____D () C:\windows\Panther
2015-02-16 17:12 - 2014-03-28 17:17 - 00000000 ___RD () C:\Users\Ciara\OneDrive
2015-02-12 22:38 - 2014-04-18 15:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 19:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 17:52 - 2014-04-22 17:15 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 17:44 - 2014-04-22 17:14 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-23 14:18 - 2015-02-23 14:18 - 0000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2014-04-04 13:52 - 2014-04-04 13:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-27 09:49 - 2011-07-27 09:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-27 09:43 - 2011-07-27 09:43 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-27 09:47 - 2011-07-27 09:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-27 09:43 - 2011-07-27 09:46 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-27 09:47 - 2011-07-27 09:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-22 21:39

==================== End Of Log ============================

Attached Files


Edited by Orange Blossom, 28 February 2015 - 12:26 PM.
Merged topics. ~ OB

"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 03 March 2015 - 03:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568411 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 04 March 2015 - 05:34 PM

Hi Guys,

 

For the past week my system has almost slowed to a crawl, I didn't change or install anything but it takes ages for programs to load and Browsers to open.

I ran Malware bites and it found a lot of things, they were all quarantined but when I rebooted nothing has changed, laptop still slow.

I decided to run sfc /scannow from a command prompt, also chddsk to see if any files or disks were corrupted but the scans found nothing.

 

The next thing I did was reinstall the windows files from a recovery position but that also has proved negative.

 

I would be really obliged if someone could look into this matter, Sorry if I've made any mistakes in posting this guys, old age has crept in.

 

Could you delete those other 2 posts......

 

Thank you.

 

System Specs..

 

Windows 7 Home Premium 64-bit SP1

 

 

Intel Pentium P6200 @ 2.13GHz 38 °C
 Arrandale 32nm Technolog

2.00GB Single-Channel DDR3 @ 532MHz

298GB Western Digital WDC WD3200BPVT-35ZEST0 (SATA)

 

 

Here are the new "FRST" Logs.....

