Setup Factory 8.1.1006.0 serial key or number

Hi there, I was kindly receiving help in this thread and was advised to start a new topic.
 
http://www.bleepingcomputer.com/forums/t/598124/steam-store-pop-up-ads-and-redirecting/
 
My issue's that the store page on Valve's Steam redirects to advertisements and pop-ups, and now there's also a Utrack.pw pop-up on my desktop that is always on top of everything else, like my browser right now.
 
I've ran Farbar, here's the log. I'll put Addition.txt in the following post.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by euan (administrator) on EUAN-PC (13-12-2015 15:29:38)
Running from C:\Users\euan\Downloads
Loaded Profiles: euan (Available Profiles: euan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1126527562-1434389470-3061596616-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1126527562-1434389470-3061596616-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1126527562-1434389470-3061596616-1001\...\MountPoints2: {9e9b233d-579d-11e0-a149-bcaec5df35a0} - F:\AutoRunCD.exe
HKU\S-1-5-21-1126527562-1434389470-3061596616-1001\...\MountPoints2: {a15df326-6756-11e0-82db-bcaec5df35a0} - F:\Setup.exe
HKU\S-1-5-21-1126527562-1434389470-3061596616-1001\...\MountPoints2: {fb449286-a992-11e1-96d5-bcaec5df35a0} - F:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7E1F3EA3-0209-4920-B785-4CC8096B6F93}: [DhcpNameServer] 44.0.0.253 44.0.0.3 44.0.0.4 4.2.2.1
Tcpip\..\Interfaces\{A946E94C-70A9-4EC0-AF84-56E22E561C34}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E10BF0C0-47F1-4809-B3EA-D2EE243ECFE3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1126527562-1434389470-3061596616-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1126527562-1434389470-3061596616-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation)
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\euan\AppData\Roaming\Mozilla\Firefox\Profiles\1luqk2cl.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1126527562-1434389470-3061596616-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-11-10] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-09-25] (Apple Inc.)
FF Extension: NoScript - C:\Users\euan\AppData\Roaming\Mozilla\Firefox\Profiles\1luqk2cl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-30]
FF Extension: Adblock Plus - C:\Users\euan\AppData\Roaming\Mozilla\Firefox\Profiles\1luqk2cl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-30] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-11-30] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-11-30] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1125888 2015-07-22] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580416 2015-01-20] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-24] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-24] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-11] (Electronic Arts)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-10] (Valve Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-03-28] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-29] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-05-06] (Echobit, LLC)
S3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13696 2006-10-26] (Razer (Asia-Pacific) Pte Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-03-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-24] (NVIDIA Corporation)
S3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 Razerlow; C:\Windows\SysWOW64\drivers\Razerlow.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-09-30] (Spotflux, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 15:29 - 2015-12-13 15:30 - 00018212 _____ C:\Users\euan\Downloads\FRST.txt
2015-12-13 15:29 - 2015-12-13 15:29 - 02369536 _____ (Farbar) C:\Users\euan\Downloads\FRST64.exe
2015-12-13 15:29 - 2015-12-13 15:29 - 00000000 ____D C:\FRST
2015-12-10 23:03 - 2015-12-10 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-09 11:18 - 2015-12-09 11:18 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-09 10:56 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 10:56 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 10:56 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 10:56 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 10:56 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 10:56 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 10:56 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 10:56 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 10:56 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 10:56 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 10:56 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 10:56 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 10:56 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 10:55 - 2015-11-12 21:13 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 10:55 - 2015-11-12 21:07 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 10:55 - 2015-11-12 21:06 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 10:55 - 2015-11-12 21:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 10:55 - 2015-11-12 20:39 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 10:55 - 2015-11-12 20:37 - 12389376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 10:55 - 2015-11-12 20:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 10:55 - 2015-11-12 20:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 10:55 - 2015-11-12 20:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 10:55 - 2015-11-12 20:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 10:55 - 2015-11-12 20:31 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 10:55 - 2015-11-12 20:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 10:55 - 2015-11-12 20:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 10:55 - 2015-11-12 20:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 10:55 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 10:55 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 10:55 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 10:55 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 10:55 - 2015-11-10 18:55 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 10:55 - 2015-11-10 18:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 10:55 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 10:55 - 2015-11-10 18:38 - 01081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 10:55 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 10:55 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 10:55 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 10:55 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 10:55 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 10:55 - 2015-10-08 23:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 10:55 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 10:55 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 10:55 