1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Malware Problems

Discussion in 'Malware Removal Help' started by joelle, Apr 20, 2014.

  1. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    Hi, I have just joined your forum on the advice of Nev and Doug because of the problems I am having with Malware on my PC. I have read your instructions and tried to follow them as instructed. I would be grateful for your help.

    This is the Malwaresbytes result

    Malwarebytes Anti-Malware

    www.malwarebytes.org


    Scan Date: 20/04/2014

    Scan Time: 16:47:36

    Logfile:

    Administrator: Yes


    Version: 2.00.1.1004

    Malware Database: v2014.04.20.05

    Rootkit Database: v2014.03.27.01

    License: Free

    Malware Protection: Disabled

    Malicious Website Protection: Disabled

    Chameleon: Disabled


    OS: Windows 8.1

    CPU: x64

    File System: NTFS

    User: pamela


    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 251716

    Time Elapsed: 19 min, 0 sec


    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Enabled

    Shuriken: Enabled

    PUP: Warn

    PUM: Enabled


    Processes: 0

    (No malicious items detected)


    Modules: 0

    (No malicious items detected)


    Registry Keys: 0

    (No malicious items detected)


    Registry Values: 0

    (No malicious items detected)


    Registry Data: 0

    (No malicious items detected)


    Folders: 0

    (No malicious items detected)


    Files: 2

    PUP.Optional.Babylon.A, C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.babylon.com/?AF=100481&babsrc=HP_ss&mntrId=1e754307000000000000d682fe2bb396",), Replaced,[6a96a858778927d9f43e2035dd27d62a]

    PUP.Optional.MySearchDial.A, C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.google.com/", "http://start.mysearchdial.com/?f=1&...GtDyCtA0FtA0A0B0FtCyBtDyD2Q&cr=1005096798&ir=" ],), Replaced,[c937629e000031cfdf9a4d08e2226898]


    Physical Sectors: 0

    (No malicious items detected)



    (end)

    This is the first and additional text from FRST in files.

    Adware cleaner report


    # AdwCleaner v3.100 - Report created 20/04/2014 at 14:44:25

    # Updated 20/04/2014 by Xplode

    # Operating System : Windows 8.1 (64 bits)

    # Username : pamela - PAMSLAPTOP

    # Running from : C:\Users\pamela\Desktop\AdwCleaner.exe

    # Option : Clean


    ***** [ Services ] *****



    ***** [ Files / Folders ] *****


    Folder Deleted : C:\ProgramData\boost_interprocess

    Folder Deleted : C:\ProgramData\Trymedia

    [!] Folder Deleted : C:\Users\pamela\AppData\Local\Pokki

    Folder Deleted : C:\Users\pamela\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

    Folder Deleted : C:\Users\pamela\AppData\Roaming\DigitalSites

    Folder Deleted : C:\Users\pamela\AppData\Roaming\Solvusoft

    File Deleted : C:\Users\Public\Desktop\eBay.lnk

    File Deleted : C:\Windows\Tasks\Digital Sites.job

    File Deleted : C:\Windows\Tasks\MySearchDial.job

    File Deleted : C:\Windows\System32\Tasks\MySearchDial


    ***** [ Shortcuts ] *****



    ***** [ Registry ] *****


    Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki

    Key Deleted : HKCU\Software\Classes\Directory\shell\pokki

    Key Deleted : HKCU\Software\Classes\Drive\shell\pokki

    Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki

    Key Deleted : HKCU\Software\Classes\pokki

    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

    Key Deleted : HKCU\Software\dsiteproducts

    Key Deleted : HKCU\Software\Pokki

    Key Deleted : HKLM\Software\InstallCore

    Key Deleted : HKLM\Software\Trymedia Systems

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mega Browse


    ***** [ Browsers ] *****


    -\\ Internet Explorer v11.0.9600.16518



    -\\ Google Chrome v34.0.1847.116


    [ File : C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    Deleted : homepage


    *************************


    AdwCleaner[R0].txt - [3176 octets] - [20/04/2014 14:35:32]

    AdwCleaner[S0].txt - [2954 octets] - [20/04/2014 14:44:25]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3014 octets] ##########

    I also got this pop up when visiting a forum

    upload_2014-4-20_18-25-49.png

    and I also have the reults of Hitman Pro and Esetnod 32 antivirus scans that I did yesterday if it would help.

    ---------
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 01
    Ran by pamela (administrator) on PAMSLAPTOP on 20-04-2014 17:57:24
    Running from C:\Users\pamela\Desktop
    Windows 8.1 (X64) OS Language: English(UK)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    () C:\Program Files\Everything\Everything.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe
    (Microsoft Corporation) C:\Windows\System32\skydrive.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Intel Corporation) C:\Windows\system32\igfxext.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Microsoft Corporation) C:\Windows\system32\wwahost.exe
    (Microsoft Corporation) C:\Windows\Camera\Camera.exe
    (Microsoft Corporation) C:\Windows\system32\wwahost.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
    HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1357824 2013-06-26] ()
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-2138484092-3631122937-4138138785-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
    HKU\S-1-5-21-2138484092-3631122937-4138138785-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - DefaultScope {7C8695F2-1522-429C-8BD0-C9AEE04F8EA8} URL = http://start.mysearchdial.com/resul...GtDyCtA0FtA0A0B0FtCyBtDyD2Q&cr=1005096798&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {7C8695F2-1522-429C-8BD0-C9AEE04F8EA8} URL = http://start.mysearchdial.com/resul...GtDyCtA0FtA0A0B0FtCyBtDyD2Q&cr=1005096798&ir=
    SearchScopes: HKLM-x32 - {7C8695F2-1522-429C-8BD0-C9AEE04F8EA8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
    SearchScopes: HKCU - DefaultScope {7C8695F2-1522-429C-8BD0-C9AEE04F8EA8} URL = http://start.mysearchdial.com/resul...GtDyCtA0FtA0A0B0FtCyBtDyD2Q&cr=1005096798&ir=
    SearchScopes: HKCU - {7C8695F2-1522-429C-8BD0-C9AEE04F8EA8} URL = http://start.mysearchdial.com/resul...GtDyCtA0FtA0A0B0FtCyBtDyD2Q&cr=1005096798&ir=
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-04-19]
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-04-19]