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015
Ran by Ciara (administrator) on CIARA-PC on 04-03-2015 17:57:41
Running from C:\Users\Ciara\Desktop
Loaded Profiles: Ciara (Available profiles: Ciara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics CO., LTD.) C:\Program Files\SAMSUNG\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4019999692-2262056385-1140761108-1000] =>
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> DefaultScope {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019999692-2262056385-1140761108-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ciara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\Extensions\abs@avira.com [2015-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-02-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-24]
FF Extension: No Name - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\extensions\{68f658bd-ad72-25fd-b383-44131ef25b4d} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Word CaptureX Extension) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
StartMenuInternet: Google Chrome.R342IS2NKL72OO6VWPECVX5MK4 - C:\Users\Ciara\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 SBIOSIO; \??\C:\Users\Ciara\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 17:57 - 2015-03-04 18:06 - 00019976 _____ () C:\Users\Ciara\Desktop\FRST.txt
2015-03-04 17:57 - 2015-03-04 17:57 - 00000000 ____D () C:\Users\Ciara\Desktop\FRST-OlderVersion
2015-02-28 15:07 - 2015-03-04 18:00 - 00000000 ____D () C:\FRST
2015-02-28 00:09 - 2015-03-04 17:30 - 00001020 _____ () C:\windows\setupact.log
2015-02-28 00:09 - 2015-02-28 00:09 - 00000000 _____ () C:\windows\setuperr.log
2015-02-27 12:02 - 2015-02-27 12:03 - 00001184 _____ () C:\windows\IE11_main.log
2015-02-27 00:49 - 2011-07-28 01:25 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2015-02-27 00:49 - 2011-07-27 10:08 - 00174640 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-02-27 00:49 - 2011-07-27 10:08 - 00007440 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-02-27 00:49 - 2010-11-21 03:24 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-02-27 00:49 - 2010-11-21 03:23 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-27 00:49 - 2009-06-10 20:45 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2015-02-26 19:31 - 2015-02-26 19:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-26 19:19 - 2015-03-04 17:57 - 02093056 _____ (Farbar) C:\Users\Ciara\Desktop\FRST64.exe
2015-02-26 19:17 - 2015-02-26 19:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ciara\Desktop\HijackThis.exe
2015-02-26 19:15 - 2015-02-26 19:15 - 00602112 _____ (OldTimer Tools) C:\Users\Ciara\Desktop\OTL.exe
2015-02-26 19:12 - 2015-02-26 19:12 - 00000000 _____ () C:\Users\Ciara\Desktop\ComboFix.exe
2015-02-26 16:06 - 2015-02-26 16:14 - 00000435 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-02-26 15:55 - 2015-02-26 15:56 - 00000000 ____D () C:\Users\Ciara\Documents\Youcam
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Roaming\CyberLink
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Cyberlink
2015-02-26 15:54 - 2015-02-26 15:54 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-26 14:38 - 2015-02-26 14:38 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Samsung
2015-02-26 14:26 - 2015-02-26 14:26 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-02-26 14:25 - 2015-02-26 14:25 - 00001906 _____ () C:\Users\Public\Desktop\SW Update.lnk
2015-02-26 12:54 - 2015-02-26 12:54 - 00231760 _____ () C:\Users\Ciara\Downloads\CrucialUKScan.exe
2015-02-26 01:47 - 2015-02-26 01:47 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 01:47 - 2015-02-26 01:47 - 00000000 ____D () C:\Program Files\Speccy
2015-02-25 21:07 - 2015-01-08 23:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:07 - 2015-01-08 23:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 17:45 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-24 16:49 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-02-24 16:49 - 2014-05-08 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-24 16:49 - 2012-02-11 06:36 - 00559104 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2015-02-24 16:49 - 2012-02-11 06:36 - 00067072 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2015-02-24 16:48 - 2014-09-05 02:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-24 16:48 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-02-23 21:31 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-23 21:31 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-23 21:31 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-23 21:31 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-23 21:31 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-23 21:31 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-23 21:31 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-23 21:31 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-23 21:26 - 2015-02-23 21:26 - 00762252 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-23 21:08 - 2015-02-23 21:08 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_NuidFltr_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-02-23 21:06 - 2015-02-23 21:06 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-02-23 21:02 - 2015-02-23 21:02 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-02-23 21:01 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-23 21:01 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-23 21:01 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-02-23 21:01 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-23 21:01 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-02-23 20:57 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-02-23 20:57 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-02-23 20:57 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-02-23 20:57 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2015-02-23 20:55 - 2012-07-26 03:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2015-02-23 20:55 - 2012-07-26 02:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2015-02-23 20:55 - 2012-07-26 02:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2015-02-23 20:55 - 2012-06-02 14:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-02-23 20:37 - 2014-06-27 02:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-02-23 20:37 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-02-23 20:35 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 20:35 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 20:35 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-02-23 20:35 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2015-02-23 20:35 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-23 20:35 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-02-23 20:35 - 2012-01-04 10:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2015-02-23 20:35 - 2012-01-04 08:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-02-23 20:34 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-02-23 20:34 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2012-12-07 13:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2015-02-23 20:34 - 2012-12-07 13:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2015-02-23 20:34 - 2012-12-07 12:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2015-02-23 20:34 - 2012-12-07 12:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2015-02-23 20:34 - 2012-12-07 11:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2015-02-23 20:32 - 2012-10-03 17:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 17:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2015-02-23 20:32 - 2012-10-03 17:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2015-02-23 20:32 - 2012-10-03 16:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-02-23 20:31 - 2014-12-12 05:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 20:31 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 20:31 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 20:31 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 20:28 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-02-23 20:28 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2015-02-23 20:28 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2015-02-23 20:27 - 2014-06-25 02:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-02-23 20:27 - 2014-06-25 01:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-08-21 21:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2015-02-23 20:27 - 2011-05-04 05:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 05:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2015-02-23 20:27 - 2011-05-04 04:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 04:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2015-02-23 20:26 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-02-23 20:26 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-02-23 20:26 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2015-02-23 20:26 - 2013-05-10 05:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2015-02-23 20:26 - 2013-05-10 03:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2015-02-23 20:26 - 2012-07-06 20:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2015-02-23 20:24 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-08-01 11:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-02-23 20:24 - 2014-08-01 11:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-02-23 20:24 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2015-02-23 20:24 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-02-23 20:24 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-23 20:23 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-23 20:23 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-02-23 20:23 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-02-23 20:23 - 2011-06-16 05:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
2015-02-23 20:22 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-02-23 20:22 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-02-23 20:22 - 2014-09-25 02:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-02-23 20:22 - 2014-09-25 01:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-02-23 20:22 - 2014-06-24 03:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-02-23 20:22 - 2014-06-24 02:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-02-23 20:22 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-02-23 20:22 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2015-02-23 20:22 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2015-02-23 20:22 - 2013-03-19 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2015-02-23 20:22 - 2013-01-24 06:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-02-23 20:22 - 2012-08-22 18:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-02-23 20:22 - 2012-07-04 20:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2015-02-23 20:22 - 2011-12-30 06:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
2015-02-23 20:22 - 2011-12-30 05:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
2015-02-23 20:22 - 2011-06-16 04:33 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\xmllite.dll
2015-02-23 20:21 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-02-23 19:58 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2015-02-23 18:02 - 2015-02-23 18:02 - 00001133 _____ () C:\Users\Ciara\Desktop\Auslogics DiskDefrag.lnk
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-23 14:45 - 2015-02-28 15:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 14:45 - 2015-02-23 14:45 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 14:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-23 14:30 - 2015-02-23 14:30 - 00000000 ____D () C:\Users\Ciara\AppData\Local\WinZip
2015-02-23 14:26 - 2015-02-23 14:26 - 00002211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-23 14:25 - 2015-02-23 14:32 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-23 14:25 - 2015-02-23 14:26 - 00000000 ____D () C:\Program Files\WinZip
2015-02-23 14:25 - 2015-02-23 14:25 - 00000000 ____D () C:\Users\Ciara\Documents\Add-in Express
2015-02-23 14:18 - 2015-02-23 14:18 - 00000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2015-02-23 14:10 - 2015-02-23 14:10 - 00000000 ____D () C:\windows\pss
2015-02-23 14:03 - 2015-02-24 17:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 14:03 - 2015-02-23 14:03 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 14:03 - 2015-02-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 14:02 - 2015-02-24 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 17:02 - 2015-02-16 17:02 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Mindspark_Interactive_Net
2015-02-16 15:36 - 2015-02-16 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 22:40 - 2015-02-12 22:40 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-12 22:40 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 19:21 - 2015-01-23 04:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 19:21 - 2015-01-23 03:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:27 - 2015-01-14 05:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:27 - 2015-01-14 05:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:27 - 2015-01-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:27 - 2015-01-12 02:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 02:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:27 - 2015-01-12 02:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:27 - 2015-01-12 02:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 02:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:27 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:27 - 2015-01-12 02:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:27 - 2015-01-12 02:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 02:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:27 - 2015-01-12 02:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 01:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:27 - 2015-01-12 01:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:27 - 2015-01-12 01:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:27 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 01:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:27 - 2015-01-12 01:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 01:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:27 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:27 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:27 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:27 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:26 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:26 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:26 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:26 - 2015-01-12 02:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:26 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:24 - 2015-01-13 03:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:23 - 2015-01-15 08:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:23 - 2015-01-15 08:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:23 - 2015-01-15 08:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:23 - 2015-01-15 08:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:23 - 2015-01-15 08:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:23 - 2015-01-15 08:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:23 - 2015-01-15 08:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:23 - 2015-01-15 08:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:23 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:23 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:23 - 2015-01-15 07:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:23 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:23 - 2015-01-15 04:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:22 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:22 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:21 - 2015-01-14 06:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 06:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:21 - 2015-01-14 06:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:21 - 2015-01-14 06:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 05:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:19 - 2015-01-09 02:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 18:04 - 2011-07-28 01:32 - 01932819 _____ () C:\windows\WindowsUpdate.log
2015-03-04 17:42 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:42 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:36 - 2014-06-01 21:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 17:35 - 2009-07-14 05:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-04 17:31 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-27 11:45 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\com
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\oobe
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\com
2015-02-26 17:14 - 2009-07-14 04:45 - 00447432 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-26 16:20 - 2011-07-27 09:42 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-26 16:11 - 2014-09-26 15:04 - 00000000 ____D () C:\Program Files\Boots F2CD
2015-02-26 16:08 - 2011-07-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-02-26 16:07 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-26 16:04 - 2011-07-27 09:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-02-26 15:58 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-02-26 15:58 - 2014-04-03 13:02 - 00000000 ____D () C:\Program Files (x86)\epson
2015-02-26 15:58 - 2014-04-03 12:57 - 00000000 ____D () C:\ProgramData\Epson
2015-02-26 15:56 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-26 14:48 - 2011-07-27 10:13 - 00001816 _____ () C:\windows\HotFixList.ini
2015-02-26 14:26 - 2011-07-27 09:59 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-26 14:25 - 2011-07-27 09:51 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-02-26 12:39 - 2014-11-05 19:31 - 00000000 ___RD () C:\Users\Ciara\iCloudDrive
2015-02-26 02:36 - 2014-06-01 21:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-26 02:25 - 2014-02-24 18:08 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Adobe
2015-02-26 02:23 - 2014-06-01 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-26 02:23 - 2014-06-01 21:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-25 22:58 - 2011-07-27 10:05 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-25 18:59 - 2014-03-28 16:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 17:06 - 2014-02-24 20:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-24 16:52 - 2014-03-28 17:25 - 00000000 ____D () C:\Users\Ciara\AppData\Local\CrashDumps
2015-02-24 16:18 - 2014-02-24 18:22 - 00117328 _____ () C:\Users\Ciara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 16:18 - 2009-07-14 05:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-02-24 15:56 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-23 18:11 - 2014-02-24 20:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\ProgramData\Avira
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-23 15:17 - 2011-07-27 10:48 - 00000000 ____D () C:\windows\ru
2015-02-23 14:17 - 2014-02-24 18:06 - 00000000 ____D () C:\Users\Ciara\AppData\Local\VirtualStore
2015-02-23 14:06 - 2011-02-11 19:57 - 00000000 ____D () C:\windows\Panther
2015-02-16 17:12 - 2014-03-28 17:17 - 00000000 ___RD () C:\Users\Ciara\OneDrive
2015-02-12 22:38 - 2014-04-18 15:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 19:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 17:52 - 2014-04-22 17:15 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 17:44 - 2014-04-22 17:14 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-23 14:18 - 2015-02-23 14:18 - 0000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2014-04-04 13:52 - 2014-04-04 13:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-27 09:49 - 2011-07-27 09:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-27 09:43 - 2011-07-27 09:43 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-27 09:47 - 2011-07-27 09:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-27 09:43 - 2011-07-27 09:46 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-27 09:47 - 2011-07-27 09:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-22 21:39