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 10:55 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 10:55 - 2015-10-08 23:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 10:55 - 2015-10-08 23:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 10:55 - 2015-10-08 23:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-09 10:55 - 2015-10-08 19:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 10:55 - 2015-10-08 18:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 10:54 - 2015-11-12 21:16 - 17892864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 10:54 - 2015-11-12 21:09 - 10937856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 10:54 - 2015-11-12 21:08 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 10:54 - 2015-11-12 21:08 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 10:54 - 2015-11-12 21:07 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 10:54 - 2015-11-12 21:06 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 10:54 - 2015-11-12 21:06 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 10:54 - 2015-11-12 21:06 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-09 10:54 - 2015-11-12 21:06 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 10:54 - 2015-11-12 21:06 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-09 10:54 - 2015-11-12 21:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-09 10:54 - 2015-11-12 21:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-09 10:54 - 2015-11-12 20:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 10:54 - 2015-11-12 20:34 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 10:54 - 2015-11-12 20:34 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 10:54 - 2015-11-12 20:32 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 10:54 - 2015-11-12 20:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 10:54 - 2015-11-12 20:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 10:54 - 2015-11-12 20:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-12-09 10:54 - 2015-11-12 20:32 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 10:54 - 2015-11-12 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 10:54 - 2015-11-12 20:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-12-09 10:54 - 2015-11-12 20:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-12-09 10:54 - 2015-11-12 20:31 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-12-09 10:54 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 10:54 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 19:43 - 2015-12-07 19:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-07 19:43 - 2015-12-07 19:43 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-07 19:43 - 2015-12-07 19:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-06 11:08 - 2015-12-06 11:08 - 00000000 ____D C:\Users\euan\AppData\Roaming\AVG
2015-12-06 10:57 - 2015-12-06 10:57 - 00000930 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-06 10:57 - 2015-12-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-12-06 10:54 - 2015-12-06 11:02 - 00000000 ____D C:\ProgramData\Avg
2015-12-06 10:33 - 2015-12-06 10:57 - 00000000 ____D C:\Users\euan\AppData\Local\AvgSetupLog
2015-12-03 08:48 - 2015-12-03 08:48 - 00000282 _____ C:\Users\euan\Desktop\esetscanner2.txt
2015-12-03 00:16 - 2015-12-03 00:16 - 00000763 _____ C:\Users\euan\Desktop\JRT.txt
2015-12-02 21:07 - 2015-12-02 21:07 - 00000127 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-12-02 21:06 - 2015-12-02 21:06 - 01599336 _____ (Malwarebytes) C:\Users\euan\Desktop\JRT.exe
2015-12-02 21:06 - 2015-12-02 21:06 - 00448512 _____ (OldTimer Tools) C:\Users\euan\Desktop\TFC.exe
2015-12-02 12:37 - 2015-11-24 23:10 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-12-02 12:33 - 2015-11-24 18:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 12:26 - 2015-11-24 23:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 12:26 - 2015-11-24 23:10 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-12-02 12:26 - 2015-11-24 23:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-12-02 12:26 - 2015-11-24 23:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-12-02 12:26 - 2015-11-24 23:10 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-12-02 12:15 - 2015-12-02 12:23 - 316046904 _____ (NVIDIA Corporation) C:\Users\euan\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-12-02 11:44 - 2015-12-02 11:44 - 00000000 ____D C:\Users\euan\AppData\Local\Fallout4
2015-12-02 11:14 - 2015-12-02 11:14 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-12-02 11:11 - 2015-12-02 11:11 - 00004934 _____ C:\Users\euan\Desktop\esetscanner.txt
2015-12-02 08:16 - 2015-12-02 08:16 - 00000938 _____ C:\Users\euan\Desktop\Games - Shortcut.lnk
2015-12-02 05:06 - 2015-12-02 05:06 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-02 05:03 - 2015-12-02 05:04 - 02870984 _____ (ESET) C:\Users\euan\Desktop\esetsmartinstaller_enu.exe
2015-12-02 05:02 - 2015-12-02 05:02 - 00039714 _____ C:\Users\euan\Desktop\MTB.txt
2015-12-02 04:59 - 2015-12-02 04:59 - 00891392 _____ (Farbar) C:\Users\euan\Desktop\MiniToolBox.exe
2015-12-01 23:36 - 2015-12-01 23:07 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-12-01 23:07 - 2015-12-01 23:28 - 00000000 ____D C:\zoek_backup
2015-12-01 23:06 - 2015-12-01 23:06 - 01309184 _____ C:\Users\euan\Downloads\zoek.exe
2015-12-01 22:53 - 2015-12-01 23:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\euan\Downloads\spybot-2.4.exe
2015-12-01 17:25 - 2015-12-01 17:25 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-30 18:58 - 2015-11-30 19:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-30 18:58 - 2015-11-30 18:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-11-30 18:24 - 2015-11-30 18:24 - 00000834 _____ C:\Users\euan\.recently-used.xbel
2015-11-30 17:58 - 2015-12-01 07:40 - 00000000 ____D C:\Users\euan\Desktop\mbar
2015-11-30 17:26 - 2015-11-30 17:27 - 16563352 _____ (Malwarebytes Corp.) C:\Users\euan\Downloads\mbar-1.09.3.1001.exe