    Chrome:
    =======
    CHR HomePage: hxxp://search.babylon.com/?AF=100481&babsrc=HP_ss&mntrId=1e754307000000000000d682fe2bb396
    CHR StartupUrls: "hxxp://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0F0CtCyBzy0EtByEyByByCtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0CtCtB0EyBtDyEtGzz0FyEtCtGyCzyyByBtGzzyEtB0EtGyDyB0C0CyDyCyEzytAtAzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0Dzz0DtAyEzztG0Fzz0FtAtGtC0AyCyBtGtD0EyEtDtGtDyCtA0FtA0A0B0FtCyBtDyD2Q&cr=1005096798&ir="
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Translate) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-03-16]
    CHR Extension: (Google Docs) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-08]
    CHR Extension: (Google Drive) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08]
    CHR Extension: (WOT) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-03-14]
    CHR Extension: (iCloud) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2014-03-16]
    CHR Extension: (YouTube) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
    CHR Extension: (Virtual Piano) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bncmabbnlopcijejifdcgdhaiclhamdj [2014-03-16]
    CHR Extension: (Adblock Plus) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-16]
    CHR Extension: (Google Search) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
    CHR Extension: (avast! Online Security) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-19]
    CHR Extension: (Google Play Music) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-03-16]
    CHR Extension: (Blossom) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjmedbobeakbopimfiicbonioiahhnd [2014-03-16]
    CHR Extension: (EagleGet Downloader) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2014-03-16]
    CHR Extension: (StumbleUpon) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-03-16]
    CHR Extension: (Google Maps) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-16]
    CHR Extension: (Lazarus: Form Recovery) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-03-28]
    CHR Extension: (Google Wallet) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08]
    CHR Extension: (ArcadeFrontier) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-04-18]
    CHR Extension: (Gmail) - C:\Users\pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
    R2 Everything; C:\Program Files\Everything\Everything.exe [1357824 2013-06-26] ()
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
    R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
    R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
    R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
    R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157528 2014-02-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-20 17:56 - 2014-04-20 17:56 - 00000000 ____D () C:\Users\pamela\Desktop\FRST-OlderVersion
    2014-04-20 17:13 - 2014-04-20 17:14 - 00033964 _____ () C:\Users\pamela\Desktop\Addition.txt
    2014-04-20 17:11 - 2014-04-20 17:57 - 00019442 _____ () C:\Users\pamela\Desktop\FRST.txt
    2014-04-20 17:11 - 2014-04-20 17:56 - 00000000 ____D () C:\FRST
    2014-04-20 17:02 - 2014-04-20 17:56 - 02056192 _____ (Farbar) C:\Users\pamela\Desktop\FRST64.exe
    2014-04-20 14:33 - 2014-04-20 14:46 - 00000000 ____D () C:\AdwCleaner
    2014-04-20 14:30 - 2014-02-22 17:15 - 01290688 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-04-20 14:30 - 2014-02-22 16:53 - 03394384 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
    2014-04-20 14:30 - 2014-02-22 16:50 - 21230744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-04-20 14:30 - 2014-02-22 16:44 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2014-04-20 14:30 - 2014-02-22 16:37 - 01116664 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-04-20 14:30 - 2014-02-22 15:18 - 18682288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-04-20 14:30 - 2014-02-22 14:28 - 23549952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-20 14:30 - 2014-02-22 13:27 - 17387520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-20 14:30 - 2014-02-22 13:15 - 04192768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-04-20 14:30 - 2014-02-22 13:08 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
    2014-04-20 14:30 - 2014-02-22 12:44 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-20 14:30 - 2014-02-22 12:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-20 14:30 - 2014-02-22 12:22 - 00836096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-04-20 14:30 - 2014-02-22 12:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-20 14:30 - 2014-02-22 12:17 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
    2014-04-20 14:30 - 2014-02-22 12:13 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-04-20 14:30 - 2014-02-22 12:00 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-20 14:30 - 2014-02-22 11:44 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-20 14:30 - 2014-02-22 11:36 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-20 14:30 - 2014-02-22 11:34 - 11742720 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2014-04-20 14:30 - 2014-02-22 11:02 - 16881152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2014-04-20 14:30 - 2014-02-22 11:02 - 12736000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2014-04-20 14:30 - 2014-02-22 11:00 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-20 14:30 - 2014-02-22 10:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-20 14:30 - 2014-02-22 10:33 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-20 14:30 - 2014-02-22 10:33 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-20 14:30 - 2014-02-22 10:11 - 02262016 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-20 14:30 - 2014-02-22 09:49 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-20 14:30 - 2014-02-22 09:32 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-20 14:30 - 2014-02-22 09:27 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-20 14:30 - 2014-02-22 09:15 - 08654336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
    2014-04-20 14:30 - 2014-02-08 02:08 - 00139600 _____ () C:\Windows\system32\systemsf.ebd
    2014-04-20 14:30 - 2014-01-31 12:25 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-04-20 14:30 - 2014-01-31 11:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-04-20 14:30 - 2014-01-31 09:25 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-04-20 14:30 - 2014-01-31 09:11 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 02141912 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 01519520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 01339248 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 01290688 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 00526304 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 00518552 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 00461176 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2014-04-20 14:29 - 2014-02-22 17:59 - 00407536 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2014-04-20 14:29 - 2014-02-22 17:59 - 00356856 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
    2014-04-20 14:29 - 2014-02-22 17:58 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-04-20 14:29 - 2014-02-22 17:58 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-04-20 14:29 - 2014-02-22 17:15 - 01929608 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
    2014-04-20 14:29 - 2014-02-22 17:15 - 01206000 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
    2014-04-20 14:29 - 2014-02-22 17:15 - 00531128 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-04-20 14:29 - 2014-02-22 17:00 - 00590168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2014-04-20 14:29 - 2014-02-22 17:00 - 00249688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
    2014-04-20 14:29 - 2014-02-22 17:00 - 00157528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
    2014-04-20 14:29 - 2014-02-22 16:55 - 01435304 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2014-04-20 14:29 - 2014-02-22 16:55 - 00565536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2014-04-20 14:29 - 2014-02-22 16:55 - 00388408 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2014-04-20 14:29 - 2014-02-22 16:55 - 00244848 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
    2014-04-20 14:29 - 2014-02-22 16:53 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
    2014-04-20 14:29 - 2014-02-22 16:50 - 02588168 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
    2014-04-20 14:29 - 2014-02-22 16:50 - 02373784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2014-04-20 14:29 - 2014-02-22 16:50 - 01466864 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
    2014-04-20 14:29 - 2014-02-22 16:50 - 00761792 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
    2014-04-20 14:29 - 2014-02-22 16:50 - 00645104 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
    2014-04-20 14:29 - 2014-02-22 16:50 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