==================== End Of Log ============================

 

Attached File  Addition.txt   32.56KB   3 downloads


Edited by Hookie, 04 March 2015 - 05:50 PM.

"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:28 PM

Posted 05 March 2015 - 10:14 AM

Hello Hookie and welcome to BleepingComputer!       :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.        :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Do you use these programs?

  • McAfee Site Advisor
  • Avira Browser Safety
  • Bing Bar
  • MSN toolbar

 

I've submitted my next steps to my instructor, please wait a bit.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 05 March 2015 - 11:48 AM

Hi Sirawit, thank you for your reply,

 

McAfee Site Advisor is installed and running in IE Explore.

Avira Browser Safety as far as I know, is not. Avira Anti Virus was installed but I uninstalled it through, Add Remove in control panel.

Bing Bar is not available as with MSN Toolbar.

 

Hope this helps,

 

Thank you.


"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:28 PM

Posted 06 March 2015 - 01:04 PM

We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

  • Bing Bar
  • McAfee SiteAdvisor

Additional instructions can be found here if needed.

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 06 March 2015 - 03:45 PM

Hi, have uninstalled McAfee Site Adviser,no Bing Bar in Add and Remove.

 

Here is the log from AdwClean..I see nothing there I need to keep. 

 

 

 

# AdwCleaner v4.111 - Logfile created 06/03/2015 at 20:25:03
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ciara - CIARA-PC
# Running from : C:\Users\Ciara\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Ciara\AppData\Local\Mindspark_Interactive_Net

***** [ Scheduled tasks ] *****

Task Found : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\PerformerSoft
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v

[vzobqwqq.default] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");
[vzobqwqq.default] - Line Found : user_pref("browser.search.selectedEngine", "Web Search");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.BackPageActive", true);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.Visibility", true);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageCapacity", 3);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageCounter", 0);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageDay", 24);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageLastEvent", "1393093664297");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageMinInterval", 15);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.barcodeid", "126967");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.countryiso", "gb");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.downloadprovider", "airinstallerch");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[]\"}");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.fromautoupdate", "false");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.installationid", "68f658bd-ad72-25fd-b383-44131ef25b4d");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.installdate", "24/02/2014");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1393266463");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1393266500563");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.publisher", "airinstaller");

-\\ Google Chrome v

[C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************

AdwCleaner[R0].txt - [3679 bytes] - [06/03/2015 20:25:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3738 bytes] ##########


"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:28 PM

Posted 07 March 2015 - 05:18 AM

Hi Hookie.

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

After the fix was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 07 March 2015 - 09:17 AM

Hi Sirawit,

 

Here are those logs you requested,

 

 

 

# AdwCleaner v4.111 - Logfile created 07/03/2015 at 13:52:28
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ciara - CIARA-PC
# Running from : C:\Users\Ciara\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Ciara\AppData\Local\Mindspark_Interactive_Net

***** [ Scheduled tasks ] *****

Task Found : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\PerformerSoft
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v

[vzobqwqq.default] - Line Found : user_pref("browser.search.defaultenginename", "Web Search");
[vzobqwqq.default] - Line Found : user_pref("browser.search.selectedEngine", "Web Search");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.BackPageActive", true);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.Visibility", true);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageCapacity", 3);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageCounter", 0);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageDay", 24);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageLastEvent", "1393093664297");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.backPageMinInterval", 15);
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.barcodeid", "126967");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.countryiso", "gb");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.downloadprovider", "airinstallerch");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[]\"}");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.fromautoupdate", "false");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.installationid", "68f658bd-ad72-25fd-b383-44131ef25b4d");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.installdate", "24/02/2014");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1393266463");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1393266500563");
[vzobqwqq.default] - Line Found : user_pref("extensions.helperbar.publisher", "airinstaller");

-\\ Google Chrome v

[C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
*************************