2015-11-30 16:55 - 2015-11-30 19:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-30 15:58 - 2015-08-06 18:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-30 15:58 - 2015-08-06 18:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-11-30 15:58 - 2015-08-06 17:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-11-30 15:58 - 2015-08-06 17:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-11-30 15:58 - 2015-08-05 17:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-11-30 15:57 - 2015-10-01 18:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-30 15:57 - 2015-10-01 18:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-30 15:57 - 2015-10-01 18:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-30 15:57 - 2015-10-01 18:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-30 15:57 - 2015-10-01 18:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-30 15:57 - 2015-10-01 18:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-30 15:57 - 2015-10-01 18:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-30 15:57 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-30 15:57 - 2015-10-01 17:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-30 15:57 - 2015-07-09 17:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-11-30 15:57 - 2015-07-09 17:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-11-30 15:57 - 2015-07-09 17:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-11-30 15:57 - 2015-07-09 17:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-11-30 15:55 - 2015-09-18 19:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-30 15:55 - 2015-09-18 19:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-30 15:55 - 2015-09-18 19:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-30 15:55 - 2015-09-18 19:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-30 15:55 - 2015-09-18 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-30 15:55 - 2015-09-18 19:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-30 15:55 - 2015-09-18 19:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-30 15:45 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-30 15:45 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-30 15:45 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-30 15:45 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-30 15:45 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-30 15:45 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-30 15:45 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-30 15:45 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-30 15:45 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-30 15:45 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-30 15:45 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-30 15:45 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-30 15:45 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-30 15:45 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-30 15:45 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-30 15:45 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-30 15:45 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-30 15:45 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-30 15:45 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-30 15:45 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-30 15:45 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-30 15:45 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-30 15:45 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-30 15:45 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-30 15:45 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-30 15:45 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-30 15:45 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-30 15:45 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-30 15:45 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-30 15:45 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-30 15:45 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-30 15:45 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-30 15:45 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-30 15:45 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-30 15:45 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-30 15:45 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-30 15:45 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-30 15:45 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-30 15:45 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-30 15:45 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-30 15:45 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-30 15:43 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-30 15:43 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-30 15:43 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-30 15:43 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-30 15:43 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-30 15:43 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-30 15:43 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-30 15:43 - 2015-07-23 00:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-11-30 15:43 - 2015-07-23 00:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-11-30 15:43 - 2015-07-23 00:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-11-30 15:43 - 2015-07-22 17:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-11-30 15:43 - 2015-07-22 17:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-11-30 15:43 - 2015-07-22 16:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-11-30 15:43 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-11-30 15:41 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-30 15:41 - 2015-10-01 18:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-30 15:41 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-30 15:41 - 2015-08-27 18:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-11-30 15:41 - 2015-08-27 18:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-11-30 15:41 - 2015-08-27 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-11-30 15:41 - 2015-08-27 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-11-30 15:41 - 2015-08-27 17:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-11-30 15:41 - 2015-08-27 17:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-11-30 15:41 - 2015-08-27 17:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-11-30 15:41 - 2015-08-27 17:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-11-30 15:41 - 2015-06-25 10:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-11-30 15:41 - 2015-06-25 10:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-11-30 15:41 - 2015-06-25 10:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-11-30 15:41 - 2015-06-25 09:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-11-30 15:40 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-30 15:40 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-30 15:34 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-30 15:34 - 2015-09-02 03:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-11-30 15:34 - 2015-09-02 03:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-30 15:34 - 2015-09-02 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-11-30 15:34 - 2015-09-02 03:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-11-30 15:34 - 2015-09-02 02:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-11-30 15:34 - 2015-09-02 02:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-11-30 15:34 - 2015-09-02 02:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-11-30 15:34 - 2015-09-02 02:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-11-30 15:34 - 2015-09-02 01:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-30 15:34 - 2015-09-02 01:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-11-30 14:16 - 2015-11-30 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-30 14:16 - 2015-11-30 14:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 15:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-12-13 15:18 - 2012-05-03 12:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-13 15:00 - 2015-08-12 20:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 12:24 - 2009-07-14 04:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-13 12:24 - 2009-07-14 04:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 12:17 - 2011-03-24 21:44 - 00000000 ____D C:\ProgramData\MFAData