    2014-04-20 14:29 - 2014-02-22 16:49 - 00384856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2014-04-20 14:29 - 2014-02-22 16:49 - 00280920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2014-04-20 14:29 - 2014-02-22 16:49 - 00148824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2014-04-20 14:29 - 2014-02-22 16:48 - 02574240 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2014-04-20 14:29 - 2014-02-22 16:48 - 01791752 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
    2014-04-20 14:29 - 2014-02-22 16:46 - 01927600 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
    2014-04-20 14:29 - 2014-02-22 16:46 - 01542776 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2014-04-20 14:29 - 2014-02-22 16:46 - 01445616 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
    2014-04-20 14:29 - 2014-02-22 16:46 - 01000424 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
    2014-04-20 14:29 - 2014-02-22 16:46 - 00669896 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2014-04-20 14:29 - 2014-02-22 16:44 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-04-20 14:29 - 2014-02-22 16:44 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-04-20 14:29 - 2014-02-22 16:44 - 00539992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
    2014-04-20 14:29 - 2014-02-22 16:44 - 00424280 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2014-04-20 14:29 - 2014-02-22 16:44 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
    2014-04-20 14:29 - 2014-02-22 16:43 - 01727760 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-04-20 14:29 - 2014-02-22 16:43 - 01659056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-04-20 14:29 - 2014-02-22 16:43 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-04-20 14:29 - 2014-02-22 16:43 - 01487520 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-04-20 14:29 - 2014-02-22 16:43 - 01356360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-04-20 14:29 - 2014-02-22 16:41 - 02142976 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 01215832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00800552 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00609456 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00490176 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00467504 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00463264 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00391008 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00372360 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
    2014-04-20 14:29 - 2014-02-22 16:41 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-04-20 14:29 - 2014-02-22 16:40 - 01118552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2014-04-20 14:29 - 2014-02-22 15:52 - 01767440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
    2014-04-20 14:29 - 2014-02-22 15:51 - 01063976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
    2014-04-20 14:29 - 2014-02-22 15:42 - 01779800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2014-04-20 14:29 - 2014-02-22 15:42 - 01017936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2014-04-20 14:29 - 2014-02-22 15:42 - 00422968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-04-20 14:29 - 2014-02-22 15:42 - 00410568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2014-04-20 14:29 - 2014-02-22 15:42 - 00406912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2014-04-20 14:29 - 2014-02-22 15:42 - 00369288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2014-04-20 14:29 - 2014-02-22 15:38 - 01374384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
    2014-04-20 14:29 - 2014-02-22 15:38 - 01095496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2014-04-20 14:29 - 2014-02-22 15:38 - 01077944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
    2014-04-20 14:29 - 2014-02-22 15:38 - 00336232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2014-04-20 14:29 - 2014-02-22 15:25 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2014-04-20 14:29 - 2014-02-22 15:18 - 02088160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2014-04-20 14:29 - 2014-02-22 15:18 - 01200296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
    2014-04-20 14:29 - 2014-02-22 15:18 - 00477744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
    2014-04-20 14:29 - 2014-02-22 15:18 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
    2014-04-20 14:29 - 2014-02-22 15:08 - 01474104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 01206000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 01011280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00650736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00518552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00386360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00317584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-04-20 14:29 - 2014-02-22 15:04 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
    2014-04-20 14:29 - 2014-02-22 13:24 - 02825216 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2014-04-20 14:29 - 2014-02-22 13:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-04-20 14:29 - 2014-02-22 13:14 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
    2014-04-20 14:29 - 2014-02-22 13:11 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2014-04-20 14:29 - 2014-02-22 13:08 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
    2014-04-20 14:29 - 2014-02-22 13:07 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2014-04-20 14:29 - 2014-02-22 13:07 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\WofUtil.dll
    2014-04-20 14:29 - 2014-02-22 13:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2014-04-20 14:29 - 2014-02-22 12:57 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
    2014-04-20 14:29 - 2014-02-22 12:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-20 14:29 - 2014-02-22 12:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2014-04-20 14:29 - 2014-02-22 12:28 - 02428928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2014-04-20 14:29 - 2014-02-22 12:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
    2014-04-20 14:29 - 2014-02-22 12:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
    2014-04-20 14:29 - 2014-02-22 12:16 - 00617472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2014-04-20 14:29 - 2014-02-22 12:06 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
    2014-04-20 14:29 - 2014-02-22 12:01 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-04-20 14:29 - 2014-02-22 11:57 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
    2014-04-20 14:29 - 2014-02-22 11:54 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-20 14:29 - 2014-02-22 11:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\dfp.exe
    2014-04-20 14:29 - 2014-02-22 11:41 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
    2014-04-20 14:29 - 2014-02-22 11:41 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2014-04-20 14:29 - 2014-02-22 11:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
    2014-04-20 14:29 - 2014-02-22 11:38 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\DfpCommon.dll
    2014-04-20 14:29 - 2014-02-22 11:36 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2014-04-20 14:29 - 2014-02-22 11:33 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-20 14:29 - 2014-02-22 11:25 - 01428480 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
    2014-04-20 14:29 - 2014-02-22 11:22 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
    2014-04-20 14:29 - 2014-02-22 11:20 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
    2014-04-20 14:29 - 2014-02-22 11:18 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2014-04-20 14:29 - 2014-02-22 11:18 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-04-20 14:29 - 2014-02-22 11:09 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
    2014-04-20 14:29 - 2014-02-22 11:09 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-20 14:29 - 2014-02-22 11:08 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
    2014-04-20 14:29 - 2014-02-22 11:06 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2014-04-20 14:29 - 2014-02-22 11:05 - 01757184 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
    2014-04-20 14:29 - 2014-02-22 11:02 - 08946688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2014-04-20 14:29 - 2014-02-22 11:01 - 02648064 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
    2014-04-20 14:29 - 2014-02-22 11:01 - 01227776 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
    2014-04-20 14:29 - 2014-02-22 11:01 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
    2014-04-20 14:29 - 2014-02-22 11:01 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2014-04-20 14:29 - 2014-02-22 10:59 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
    2014-04-20 14:29 - 2014-02-22 10:57 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
    2014-04-20 14:29 - 2014-02-22 10:55 - 01416192 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-04-20 14:29 - 2014-02-22 10:53 - 00825344 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2014-04-20 14:29 - 2014-02-22 10:52 - 01132032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2014-04-20 14:29 - 2014-02-22 10:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
    2014-04-20 14:29 - 2014-02-22 10:48 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-04-20 14:29 - 2014-02-22 10:48 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