AdwCleaner[R0].txt - [3829 bytes] - [06/03/2015 20:25:03]
AdwCleaner[R1].txt - [3738 bytes] - [07/03/2015 13:52:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3797 bytes] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Ciara (administrator) on CIARA-PC on 07-03-2015 14:04:42
Running from C:\Users\Ciara\Desktop
Loaded Profiles: Ciara (Available profiles: Ciara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Samsung Electronics CO., LTD.) C:\Program Files\SAMSUNG\S Agent\CommonAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> DefaultScope {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default
FF NewTab: about:blank
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019999692-2262056385-1140761108-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ciara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\Extensions\abs@avira.com [2015-01-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-24]
FF Extension: No Name - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\extensions\{68f658bd-ad72-25fd-b383-44131ef25b4d} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Word CaptureX Extension) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
StartMenuInternet: Google Chrome.R342IS2NKL72OO6VWPECVX5MK4 - C:\Users\Ciara\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 SBIOSIO; \??\C:\Users\Ciara\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 20:24 - 2015-03-07 13:54 - 00000000 ____D () C:\AdwCleaner
2015-03-06 20:06 - 2015-03-06 20:06 - 02126848 _____ () C:\Users\Ciara\Desktop\AdwCleaner.exe
2015-03-04 18:09 - 2015-03-04 18:12 - 00033342 _____ () C:\Users\Ciara\Desktop\Addition.txt
2015-03-04 17:57 - 2015-03-07 14:04 - 00017341 _____ () C:\Users\Ciara\Desktop\FRST.txt
2015-03-04 17:57 - 2015-03-07 14:04 - 00000000 ____D () C:\Users\Ciara\Desktop\FRST-OlderVersion
2015-02-28 15:07 - 2015-03-07 14:04 - 00000000 ____D () C:\FRST
2015-02-28 00:09 - 2015-03-07 13:56 - 00001356 _____ () C:\windows\setupact.log
2015-02-28 00:09 - 2015-02-28 00:09 - 00000000 _____ () C:\windows\setuperr.log
2015-02-27 12:02 - 2015-02-27 12:03 - 00001184 _____ () C:\windows\IE11_main.log
2015-02-27 00:49 - 2011-07-28 01:25 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2015-02-27 00:49 - 2011-07-27 10:08 - 00174640 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-02-27 00:49 - 2011-07-27 10:08 - 00007440 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-02-27 00:49 - 2010-11-21 03:24 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-02-27 00:49 - 2010-11-21 03:23 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-27 00:49 - 2009-06-10 20:45 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2015-02-26 19:31 - 2015-02-26 19:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-26 19:19 - 2015-03-07 14:04 - 02092544 _____ (Farbar) C:\Users\Ciara\Desktop\FRST64.exe
2015-02-26 19:17 - 2015-02-26 19:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ciara\Desktop\HijackThis.exe
2015-02-26 19:15 - 2015-02-26 19:15 - 00602112 _____ (OldTimer Tools) C:\Users\Ciara\Desktop\OTL.exe
2015-02-26 19:12 - 2015-02-26 19:12 - 00000000 _____ () C:\Users\Ciara\Desktop\ComboFix.exe
2015-02-26 16:06 - 2015-02-26 16:14 - 00000435 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-02-26 15:55 - 2015-02-26 15:56 - 00000000 ____D () C:\Users\Ciara\Documents\Youcam
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Roaming\CyberLink
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Cyberlink
2015-02-26 15:54 - 2015-02-26 15:54 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-26 14:38 - 2015-02-26 14:38 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Samsung
2015-02-26 14:26 - 2015-02-26 14:26 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-02-26 14:25 - 2015-02-26 14:25 - 00001906 _____ () C:\Users\Public\Desktop\SW Update.lnk
2015-02-26 12:54 - 2015-02-26 12:54 - 00231760 _____ () C:\Users\Ciara\Downloads\CrucialUKScan.exe
2015-02-26 01:47 - 2015-02-26 01:47 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 01:47 - 2015-02-26 01:47 - 00000000 ____D () C:\Program Files\Speccy
2015-02-25 21:07 - 2015-01-08 23:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:07 - 2015-01-08 23:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 17:45 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-24 16:49 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-02-24 16:49 - 2014-05-08 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-24 16:49 - 2012-02-11 06:36 - 00559104 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2015-02-24 16:49 - 2012-02-11 06:36 - 00067072 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2015-02-24 16:48 - 2014-09-05 02:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-24 16:48 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-02-23 21:31 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-23 21:31 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-23 21:31 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-23 21:31 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-23 21:31 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-23 21:31 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-23 21:31 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-23 21:31 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-23 21:26 - 2015-02-23 21:26 - 00762252 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-23 21:08 - 2015-02-23 21:08 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_NuidFltr_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-02-23 21:06 - 2015-02-23 21:06 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-02-23 21:02 - 2015-02-23 21:02 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-02-23 21:01 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-23 21:01 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-23 21:01 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-02-23 21:01 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-23 21:01 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-02-23 20:57 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-02-23 20:57 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-02-23 20:57 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-02-23 20:57 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2015-02-23 20:55 - 2012-07-26 03:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2015-02-23 20:55 - 2012-07-26 02:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2015-02-23 20:55 - 2012-07-26 02:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2015-02-23 20:55 - 2012-06-02 14:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-02-23 20:37 - 2014-06-27 02:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-02-23 20:37 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-02-23 20:35 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 20:35 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 20:35 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-02-23 20:35 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2015-02-23 20:35 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-23 20:35 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-02-23 20:35 - 2012-01-04 10:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2015-02-23 20:35 - 2012-01-04 08:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-02-23 20:34 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-02-23 20:34 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2012-12-07 13:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2015-02-23 20:34 - 2012-12-07 13:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2015-02-23 20:34 - 2012-12-07 12:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2015-02-23 20:34 - 2012-12-07 12:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2015-02-23 20:34 - 2012-12-07 11:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2015-02-23 20:32 - 2012-10-03 17:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 17:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2015-02-23 20:32 - 2012-10-03 17:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2015-02-23 20:32 - 2012-10-03 16:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-02-23 20:31 - 2014-12-12 05:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 20:31 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 20:31 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 20:31 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 20:28 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-02-23 20:28 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2015-02-23 20:28 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2015-02-23 20:27 - 2014-06-25 02:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-02-23 20:27 - 2014-06-25 01:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-08-21 21:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2015-02-23 20:27 - 2011-05-04 05:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 05:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2015-02-23 20:27 - 2011-05-04 04:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 04:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2015-02-23 20:26 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-02-23 20:26 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-02-23 20:26 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2015-02-23 20:26 - 2013-05-10 05:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2015-02-23 20:26 - 2013-05-10 03:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2015-02-23 20:26 - 2012-07-06 20:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2015-02-23 20:24 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-08-01 11:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-02-23 20:24 - 2014-08-01 11:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-02-23 20:24 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2015-02-23 20:24 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-02-23 20:24 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-23 20:23 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-23 20:23 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-02-23 20:23 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-02-23 20:23 - 2011-06-16 05:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