2015-12-13 12:15 - 2011-04-12 22:51 - 00000000 ____D C:\Users\euan\AppData\Local\LogMeIn Hamachi
2015-12-13 12:14 - 2011-03-24 21:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-13 12:14 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 01:48 - 2011-06-20 11:57 - 00000000 ____D C:\Users\euan\AppData\Roaming\BitComet
2015-12-12 00:10 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-12-11 14:56 - 2011-04-28 21:54 - 00000000 ____D C:\Users\euan\AppData\Roaming\Skype
2015-12-10 23:04 - 2011-04-28 21:53 - 00000000 ____D C:\ProgramData\Skype
2015-12-10 23:03 - 2014-03-12 21:53 - 00000000 ____D C:\Users\euan\AppData\Local\Skype
2015-12-10 23:03 - 2011-12-02 14:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-10 23:03 - 2011-04-28 21:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-10 11:18 - 2009-07-14 04:45 - 00280824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 11:15 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-10 01:26 - 2012-07-04 19:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 01:23 - 2013-08-14 17:35 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 01:18 - 2011-03-25 15:04 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 17:59 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 11:18 - 2012-05-03 12:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 11:18 - 2012-05-03 12:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 11:18 - 2011-05-19 11:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 19:44 - 2015-07-15 14:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-07 19:42 - 2011-06-08 14:53 - 00000000 ____D C:\ProgramData\Adobe
2015-12-07 08:27 - 2014-10-21 10:03 - 00000000 ____D C:\ProgramData\AVG2015
2015-12-07 08:27 - 2011-03-24 21:53 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-06 11:09 - 2015-07-16 07:56 - 00000000 ____D C:\Users\euan\AppData\Local\Avg
2015-12-06 11:08 - 2011-02-26 19:09 - 00000000 ___HD C:\$AVG
2015-12-06 11:07 - 2014-03-31 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-06 11:06 - 2015-07-16 07:59 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 00:10 - 2014-11-03 23:06 - 00000000 ____D C:\Program Files (x86)\Crusader Kings II
2015-12-02 21:07 - 2012-06-15 16:58 - 00000000 ____D C:\Users\euan\AppData\Roaming\Fatshark
2015-12-02 12:36 - 2014-02-18 20:19 - 00000000 ____D C:\Users\euan\AppData\Local\NVIDIA Corporation
2015-12-02 12:34 - 2014-02-18 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 12:34 - 2011-03-24 20:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-02 11:44 - 2011-03-24 15:57 - 00000000 ____D C:\Users\euan\Documents\My Games
2015-12-02 11:14 - 2012-10-09 22:11 - 00000000 ____D C:\Users\euan\AppData\Roaming\.spotflux
2015-12-02 08:20 - 2012-09-21 18:29 - 00000000 ____D C:\Users\euan\Games
2015-12-02 08:19 - 2011-03-24 20:47 - 00000000 ____D C:\Users\euan
2015-12-02 08:16 - 2011-05-19 21:05 - 00155648 ___SH C:\Users\euan\Thumbs.db
2015-12-02 08:08 - 2011-07-05 15:44 - 00000000 ____D C:\Users\euan\TV & Movies
2015-12-01 22:49 - 2015-08-11 22:48 - 00000000 ____D C:\AdwCleaner
2015-12-01 16:06 - 2013-10-26 14:26 - 00000000 ____D C:\ProgramData\Oracle
2015-12-01 16:05 - 2013-10-26 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-01 16:05 - 2011-03-26 18:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-01 16:02 - 2015-08-27 11:48 - 00000000 ____D C:\Users\euan\.oracle_jre_usage
2015-12-01 16:01 - 2014-10-20 12:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-01 15:19 - 2011-07-15 23:33 - 00425884 _____ C:\Windows\ntbtlog.txt
2015-12-01 07:20 - 2015-08-12 20:55 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-30 19:03 - 2012-05-18 11:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-30 19:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-30 18:58 - 2014-12-10 09:51 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-30 18:58 - 2014-05-06 17:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-30 18:58 - 2009-07-14 07:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-30 18:22 - 2011-05-28 13:45 - 00000000 ____D C:\Users\euan\.gimp-2.6
2015-11-30 16:24 - 2011-04-30 15:07 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-30 16:03 - 2015-08-12 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-30 16:03 - 2015-08-12 20:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 15:00 - 2012-06-22 22:20 - 00000000 ____D C:\ProgramData\Rockstar Games
2015-11-30 15:00 - 2011-04-12 11:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-30 14:53 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-24 23:10 - 2014-11-18 10:27 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-24 23:10 - 2014-11-18 10:27 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-24 23:10 - 2014-02-18 20:17 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-24 23:10 - 2014-02-18 20:17 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-24 23:10 - 2014-02-18 20:10 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-11-24 23:10 - 2013-02-25 23:32 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 23:10 - 2013-02-25 23:32 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 23:10 - 2012-08-19 00:05 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-24 18:40 - 2011-01-07 20:50 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 18:40 - 2011-01-07 20:49 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 18:40 - 2011-01-07 20:49 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 18:40 - 2011-01-07 20:49 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 18:40 - 2011-01-07 20:49 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 18:40 - 2010-07-09 16:27 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 10:38 - 2012-08-19 00:07 - 06049858 _____ C:\Windows\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2012-11-19 23:02 - 2012-12-08 13:22 - 0581642 _____ () C:\Users\euan\AppData\Roaming\technic-launcher.jar
2012-11-19 23:02 - 2012-12-04 20:47 - 0581168 _____ () C:\Users\euan\AppData\Roaming\technic-launcher.jar.bak
2011-08-04 17:13 - 2014-04-08 13:34 - 0010752 _____ () C:\Users\euan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-20 13:23 - 2013-06-20 13:23 - 0000017 _____ () C:\Users\euan\AppData\Local\resmon.resmoncfg
2011-04-28 21:55 - 2011-04-28 21:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-02 21:07 - 2015-12-02 21:07 - 0000127 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 12:56