    2014-04-20 14:29 - 2014-02-22 10:47 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2014-04-20 14:29 - 2014-02-22 10:46 - 00528896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
    2014-04-20 14:29 - 2014-02-22 10:45 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-04-20 14:29 - 2014-02-22 10:45 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
    2014-04-20 14:29 - 2014-02-22 10:40 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-20 14:29 - 2014-02-22 10:39 - 02900992 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
    2014-04-20 14:29 - 2014-02-22 10:38 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2014-04-20 14:29 - 2014-02-22 10:37 - 02220032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2014-04-20 14:29 - 2014-02-22 10:36 - 01392640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
    2014-04-20 14:29 - 2014-02-22 10:36 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
    2014-04-20 14:29 - 2014-02-22 10:35 - 01066496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-04-20 14:29 - 2014-02-22 10:35 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2014-04-20 14:29 - 2014-02-22 10:35 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
    2014-04-20 14:29 - 2014-02-22 10:35 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2014-04-20 14:29 - 2014-02-22 10:35 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WofTasks.dll
    2014-04-20 14:29 - 2014-02-22 10:34 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\energy.dll
    2014-04-20 14:29 - 2014-02-22 10:33 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\DismApi.dll
    2014-04-20 14:29 - 2014-02-22 10:32 - 01162752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2014-04-20 14:29 - 2014-02-22 10:29 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2014-04-20 14:29 - 2014-02-22 10:28 - 02643456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2014-04-20 14:29 - 2014-02-22 10:26 - 11790848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2014-04-20 14:29 - 2014-02-22 10:26 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2014-04-20 14:29 - 2014-02-22 10:26 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
    2014-04-20 14:29 - 2014-02-22 10:25 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2014-04-20 14:29 - 2014-02-22 10:25 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
    2014-04-20 14:29 - 2014-02-22 10:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
    2014-04-20 14:29 - 2014-02-22 10:24 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
    2014-04-20 14:29 - 2014-02-22 10:23 - 03494912 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2014-04-20 14:29 - 2014-02-22 10:23 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2014-04-20 14:29 - 2014-02-22 10:23 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
    2014-04-20 14:29 - 2014-02-22 10:23 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\msTextPrediction.dll
    2014-04-20 14:29 - 2014-02-22 10:23 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-04-20 14:29 - 2014-02-22 10:23 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2014-04-20 14:29 - 2014-02-22 10:21 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
    2014-04-20 14:29 - 2014-02-22 10:21 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
    2014-04-20 14:29 - 2014-02-22 10:16 - 13286912 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2014-04-20 14:29 - 2014-02-22 10:16 - 11776000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-04-20 14:29 - 2014-02-22 10:16 - 02270720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
    2014-04-20 14:29 - 2014-02-22 10:16 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
    2014-04-20 14:29 - 2014-02-22 10:15 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
    2014-04-20 14:29 - 2014-02-22 10:14 - 00752640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2014-04-20 14:29 - 2014-02-22 10:14 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2014-04-20 14:29 - 2014-02-22 10:13 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
    2014-04-20 14:29 - 2014-02-22 10:11 - 02395136 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2014-04-20 14:29 - 2014-02-22 10:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
    2014-04-20 14:29 - 2014-02-22 10:10 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
    2014-04-20 14:29 - 2014-02-22 10:10 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
    2014-04-20 14:29 - 2014-02-22 10:07 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
    2014-04-20 14:29 - 2014-02-22 10:07 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
    2014-04-20 14:29 - 2014-02-22 10:05 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-04-20 14:29 - 2014-02-22 10:04 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2014-04-20 14:29 - 2014-02-22 10:04 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
    2014-04-20 14:29 - 2014-02-22 10:03 - 01764864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2014-04-20 14:29 - 2014-02-22 10:01 - 13933568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-04-20 14:29 - 2014-02-22 10:00 - 01341440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
    2014-04-20 14:29 - 2014-02-22 10:00 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2014-04-20 14:29 - 2014-02-22 09:59 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
    2014-04-20 14:29 - 2014-02-22 09:59 - 01403392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2014-04-20 14:29 - 2014-02-22 09:59 - 00791552 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
    2014-04-20 14:29 - 2014-02-22 09:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2014-04-20 14:29 - 2014-02-22 09:54 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2014-04-20 14:29 - 2014-02-22 09:54 - 00647168 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
    2014-04-20 14:29 - 2014-02-22 09:53 - 12027904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2014-04-20 14:29 - 2014-02-22 09:53 - 01229312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
    2014-04-20 14:29 - 2014-02-22 09:52 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
    2014-04-20 14:29 - 2014-02-22 09:51 - 01258496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
    2014-04-20 14:29 - 2014-02-22 09:51 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2014-04-20 14:29 - 2014-02-22 09:51 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
    2014-04-20 14:29 - 2014-02-22 09:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2014-04-20 14:29 - 2014-02-22 09:49 - 08874496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2014-04-20 14:29 - 2014-02-22 09:49 - 00755200 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
    2014-04-20 14:29 - 2014-02-22 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2014-04-20 14:29 - 2014-02-22 09:47 - 00887808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2014-04-20 14:29 - 2014-02-22 09:47 - 00517120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
    2014-04-20 14:29 - 2014-02-22 09:46 - 00824832 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-04-20 14:29 - 2014-02-22 09:45 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2014-04-20 14:29 - 2014-02-22 09:45 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2014-04-20 14:29 - 2014-02-22 09:45 - 00169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
    2014-04-20 14:29 - 2014-02-22 09:44 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
    2014-04-20 14:29 - 2014-02-22 09:44 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
    2014-04-20 14:29 - 2014-02-22 09:42 - 03408384 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-04-20 14:29 - 2014-02-22 09:42 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
    2014-04-20 14:29 - 2014-02-22 09:41 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2014-04-20 14:29 - 2014-02-22 09:41 - 00662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-04-20 14:29 - 2014-02-22 09:40 - 02368512 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2014-04-20 14:29 - 2014-02-22 09:40 - 01705984 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-04-20 14:29 - 2014-02-22 09:40 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
    2014-04-20 14:29 - 2014-02-22 09:39 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
    2014-04-20 14:29 - 2014-02-22 09:38 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-20 14:29 - 2014-02-22 09:37 - 01716736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2014-04-20 14:29 - 2014-02-22 09:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2014-04-20 14:29 - 2014-02-22 09:36 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2014-04-20 14:29 - 2014-02-22 09:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-20 14:29 - 2014-02-22 09:34 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2014-04-20 14:29 - 2014-02-22 09:32 - 04268544 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
    2014-04-20 14:29 - 2014-02-22 09:32 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2014-04-20 14:29 - 2014-02-22 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
    2014-04-20 14:29 - 2014-02-22 09:24 - 02760704 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