2015-02-23 20:22 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-02-23 20:22 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-02-23 20:22 - 2014-09-25 02:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-02-23 20:22 - 2014-09-25 01:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-02-23 20:22 - 2014-06-24 03:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-02-23 20:22 - 2014-06-24 02:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-02-23 20:22 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-02-23 20:22 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2015-02-23 20:22 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2015-02-23 20:22 - 2013-03-19 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2015-02-23 20:22 - 2013-01-24 06:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-02-23 20:22 - 2012-08-22 18:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-02-23 20:22 - 2012-07-04 20:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2015-02-23 20:22 - 2011-12-30 06:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
2015-02-23 20:22 - 2011-12-30 05:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
2015-02-23 20:22 - 2011-06-16 04:33 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\xmllite.dll
2015-02-23 20:21 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-02-23 19:58 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2015-02-23 18:02 - 2015-02-23 18:02 - 00001133 _____ () C:\Users\Ciara\Desktop\Auslogics DiskDefrag.lnk
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-23 14:45 - 2015-03-05 16:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 14:45 - 2015-02-23 14:45 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 14:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-23 14:30 - 2015-02-23 14:30 - 00000000 ____D () C:\Users\Ciara\AppData\Local\WinZip
2015-02-23 14:26 - 2015-02-23 14:26 - 00002211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-23 14:25 - 2015-02-23 14:32 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-23 14:25 - 2015-02-23 14:26 - 00000000 ____D () C:\Program Files\WinZip
2015-02-23 14:25 - 2015-02-23 14:25 - 00000000 ____D () C:\Users\Ciara\Documents\Add-in Express
2015-02-23 14:18 - 2015-02-23 14:18 - 00000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2015-02-23 14:10 - 2015-02-23 14:10 - 00000000 ____D () C:\windows\pss
2015-02-23 14:03 - 2015-02-24 17:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 14:03 - 2015-02-23 14:03 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 14:03 - 2015-02-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 14:02 - 2015-02-24 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 15:36 - 2015-02-16 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 22:40 - 2015-02-12 22:40 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-12 22:40 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 19:21 - 2015-01-23 04:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 19:21 - 2015-01-23 03:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:27 - 2015-01-14 05:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:27 - 2015-01-14 05:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:27 - 2015-01-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:27 - 2015-01-12 02:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 02:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:27 - 2015-01-12 02:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:27 - 2015-01-12 02:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 02:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:27 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:27 - 2015-01-12 02:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:27 - 2015-01-12 02:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 02:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:27 - 2015-01-12 02:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 01:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:27 - 2015-01-12 01:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:27 - 2015-01-12 01:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:27 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 01:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:27 - 2015-01-12 01:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 01:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:27 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:27 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:27 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:27 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:26 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:26 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:26 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:26 - 2015-01-12 02:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:26 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:24 - 2015-01-13 03:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:23 - 2015-01-15 08:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:23 - 2015-01-15 08:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:23 - 2015-01-15 08:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:23 - 2015-01-15 08:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:23 - 2015-01-15 08:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:23 - 2015-01-15 08:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:23 - 2015-01-15 08:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:23 - 2015-01-15 08:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:23 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:23 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:23 - 2015-01-15 07:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:23 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:23 - 2015-01-15 04:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:22 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:22 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:21 - 2015-01-14 06:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 06:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:21 - 2015-01-14 06:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:21 - 2015-01-14 06:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 05:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:19 - 2015-01-09 02:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 14:05 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 14:05 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 14:01 - 2009-07-14 05:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-07 13:56 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-07 13:55 - 2011-07-28 01:32 - 02016256 _____ () C:\windows\WindowsUpdate.log
2015-03-07 13:36 - 2014-06-01 21:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 20:21 - 2014-02-24 20:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-06 20:21 - 2014-02-24 20:32 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-06 20:11 - 2014-02-24 20:53 - 00000000 ____D () C:\Program Files\McAfee
2015-02-27 11:45 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\com
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\oobe
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\com
2015-02-26 17:14 - 2009-07-14 04:45 - 00447432 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-26 16:20 - 2011-07-27 09:42 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-26 16:11 - 2014-09-26 15:04 - 00000000 ____D () C:\Program Files\Boots F2CD
2015-02-26 16:08 - 2011-07-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-02-26 16:07 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-26 16:04 - 2011-07-27 09:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-02-26 15:58 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-02-26 15:58 - 2014-04-03 13:02 - 00000000 ____D () C:\Program Files (x86)\epson
2015-02-26 15:58 - 2014-04-03 12:57 - 00000000 ____D () C:\ProgramData\Epson
2015-02-26 15:56 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-26 14:48 - 2011-07-27 10:13 - 00001816 _____ () C:\windows\HotFixList.ini
2015-02-26 14:26 - 2011-07-27 09:59 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-26 14:25 - 2011-07-27 09:51 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-02-26 12:39 - 2014-11-05 19:31 - 00000000 ___RD () C:\Users\Ciara\iCloudDrive
2015-02-26 02:36 - 2014-06-01 21:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-26 02:25 - 2014-02-24 18:08 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Adobe
2015-02-26 02:23 - 2014-06-01 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-26 02:23 - 2014-06-01 21:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-25 22:58 - 2011-07-27 10:05 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-25 18:59 - 2014-03-28 16:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 16:52 - 2014-03-28 17:25 - 00000000 ____D () C:\Users\Ciara\AppData\Local\CrashDumps
2015-02-24 16:18 - 2014-02-24 18:22 - 00117328 _____ () C:\Users\Ciara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 16:18 - 2009-07-14 05:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-02-24 15:56 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-24 03:17 - 2010-11-21 03:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-23 18:11 - 2014-02-24 20:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\ProgramData\Avira
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-23 15:17 - 2011-07-27 10:48 - 00000000 ____D () C:\windows\ru
2015-02-23 14:17 - 2014-02-24 18:06 - 00000000 ____D () C:\Users\Ciara\AppData\Local\VirtualStore
2015-02-23 14:06 - 2011-02-11 19:57 - 00000000 ____D () C:\windows\Panther
2015-02-16 17:12 - 2014-03-28 17:17 - 00000000 ___RD () C:\Users\Ciara\OneDrive
2015-02-12 22:38 - 2014-04-18 15:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 19:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 17:52 - 2014-04-22 17:15 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 17:44 - 2014-04-22 17:14 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-23 14:18 - 2015-02-23 14:18 - 0000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2014-04-04 13:52 - 2014-04-04 13:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-27 09:49 - 2011-07-27 09:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-27 09:43 - 2011-07-27 09:43 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-27 09:47 - 2011-07-27 09:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-27 09:43 - 2011-07-27 09:46 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-27 09:47 - 2011-07-27 09:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Ciara\AppData\Local\Temp\Quarantine.exe
C:\Users\Ciara\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-22 21:39