==================== End of FRST.txt ============================

Edited by Queen-Evie, 13 December 2015 - 02:51 PM.
moved from Am I Infected to Malware Removal Logs. FRST logs are allowed only in MRL forum.

5 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Thanks for your feedback.

Greetings Nevidljiva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

• First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
• Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
• Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
• Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
• When you post your reply, use the button instead.
• In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
• If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
• When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
• I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

If you have a wireless router please tell me the model number.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

• False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
• System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
Kaspersky Anti-Virus

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

• Press the Windows key + r on your keyboard at the same time. Type in notepad and press Enter
• Click Format and check Word Wrap
• Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)

CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [No File] S3 catchme; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\catchme.sys [X] S3 DMRedirect; \??\C:\Windows\system32\drivers\DMRedirect.sys [X] S3 eapihdrv; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\ehdrv.sys [X] S3 esgiguard; \??\D:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [X] S3 MBAMSwissArmy; no ImagePath U3 PROCEXP113; no ImagePath S3 STHDA; system32\DRIVERS\stwrt.sys [X] 2016-05-14 16:50 - 2016-05-14 16:50 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\TempOfficeC2R78F5775B-19EC-4411-8574-D8E5CA668400 2016-05-11 09:42 - 2016-05-11 09:42 - 00000000 _____ C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9} 2016-05-11 09:42 - 2016-05-11 09:42 - 0000000 _____ () C:\Users\Irina.txt"

• Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
• The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Farbar's MiniToolBox

--------------------

• Please download MiniToolBox, save it to your desktop
• Please close any Firefox browsers you may have open
• Double click the icon to launch the program
• Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

• Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
• Please copy and paste the contents in your reply

===================================================

System Summary Information

--------------------

• Press the windows key + r on your keyboard at the same time
• Type msinfo32 and press Enter
• Left click on System Summary
• Click File, Save, and name the file Summary
• Zip and attach the file to your reply

===================================================