    2014-04-20 14:29 - 2014-02-22 09:24 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2014-04-20 14:29 - 2014-02-22 09:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
    2014-04-20 14:29 - 2014-02-22 09:23 - 00839168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
    2014-04-20 14:29 - 2014-02-22 09:23 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2014-04-20 14:29 - 2014-02-22 09:22 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
    2014-04-20 14:29 - 2014-02-22 09:21 - 00854528 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
    2014-04-20 14:29 - 2014-02-22 09:21 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
    2014-04-20 14:29 - 2014-02-22 09:19 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
    2014-04-20 14:29 - 2014-02-22 09:19 - 00698880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2014-04-20 14:29 - 2014-02-22 09:18 - 05834240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
    2014-04-20 14:29 - 2014-02-22 09:18 - 02679296 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2014-04-20 14:29 - 2014-02-22 09:18 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
    2014-04-20 14:29 - 2014-02-22 09:17 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
    2014-04-20 14:29 - 2014-02-22 09:12 - 02639872 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-04-20 14:29 - 2014-02-22 09:06 - 01640960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
    2014-04-20 14:29 - 2014-02-22 09:04 - 02315264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-04-20 14:29 - 2014-02-22 09:04 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
    2014-04-20 14:29 - 2014-02-22 09:03 - 01496576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
    2014-04-20 14:29 - 2014-02-22 09:01 - 00978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
    2014-04-20 14:29 - 2014-02-22 09:01 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
    2014-04-20 14:29 - 2014-02-22 09:01 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
    2014-04-20 14:29 - 2014-02-22 09:00 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    2014-04-20 14:29 - 2014-02-22 05:33 - 00262335 _____ () C:\Windows\system32\dfpinc.dat
    2014-04-20 14:29 - 2014-02-02 15:48 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-04-20 14:29 - 2014-02-02 14:33 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-04-20 14:29 - 2014-02-02 13:19 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2014-04-20 14:29 - 2014-01-31 11:34 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-04-20 14:29 - 2014-01-31 11:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-04-20 14:29 - 2014-01-31 10:09 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
    2014-04-20 14:29 - 2014-01-31 09:18 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
    2014-04-20 14:29 - 2014-01-29 09:53 - 01653352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-04-20 14:29 - 2014-01-29 08:44 - 01369736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-04-20 14:29 - 2014-01-29 01:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
    2014-04-20 14:29 - 2014-01-27 17:47 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
    2014-04-20 14:29 - 2014-01-27 17:42 - 01526272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
    2014-04-20 14:29 - 2014-01-27 17:40 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
    2014-04-20 14:29 - 2014-01-27 16:38 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
    2014-04-20 14:29 - 2014-01-14 00:48 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2014-04-20 14:29 - 2014-01-08 02:30 - 00745328 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-04-20 14:29 - 2014-01-08 01:33 - 00552632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-04-20 14:29 - 2013-12-10 08:35 - 00530944 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
    2014-04-20 14:29 - 2013-11-11 00:41 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
    2014-04-20 14:28 - 2014-02-22 17:59 - 00289752 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
    2014-04-20 14:28 - 2014-02-22 17:59 - 00209160 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
    2014-04-20 14:28 - 2014-02-22 17:59 - 00139464 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2014-04-20 14:28 - 2014-02-22 17:59 - 00123448 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2014-04-20 14:28 - 2014-02-22 17:58 - 00036200 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2014-04-20 14:28 - 2014-02-22 17:15 - 00275312 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
    2014-04-20 14:28 - 2014-02-22 17:15 - 00188464 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
    2014-04-20 14:28 - 2014-02-22 17:15 - 00071888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
    2014-04-20 14:28 - 2014-02-22 17:02 - 00170952 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
    2014-04-20 14:28 - 2014-02-22 17:02 - 00083120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
    2014-04-20 14:28 - 2014-02-22 17:02 - 00080048 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
    2014-04-20 14:28 - 2014-02-22 17:00 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
    2014-04-20 14:28 - 2014-02-22 17:00 - 00151384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
    2014-04-20 14:28 - 2014-02-22 17:00 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
    2014-04-20 14:28 - 2014-02-22 16:59 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
    2014-04-20 14:28 - 2014-02-22 16:59 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\SysResetErr.exe
    2014-04-20 14:28 - 2014-02-22 16:55 - 00162176 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
    2014-04-20 14:28 - 2014-02-22 16:55 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2014-04-20 14:28 - 2014-02-22 16:55 - 00131168 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
    2014-04-20 14:28 - 2014-02-22 16:55 - 00105864 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2014-04-20 14:28 - 2014-02-22 16:54 - 00180056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-04-20 14:28 - 2014-02-22 16:53 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-04-20 14:28 - 2014-02-22 16:50 - 00258784 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2014-04-20 14:28 - 2014-02-22 16:50 - 00101216 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
    2014-04-20 14:28 - 2014-02-22 16:50 - 00054816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
    2014-04-20 14:28 - 2014-02-22 16:50 - 00043408 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
    2014-04-20 14:28 - 2014-02-22 16:50 - 00032544 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
    2014-04-20 14:28 - 2014-02-22 16:49 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2014-04-20 14:28 - 2014-02-22 16:49 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-04-20 14:28 - 2014-02-22 16:49 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
    2014-04-20 14:28 - 2014-02-22 16:49 - 00189784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
    2014-04-20 14:28 - 2014-02-22 16:49 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
    2014-04-20 14:28 - 2014-02-22 16:49 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
    2014-04-20 14:28 - 2014-02-22 16:48 - 00210736 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
    2014-04-20 14:28 - 2014-02-22 16:44 - 00924504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
    2014-04-20 14:28 - 2014-02-22 16:43 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-04-20 14:28 - 2014-02-22 16:43 - 00142576 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2014-04-20 14:28 - 2014-02-22 16:43 - 00094560 _____ (Microsoft Corporation) C:\Windows\system32\bcd.dll
    2014-04-20 14:28 - 2014-02-22 16:41 - 00360000 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
    2014-04-20 14:28 - 2014-02-22 16:41 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
    2014-04-20 14:28 - 2014-02-22 16:41 - 00244888 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-04-20 14:28 - 2014-02-22 16:41 - 00028416 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-04-20 14:28 - 2014-02-22 15:52 - 00251504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
    2014-04-20 14:28 - 2014-02-22 15:51 - 00140456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2014-04-20 14:28 - 2014-02-22 15:42 - 00232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
    2014-04-20 14:28 - 2014-02-22 15:42 - 00137344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2014-04-20 14:28 - 2014-02-22 15:42 - 00098072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2014-04-20 14:28 - 2014-02-22 15:41 - 00033056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2014-04-20 14:28 - 2014-02-22 15:38 - 00506120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
    2014-04-20 14:28 - 2014-02-22 15:38 - 00089848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2014-04-20 14:28 - 2014-02-22 15:25 - 00180240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
    2014-04-20 14:28 - 2014-02-22 15:18 - 00089848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
    2014-04-20 14:28 - 2014-02-22 15:18 - 00041320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