==================== End Of Log ============================


"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:28 PM

Posted 07 March 2015 - 10:13 AM

Did you pressed the Clean button in Adwcleaner yet? If not please follow my last instructions again.

 

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 07 March 2015 - 10:16 AM

Sorry,posted the wrong log,

 

 

 

# AdwCleaner v4.111 - Logfile created 07/03/2015 at 13:54:44
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ciara - CIARA-PC
# Running from : C:\Users\Ciara\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Ciara\AppData\Local\Mindspark_Interactive_Net

***** [ Scheduled tasks ] *****

Task Deleted : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v

[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.BackPageActive", true);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", true);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageDay", 24);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1393093664297");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.barcodeid", "126967");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "gb");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "airinstallerch");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[]\"}");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "68f658bd-ad72-25fd-b383-44131ef25b4d");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "24/02/2014");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1393266463");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1393266500563");
[vzobqwqq.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "airinstaller");

-\\ Google Chrome v

[C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3829 bytes] - [06/03/2015 20:25:03]
AdwCleaner[R1].txt - [3888 bytes] - [07/03/2015 13:52:28]
AdwCleaner[S0].txt - [4065 bytes] - [07/03/2015 13:54:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4124  bytes] ##########


"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:28 PM

Posted 07 March 2015 - 12:32 PM

Hi Hookie.

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 Hookie

Hookie
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belfast, N.Ireland
  • Local time:09:28 AM

Posted 07 March 2015 - 01:39 PM

Hi Sirawit,

Here are the logs.....

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Ciara at 2015-03-07 18:18:49 Run:1
Running from C:\Users\Ciara\Desktop
Loaded Profiles: Ciara (Available profiles: Ciara)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Policies\Explorer: [NoControlPanel] 0
FF Extension: No Name - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\extensions\{68f658bd-ad72-25fd-b383-44131ef25b4d} [Not Found]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\extensions\{68f658bd-ad72-25fd-b383-44131ef25b4d} not found.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
EmptyTemp: => Removed 3.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 18:19:10 ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Ciara (administrator) on CIARA-PC on 07-03-2015 18:25:14
Running from C:\Users\Ciara\Desktop
Loaded Profiles: Ciara (Available profiles: Ciara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\SAMSUNG\S Agent\CommonAgent.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
HKU\S-1-5-21-4019999692-2262056385-1140761108-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> DefaultScope {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4019999692-2262056385-1140761108-1000 -> {497D9C14-003A-4D56-BF6D-7E5DC469FA2E} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141024&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default
FF NewTab: about:blank
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019999692-2262056385-1140761108-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ciara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\Extensions\abs@avira.com [2015-01-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-02-24]
FF Extension: No Name - C:\Users\Ciara\AppData\Roaming\Mozilla\Firefox\Profiles\vzobqwqq.default\extensions\{68f658bd-ad72-25fd-b383-44131ef25b4d} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Word CaptureX Extension) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Ciara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
StartMenuInternet: Google Chrome.R342IS2NKL72OO6VWPECVX5MK4 - C:\Users\Ciara\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 SBIOSIO; \??\C:\Users\Ciara\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 18:20 - 2015-03-07 18:20 - 00001118 _____ () C:\windows\PFRO.log
2015-03-06 20:24 - 2015-03-07 13:54 - 00000000 ____D () C:\AdwCleaner
2015-03-06 20:06 - 2015-03-06 20:06 - 02126848 _____ () C:\Users\Ciara\Desktop\AdwCleaner.exe
2015-03-04 18:09 - 2015-03-04 18:12 - 00033342 _____ () C:\Users\Ciara\Desktop\Addition.txt
2015-03-04 17:57 - 2015-03-07 18:25 - 00017120 _____ () C:\Users\Ciara\Desktop\FRST.txt
2015-03-04 17:57 - 2015-03-07 18:18 - 00000000 ____D () C:\Users\Ciara\Desktop\FRST-OlderVersion
2015-02-28 15:07 - 2015-03-07 18:25 - 00000000 ____D () C:\FRST
2015-02-28 00:09 - 2015-03-07 18:20 - 00002320 _____ () C:\windows\setupact.log
2015-02-28 00:09 - 2015-02-28 00:09 - 00000000 _____ () C:\windows\setuperr.log
2015-02-27 12:02 - 2015-02-27 12:03 - 00001184 _____ () C:\windows\IE11_main.log
2015-02-27 00:49 - 2011-07-28 01:25 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2015-02-27 00:49 - 2011-07-28 01:25 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2015-02-27 00:49 - 2011-07-27 10:08 - 00174640 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-02-27 00:49 - 2011-07-27 10:08 - 00007440 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-02-27 00:49 - 2010-11-21 03:24 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-02-27 00:49 - 2010-11-21 03:23 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-27 00:49 - 2009-06-10 20:45 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2015-02-26 19:31 - 2015-02-26 19:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-26 19:19 - 2015-03-07 18:18 - 02094592 _____ (Farbar) C:\Users\Ciara\Desktop\FRST64.exe
2015-02-26 19:17 - 2015-02-26 19:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ciara\Desktop\HijackThis.exe
2015-02-26 19:15 - 2015-02-26 19:15 - 00602112 _____ (OldTimer Tools) C:\Users\Ciara\Desktop\OTL.exe
2015-02-26 19:12 - 2015-02-26 19:12 - 00000000 _____ () C:\Users\Ciara\Desktop\ComboFix.exe
2015-02-26 16:06 - 2015-02-26 16:14 - 00000435 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-02-26 15:55 - 2015-02-26 15:56 - 00000000 ____D () C:\Users\Ciara\Documents\Youcam
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Roaming\CyberLink
2015-02-26 15:55 - 2015-02-26 15:55 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Cyberlink
2015-02-26 15:54 - 2015-02-26 15:54 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-26 14:38 - 2015-02-26 14:38 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Samsung
2015-02-26 14:26 - 2015-02-26 14:26 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-02-26 14:25 - 2015-02-26 14:25 - 00001906 _____ () C:\Users\Public\Desktop\SW Update.lnk
2015-02-26 12:54 - 2015-02-26 12:54 - 00231760 _____ () C:\Users\Ciara\Downloads\CrucialUKScan.exe
2015-02-26 01:47 - 2015-02-26 01:47 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-02-26 01:47 - 2015-02-26 01:47 - 00000000 ____D () C:\Program Files\Speccy
2015-02-25 21:07 - 2015-01-08 23:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:07 - 2015-01-08 23:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 17:45 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-24 16:49 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-02-24 16:49 - 2014-05-08 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-24 16:49 - 2012-02-11 06:36 - 00559104 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2015-02-24 16:49 - 2012-02-11 06:36 - 00067072 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2015-02-24 16:48 - 2014-09-05 02:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-24 16:48 - 2014-09-05 01:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-02-23 21:35 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-02-23 21:35 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-02-23 21:31 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-23 21:31 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-23 21:31 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-23 21:31 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-23 21:31 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-23 21:31 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-23 21:31 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-23 21:31 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-23 21:31 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-23 21:31 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-23 21:31 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-23 21:26 - 2015-02-23 21:26 - 00762252 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-23 21:08 - 2015-02-23 21:08 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_NuidFltr_01011.Wdf
2015-02-23 21:07 - 2015-02-23 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-02-23 21:06 - 2015-02-23 21:06 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-02-23 21:02 - 2015-02-23 21:02 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-02-23 21:01 - 2012-08-23 14:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-23 21:01 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-23 21:01 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-02-23 21:01 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-23 21:01 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-02-23 20:57 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-02-23 20:57 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-02-23 20:57 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-02-23 20:57 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-02-23 20:57 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-02-23 20:57 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-02-23 20:57 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2015-02-23 20:55 - 2012-07-26 03:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2015-02-23 20:55 - 2012-07-26 03:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2015-02-23 20:55 - 2012-07-26 02:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2015-02-23 20:55 - 2012-07-26 02:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2015-02-23 20:55 - 2012-06-02 14:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-02-23 20:37 - 2014-06-27 02:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-02-23 20:37 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-02-23 20:35 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 20:35 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 20:35 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-02-23 20:35 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2015-02-23 20:35 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2015-02-23 20:35 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-02-23 20:35 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-02-23 20:35 - 2012-01-04 10:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2015-02-23 20:35 - 2012-01-04 08:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-02-23 20:34 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2015-02-23 20:34 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2015-02-23 20:34 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-02-23 20:34 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2015-02-23 20:34 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-23 20:34 - 2012-12-07 13:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2015-02-23 20:34 - 2012-12-07 13:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2015-02-23 20:34 - 2012-12-07 12:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2015-02-23 20:34 - 2012-12-07 12:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2015-02-23 20:34 - 2012-12-07 11:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2015-02-23 20:34 - 2012-12-07 11:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2015-02-23 20:34 - 2012-12-07 10:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2015-02-23 20:32 - 2012-10-03 17:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 17:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2015-02-23 20:32 - 2012-10-03 17:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2015-02-23 20:32 - 2012-10-03 16:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2015-02-23 20:32 - 2012-10-03 16:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-02-23 20:31 - 2014-12-12 05:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 20:31 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 20:31 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 20:31 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 20:31 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 20:28 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-02-23 20:28 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2015-02-23 20:28 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2015-02-23 20:28 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2015-02-23 20:27 - 2014-06-25 02:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-02-23 20:27 - 2014-06-25 01:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 18:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2015-02-23 20:27 - 2012-10-09 17:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2015-02-23 20:27 - 2012-08-21 21:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2015-02-23 20:27 - 2011-05-04 05:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 05:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 05:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 05:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2015-02-23 20:27 - 2011-05-04 04:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2015-02-23 20:27 - 2011-05-04 04:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2015-02-23 20:27 - 2011-05-04 04:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-02-23 20:27 - 2011-05-04 04:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2015-02-23 20:26 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-02-23 20:26 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-02-23 20:26 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-02-23 20:26 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2015-02-23 20:26 - 2013-05-10 05:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2015-02-23 20:26 - 2013-05-10 03:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2015-02-23 20:26 - 2012-07-06 20:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-02-23 20:25 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-02-23 20:25 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2015-02-23 20:24 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-02-23 20:24 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-02-23 20:24 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-02-23 20:24 - 2014-08-01 11:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-02-23 20:24 - 2014-08-01 11:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-02-23 20:24 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2015-02-23 20:24 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-02-23 20:24 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-02-23 20:24 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-23 20:23 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-23 20:23 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-23 20:23 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-02-23 20:23 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-02-23 20:23 - 2011-06-16 05:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