    2014-04-20 14:28 - 2014-02-22 15:18 - 00029912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
    2014-04-20 14:28 - 2014-02-22 15:14 - 00389464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2014-04-20 14:28 - 2014-02-22 15:11 - 00490136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-04-20 14:28 - 2014-02-22 15:08 - 00079496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcd.dll
    2014-04-20 14:28 - 2014-02-22 15:04 - 00406512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-04-20 14:28 - 2014-02-22 15:04 - 00354808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2014-04-20 14:28 - 2014-02-22 15:04 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
    2014-04-20 14:28 - 2014-02-22 13:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2014-04-20 14:28 - 2014-02-22 13:20 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-power-events.dll
    2014-04-20 14:28 - 2014-02-22 13:17 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
    2014-04-20 14:28 - 2014-02-22 13:17 - 00890880 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
    2014-04-20 14:28 - 2014-02-22 13:17 - 00874496 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
    2014-04-20 14:28 - 2014-02-22 13:17 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll
    2014-04-20 14:28 - 2014-02-22 13:17 - 00008192 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-1.dll
    2014-04-20 14:28 - 2014-02-22 13:17 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-session-winsta-l1-1-0.dll
    2014-04-20 14:28 - 2014-02-22 13:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-0.dll
    2014-04-20 14:28 - 2014-02-22 13:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-kernel32-package-l1-1-1.dll
    2014-04-20 14:28 - 2014-02-22 13:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
    2014-04-20 14:28 - 2014-02-22 13:14 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys
    2014-04-20 14:28 - 2014-02-22 13:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
    2014-04-20 14:28 - 2014-02-22 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-04-20 14:28 - 2014-02-22 13:08 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
    2014-04-20 14:28 - 2014-02-22 13:08 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
    2014-04-20 14:28 - 2014-02-22 13:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2014-04-20 14:28 - 2014-02-22 13:08 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-04-20 14:28 - 2014-02-22 13:08 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-04-20 14:28 - 2014-02-22 13:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-04-20 14:28 - 2014-02-22 13:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\clrhost.dll
    2014-04-20 14:28 - 2014-02-22 13:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2014-04-20 14:28 - 2014-02-22 13:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
    2014-04-20 14:28 - 2014-02-22 13:03 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2014-04-20 14:28 - 2014-02-22 13:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
    2014-04-20 14:28 - 2014-02-22 13:01 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\spcompat.dll
    2014-04-20 14:28 - 2014-02-22 13:00 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-04-20 14:28 - 2014-02-22 13:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
    2014-04-20 14:28 - 2014-02-22 13:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\lpksetupproxyserv.dll
    2014-04-20 14:28 - 2014-02-22 12:59 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgrade.exe
    2014-04-20 14:28 - 2014-02-22 12:57 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-04-20 14:28 - 2014-02-22 12:54 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
    2014-04-20 14:28 - 2014-02-22 12:50 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
    2014-04-20 14:28 - 2014-02-22 12:50 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
    2014-04-20 14:28 - 2014-02-22 12:48 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
    2014-04-20 14:28 - 2014-02-22 12:48 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll
    2014-04-20 14:28 - 2014-02-22 12:47 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll
    2014-04-20 14:28 - 2014-02-22 12:47 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
    2014-04-20 14:28 - 2014-02-22 12:47 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
    2014-04-20 14:28 - 2014-02-22 12:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
    2014-04-20 14:28 - 2014-02-22 12:45 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\fhevents.dll
    2014-04-20 14:28 - 2014-02-22 12:42 - 00038680 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
    2014-04-20 14:28 - 2014-02-22 12:41 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
    2014-04-20 14:28 - 2014-02-22 12:39 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\fhsvcctl.dll
    2014-04-20 14:28 - 2014-02-22 12:37 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
    2014-04-20 14:28 - 2014-02-22 12:34 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\dmdskmgr.dll
    2014-04-20 14:28 - 2014-02-22 12:32 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
    2014-04-20 14:28 - 2014-02-22 12:29 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\RelPost.exe
    2014-04-20 14:28 - 2014-02-22 12:27 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
    2014-04-20 14:28 - 2014-02-22 12:25 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
    2014-04-20 14:28 - 2014-02-22 12:25 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
    2014-04-20 14:28 - 2014-02-22 12:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\f3ahvoas.dll
    2014-04-20 14:28 - 2014-02-22 12:25 - 00008192 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll
    2014-04-20 14:28 - 2014-02-22 12:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll
    2014-04-20 14:28 - 2014-02-22 12:24 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
    2014-04-20 14:28 - 2014-02-22 12:24 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
    2014-04-20 14:28 - 2014-02-22 12:24 - 00780288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
    2014-04-20 14:28 - 2014-02-22 12:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SSShim.dll
    2014-04-20 14:28 - 2014-02-22 12:24 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll
    2014-04-20 14:28 - 2014-02-22 12:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll
    2014-04-20 14:28 - 2014-02-22 12:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll
    2014-04-20 14:28 - 2014-02-22 12:22 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
    2014-04-20 14:28 - 2014-02-22 12:22 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-04-20 14:28 - 2014-02-22 12:20 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
    2014-04-20 14:28 - 2014-02-22 12:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
    2014-04-20 14:28 - 2014-02-22 12:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
    2014-04-20 14:28 - 2014-02-22 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
    2014-04-20 14:28 - 2014-02-22 12:16 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-04-20 14:28 - 2014-02-22 12:16 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
    2014-04-20 14:28 - 2014-02-22 12:16 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2014-04-20 14:28 - 2014-02-22 12:16 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2014-04-20 14:28 - 2014-02-22 12:16 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clrhost.dll
    2014-04-20 14:28 - 2014-02-22 12:15 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
    2014-04-20 14:28 - 2014-02-22 12:14 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\cleanmgr.exe
    2014-04-20 14:28 - 2014-02-22 12:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
    2014-04-20 14:28 - 2014-02-22 12:11 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
    2014-04-20 14:28 - 2014-02-22 12:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-04-20 14:28 - 2014-02-22 12:09 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
    2014-04-20 14:28 - 2014-02-22 12:08 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
    2014-04-20 14:28 - 2014-02-22 12:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
    2014-04-20 14:28 - 2014-02-22 12:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2014-04-20 14:28 - 2014-02-22 12:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
    2014-04-20 14:28 - 2014-02-22 12:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-04-20 14:28 - 2014-02-22 12:05 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\RASMM.dll
    2014-04-20 14:28 - 2014-02-22 12:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\pnpclean.dll
    2014-04-20 14:28 - 2014-02-22 12:05 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
    2014-04-20 14:28 - 2014-02-22 12:05 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentHost.dll
    2014-04-20 14:28 - 2014-02-22 12:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
    2014-04-20 14:28 - 2014-02-22 12:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-04-20 14:28 - 2014-02-22 12:02 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContent.dll
    2014-04-20 14:28 - 2014-02-22 12:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