2015-02-23 20:22 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-02-23 20:22 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-02-23 20:22 - 2014-09-25 02:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-02-23 20:22 - 2014-09-25 01:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-02-23 20:22 - 2014-06-24 03:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-02-23 20:22 - 2014-06-24 02:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-02-23 20:22 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-02-23 20:22 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2015-02-23 20:22 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2015-02-23 20:22 - 2013-03-19 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2015-02-23 20:22 - 2013-01-24 06:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-02-23 20:22 - 2012-08-22 18:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-02-23 20:22 - 2012-07-04 20:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2015-02-23 20:22 - 2011-12-30 06:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
2015-02-23 20:22 - 2011-12-30 05:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
2015-02-23 20:22 - 2011-06-16 04:33 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\xmllite.dll
2015-02-23 20:21 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-02-23 19:58 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2015-02-23 18:02 - 2015-02-23 18:02 - 00001133 _____ () C:\Users\Ciara\Desktop\Auslogics DiskDefrag.lnk
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-23 18:02 - 2015-02-23 18:02 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-23 14:45 - 2015-03-07 18:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 14:45 - 2015-02-23 14:45 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 14:45 - 2015-02-23 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 14:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-23 14:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-23 14:30 - 2015-02-23 14:30 - 00000000 ____D () C:\Users\Ciara\AppData\Local\WinZip
2015-02-23 14:26 - 2015-02-23 14:26 - 00002211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-23 14:26 - 2015-02-23 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-23 14:25 - 2015-02-23 14:32 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-23 14:25 - 2015-02-23 14:26 - 00000000 ____D () C:\Program Files\WinZip
2015-02-23 14:25 - 2015-02-23 14:25 - 00000000 ____D () C:\Users\Ciara\Documents\Add-in Express
2015-02-23 14:18 - 2015-02-23 14:18 - 00000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2015-02-23 14:10 - 2015-02-23 14:10 - 00000000 ____D () C:\windows\pss
2015-02-23 14:03 - 2015-02-24 17:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 14:03 - 2015-02-23 14:03 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 14:03 - 2015-02-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 14:02 - 2015-02-24 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-16 15:36 - 2015-02-16 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-16 15:34 - 2015-02-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 22:40 - 2015-02-12 22:40 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-12 22:40 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 22:38 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 22:38 - 2015-02-12 22:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 19:21 - 2015-01-23 04:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 19:21 - 2015-01-23 03:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 19:21 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:27 - 2015-01-14 05:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:27 - 2015-01-14 05:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:27 - 2015-01-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:27 - 2015-01-12 02:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 02:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:27 - 2015-01-12 02:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:27 - 2015-01-12 02:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 02:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:27 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:27 - 2015-01-12 02:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:27 - 2015-01-12 02:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:27 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 02:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:27 - 2015-01-12 02:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:27 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:27 - 2015-01-12 02:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:27 - 2015-01-12 02:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:27 - 2015-01-12 01:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:27 - 2015-01-12 01:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:27 - 2015-01-12 01:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:27 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:27 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:27 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:27 - 2015-01-12 01:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:27 - 2015-01-12 01:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:27 - 2015-01-12 01:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:27 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:27 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:27 - 2015-01-12 01:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:27 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:27 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:27 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:27 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:27 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:26 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:26 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:26 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:26 - 2015-01-12 02:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:26 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:24 - 2015-01-13 03:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:24 - 2015-01-10 06:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:23 - 2015-01-15 08:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:23 - 2015-01-15 08:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:23 - 2015-01-15 08:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:23 - 2015-01-15 08:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:23 - 2015-01-15 08:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:23 - 2015-01-15 08:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:23 - 2015-01-15 08:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:23 - 2015-01-15 08:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:23 - 2015-01-15 08:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:23 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:23 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:23 - 2015-01-15 07:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:23 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:23 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:23 - 2015-01-15 04:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:22 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:22 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:21 - 2015-01-14 06:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 06:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:21 - 2015-01-14 06:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:21 - 2015-01-14 06:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:21 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:21 - 2015-01-14 05:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:19 - 2015-01-09 02:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 18:20 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-07 18:19 - 2011-07-28 01:32 - 02036717 _____ () C:\windows\WindowsUpdate.log
2015-03-07 18:18 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 18:18 - 2009-07-14 04:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 18:17 - 2009-07-14 05:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-07 15:36 - 2014-06-01 21:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 20:21 - 2014-02-24 20:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-06 20:21 - 2014-02-24 20:32 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-06 20:11 - 2014-02-24 20:53 - 00000000 ____D () C:\Program Files\McAfee
2015-02-27 11:45 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\com
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\oobe
2015-02-27 00:51 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\com
2015-02-26 17:14 - 2009-07-14 04:45 - 00447432 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-26 16:20 - 2011-07-27 09:42 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-26 16:11 - 2014-09-26 15:04 - 00000000 ____D () C:\Program Files\Boots F2CD
2015-02-26 16:08 - 2011-07-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-02-26 16:07 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-26 16:04 - 2011-07-27 09:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-02-26 16:01 - 2014-04-03 13:03 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-02-26 15:58 - 2014-04-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-02-26 15:58 - 2014-04-03 13:02 - 00000000 ____D () C:\Program Files (x86)\epson
2015-02-26 15:58 - 2014-04-03 12:57 - 00000000 ____D () C:\ProgramData\Epson
2015-02-26 15:56 - 2011-07-27 09:42 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-26 14:48 - 2011-07-27 10:13 - 00001816 _____ () C:\windows\HotFixList.ini
2015-02-26 14:26 - 2011-07-27 09:59 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-26 14:25 - 2011-07-27 09:51 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-02-26 12:39 - 2014-11-05 19:31 - 00000000 ___RD () C:\Users\Ciara\iCloudDrive
2015-02-26 02:36 - 2014-06-01 21:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-26 02:25 - 2014-02-24 18:08 - 00000000 ____D () C:\Users\Ciara\AppData\Local\Adobe
2015-02-26 02:23 - 2014-06-01 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-26 02:23 - 2014-06-01 21:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-25 22:58 - 2011-07-27 10:05 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-25 18:59 - 2014-03-28 16:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 16:52 - 2014-03-28 17:25 - 00000000 ____D () C:\Users\Ciara\AppData\Local\CrashDumps
2015-02-24 16:18 - 2014-02-24 18:22 - 00117328 _____ () C:\Users\Ciara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 16:18 - 2009-07-14 05:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-02-24 15:56 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-24 03:17 - 2010-11-21 03:27 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\Dism
2015-02-23 21:48 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-23 18:11 - 2014-02-24 20:33 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\ProgramData\Avira
2015-02-23 15:30 - 2015-01-18 21:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-23 15:17 - 2011-07-27 10:48 - 00000000 ____D () C:\windows\ru
2015-02-23 14:17 - 2014-02-24 18:06 - 00000000 ____D () C:\Users\Ciara\AppData\Local\VirtualStore
2015-02-23 14:06 - 2011-02-11 19:57 - 00000000 ____D () C:\windows\Panther
2015-02-16 17:12 - 2014-03-28 17:17 - 00000000 ___RD () C:\Users\Ciara\OneDrive
2015-02-12 22:38 - 2014-04-18 15:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 19:43 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 17:52 - 2014-04-22 17:15 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 17:44 - 2014-04-22 17:14 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-23 14:18 - 2015-02-23 14:18 - 0000017 _____ () C:\Users\Ciara\AppData\Local\resmon.resmoncfg
2014-04-04 13:52 - 2014-04-04 13:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-27 09:49 - 2011-07-27 09:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-27 09:43 - 2011-07-27 09:43 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-27 09:47 - 2011-07-27 09:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-27 09:43 - 2011-07-27 09:46 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-27 09:47 - 2011-07-27 09:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-22 21:39

==================== End Of Log ============================


"Drink is the curse of the land. It makes you fight with your neighbour. It makes you shoot at your landlord and it makes you miss him." 




5411sq6.jpg

"May the devil never know you are dead a half after you arrive in heaven".


#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:28 PM

Posted 08 March 2015 - 06:04 AM

Hi Hookie.

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

------------------

After the scan was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users