    2014-04-20 14:28 - 2014-02-22 12:01 - 00112640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
    2014-04-20 14:28 - 2014-02-22 12:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-20 14:28 - 2014-02-22 12:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll
    2014-04-20 14:28 - 2014-02-22 11:59 - 01283584 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
    2014-04-20 14:28 - 2014-02-22 11:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
    2014-04-20 14:28 - 2014-02-22 11:59 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
    2014-04-20 14:28 - 2014-02-22 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-20 14:28 - 2014-02-22 11:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
    2014-04-20 14:28 - 2014-02-22 11:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-20 14:28 - 2014-02-22 11:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\DAConn.dll
    2014-04-20 14:28 - 2014-02-22 11:57 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
    2014-04-20 14:28 - 2014-02-22 11:56 - 02862592 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
    2014-04-20 14:28 - 2014-02-22 11:56 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-04-20 14:28 - 2014-02-22 11:56 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
    2014-04-20 14:28 - 2014-02-22 11:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
    2014-04-20 14:28 - 2014-02-22 11:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
    2014-04-20 14:28 - 2014-02-22 11:55 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\SrTasks.exe
    2014-04-20 14:28 - 2014-02-22 11:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
    2014-04-20 14:28 - 2014-02-22 11:52 - 02288640 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
    2014-04-20 14:28 - 2014-02-22 11:52 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
    2014-04-20 14:28 - 2014-02-22 11:51 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
    2014-04-20 14:28 - 2014-02-22 11:50 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
    2014-04-20 14:28 - 2014-02-22 11:47 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmdskmgr.dll
    2014-04-20 14:28 - 2014-02-22 11:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll
    2014-04-20 14:28 - 2014-02-22 11:47 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
    2014-04-20 14:28 - 2014-02-22 11:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-20 14:28 - 2014-02-22 11:46 - 00283136 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
    2014-04-20 14:28 - 2014-02-22 11:44 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
    2014-04-20 14:28 - 2014-02-22 11:41 - 02566656 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
    2014-04-20 14:28 - 2014-02-22 11:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
    2014-04-20 14:28 - 2014-02-22 11:40 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
    2014-04-20 14:28 - 2014-02-22 11:39 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
    2014-04-20 14:28 - 2014-02-22 11:39 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-04-20 14:28 - 2014-02-22 11:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
    2014-04-20 14:28 - 2014-02-22 11:37 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
    2014-04-20 14:28 - 2014-02-22 11:36 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-04-20 14:28 - 2014-02-22 11:36 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
    2014-04-20 14:28 - 2014-02-22 11:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-04-20 14:28 - 2014-02-22 11:35 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
    2014-04-20 14:28 - 2014-02-22 11:35 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
    2014-04-20 14:28 - 2014-02-22 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
    2014-04-20 14:28 - 2014-02-22 11:33 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
    2014-04-20 14:28 - 2014-02-22 11:32 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2014-04-20 14:28 - 2014-02-22 11:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-20 14:28 - 2014-02-22 11:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cleanmgr.exe
    2014-04-20 14:28 - 2014-02-22 11:29 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-04-20 14:28 - 2014-02-22 11:28 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-04-20 14:28 - 2014-02-22 11:27 - 00397824 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
    2014-04-20 14:28 - 2014-02-22 11:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-04-20 14:28 - 2014-02-22 11:25 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
    2014-04-20 14:28 - 2014-02-22 11:21 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
    2014-04-20 14:28 - 2014-02-22 11:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-04-20 14:28 - 2014-02-22 11:21 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
    2014-04-20 14:28 - 2014-02-22 11:20 - 01152512 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
    2014-04-20 14:28 - 2014-02-22 11:18 - 00722432 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
    2014-04-20 14:28 - 2014-02-22 11:17 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
    2014-04-20 14:28 - 2014-02-22 11:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-20 14:28 - 2014-02-22 11:17 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
    2014-04-20 14:28 - 2014-02-22 11:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
    2014-04-20 14:28 - 2014-02-22 11:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
    2014-04-20 14:28 - 2014-02-22 11:16 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
    2014-04-20 14:28 - 2014-02-22 11:15 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2014-04-20 14:28 - 2014-02-22 11:14 - 02811392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
    2014-04-20 14:28 - 2014-02-22 11:14 - 02165760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
    2014-04-20 14:28 - 2014-02-22 11:14 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
    2014-04-20 14:28 - 2014-02-22 11:13 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
    2014-04-20 14:28 - 2014-02-22 11:13 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
    2014-04-20 14:28 - 2014-02-22 11:13 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
    2014-04-20 14:28 - 2014-02-22 11:12 - 00797696 _____ (Microsoft Corporation) C:\Windows\system32\PurchaseWindowsLicense.dll
    2014-04-20 14:28 - 2014-02-22 11:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
    2014-04-20 14:28 - 2014-02-22 11:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
    2014-04-20 14:28 - 2014-02-22 11:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
    2014-04-20 14:28 - 2014-02-22 11:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-20 14:28 - 2014-02-22 11:07 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
    2014-04-20 14:28 - 2014-02-22 11:04 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
    2014-04-20 14:28 - 2014-02-22 11:04 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll
    2014-04-20 14:28 - 2014-02-22 11:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
    2014-04-20 14:28 - 2014-02-22 11:03 - 02544128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
    2014-04-20 14:28 - 2014-02-22 11:03 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-04-20 14:28 - 2014-02-22 11:02 - 00258560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2014-04-20 14:28 - 2014-02-22 11:00 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2014-04-20 14:28 - 2014-02-22 10:59 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
    2014-04-20 14:28 - 2014-02-22 10:59 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
    2014-04-20 14:28 - 2014-02-22 10:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
    2014-04-20 14:28 - 2014-02-22 10:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-04-20 14:28 - 2014-02-22 10:56 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2014-04-20 14:28 - 2014-02-22 10:55 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-20 14:28 - 2014-02-22 10:54 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
    2014-04-20 14:28 - 2014-02-22 10:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
    2014-04-20 14:28 - 2014-02-22 10:54 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-04-20 14:28 - 2014-02-22 10:54 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\deviceassociation.dll
    2014-04-20 14:28 - 2014-02-22 10:53 - 00545280 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
    2014-04-20 14:28 - 2014-02-22 10:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-04-20 14:28 - 2014-02-22 10:52 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.exe
    2014-04-20 14:28 - 2014-02-22 10:51 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
    2014-04-20 14:28 - 2014-02-22 10:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
    2014-04-20 14:28 - 2014-02-22 10:50 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
    2014-04-20 14:28 - 2014-02-22 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\winbrand.dll
    2014-04-20 14:28 - 2014-02-22 10:49 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
    2014-04-20 14:28 - 2014-02-22 10:48 - 01136128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
    2014-04-20 14:28 - 2014-02-22 10:48 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
    2014-04-20 14:28 - 2014-02-22 10:46 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\winsku.dll
    2014-04-20 14:28 - 2014-02-22 10:45 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
    2014-04-20 14:28 - 2014-02-22 10:45 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
    2014-04-20 14:28 - 2014-02-22 10:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2014-04-20 14:28 - 2014-02-22 10:45 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
    2014-04-20 14:28 - 2014-02-22 10:44 - 00675328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2014-04-20 14:28 - 2014-02-22 10:44 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2014-04-20 14:28 - 2014-02-22 10:44 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
    2014-04-20 14:28 - 2014-02-22 10:43 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
    2014-04-20 14:28 - 2014-02-22 10:43 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll
    2014-04-20 14:28 - 2014-02-22 10:41 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
    2014-04-20 14:28 - 2014-02-22 10:40 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2014-04-20 14:28 - 2014-02-22 10:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dasHost.exe
    2014-04-20 14:28 - 2014-02-22 10:37 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
    2014-04-20 14:28 - 2014-02-22 10:36 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
    2014-04-20 14:28 - 2014-02-22 10:36 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WLanConn.dll
    2014-04-20 14:28 - 2014-02-22 10:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
    2014-04-20 14:28 - 2014-02-22 10:31 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
    2014-04-20 14:28 - 2014-02-22 10:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2014-04-20 14:28 - 2014-02-22 10:29 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
    2014-04-20 14:28 - 2014-02-22 10:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
    2014-04-20 14:28 - 2014-02-22 10:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2014-04-20 14:28 - 2014-02-22 10:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
    2014-04-20 14:28 - 2014-02-22 10:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceassociation.dll
    2014-04-20 14:28 - 2014-02-22 10:27 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
    2014-04-20 14:28 - 2014-02-22 10:27 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
    2014-04-20 14:28 - 2014-02-22 10:26 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2014-04-20 14:28 - 2014-02-22 10:26 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.exe
    2014-04-20 14:28 - 2014-02-22 10:25 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
    2014-04-20 14:28 - 2014-02-22 10:25 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\das.dll
    2014-04-20 14:28 - 2014-02-22 10:25 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
    2014-04-20 14:28 - 2014-02-22 10:25 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
    2014-04-20 14:28 - 2014-02-22 10:25 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\wscinterop.dll
    2014-04-20 14:28 - 2014-02-22 10:25 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
    2014-04-20 14:28 - 2014-02-22 10:25 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbrand.dll
    2014-04-20 14:28 - 2014-02-22 10:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
    2014-04-20 14:28 - 2014-02-22 10:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
    2014-04-20 14:28 - 2014-02-22 10:22 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
    2014-04-20 14:28 - 2014-02-22 10:22 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsku.dll
    2014-04-20 14:28 - 2014-02-22 10:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll
    2014-04-20 14:28 - 2014-02-22 10:19 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
    2014-04-20 14:28 - 2014-02-22 10:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll
    2014-04-20 14:28 - 2014-02-22 10:18 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
    2014-04-20 14:28 - 2014-02-22 10:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxshared.dll
    2014-04-20 14:28 - 2014-02-22 10:15 - 00211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
    2014-04-20 14:28 - 2014-02-22 10:12 - 00459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DismApi.dll
    2014-04-20 14:28 - 2014-02-22 10:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2014-04-20 14:28 - 2014-02-22 10:09 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
    2014-04-20 14:28 - 2014-02-22 10:08 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
    2014-04-20 14:28 - 2014-02-22 10:07 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscinterop.dll
    2014-04-20 14:28 - 2014-02-22 10:06 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2014-04-20 14:28 - 2014-02-22 10:06 - 00251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
    2014-04-20 14:28 - 2014-02-22 10:04 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\slpts.dll
    2014-04-20 14:28 - 2014-02-22 10:02 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
    2014-04-20 14:28 - 2014-02-22 10:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
    2014-04-20 14:28 - 2014-02-22 10:02 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
    2014-04-20 14:28 - 2014-02-22 09:59 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2014-04-20 14:28 - 2014-02-22 09:58 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
    2014-04-20 14:28 - 2014-02-22 09:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
    2014-04-20 14:28 - 2014-02-22 09:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-04-20 14:28 - 2014-02-22 09:55 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\energytask.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slpts.dll
    2014-04-20 14:28 - 2014-02-22 09:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2014-04-20 14:28 - 2014-02-22 09:54 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
    2014-04-20 14:28 - 2014-02-22 09:54 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
    2014-04-20 14:28 - 2014-02-22 09:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2014-04-20 14:28 - 2014-02-22 09:54 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
    2014-04-20 14:28 - 2014-02-22 09:54 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\AepRoam.dll
    2014-04-20 14:28 - 2014-02-22 09:53 - 00876544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-04-20 14:28 - 2014-02-22 09:52 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
    2014-04-20 14:28 - 2014-02-22 09:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
    2014-04-20 14:28 - 2014-02-22 09:49 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
    2014-04-20 14:28 - 2014-02-22 09:49 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2014-04-20 14:28 - 2014-02-22 09:49 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-04-20 14:28 - 2014-02-22 09:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-04-20 14:28 - 2014-02-22 09:48 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\BioCredProv.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
    2014-04-20 14:28 - 2014-02-22 09:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2014-04-20 14:28 - 2014-02-22 09:47 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll
    2014-04-20 14:28 - 2014-02-22 09:47 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
    2014-04-20 14:28 - 2014-02-22 09:47 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
    2014-04-20 14:28 - 2014-02-22 09:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\AltTab.dll
    2014-04-20 14:28 - 2014-02-22 09:46 - 03312128 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
    2014-04-20 14:28 - 2014-02-22 09:45 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
    2014-04-20 14:28 - 2014-02-22 09:45 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2014-04-20 14:28 - 2014-02-22 09:44 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2014-04-20 14:28 - 2014-02-22 09:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
    2014-04-20 14:28 - 2014-02-22 09:44 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
    2014-04-20 14:28 - 2014-02-22 09:44 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
    2014-04-20 14:28 - 2014-02-22 09:43 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2014-04-20 14:28 - 2014-02-22 09:43 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
    2014-04-20 14:28 - 2014-02-22 09:43 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BioCredProv.dll
    2014-04-20 14:28 - 2014-02-22 09:43 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
    2014-04-20 14:28 - 2014-02-22 09:43 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
    2014-04-20 14:28 - 2014-02-22 09:43 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-04-20 14:28 - 2014-02-22 09:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Renewal.dll
    2014-04-20 14:28 - 2014-02-22 09:42 - 00943104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WlanMM.dll
    2014-04-20 14:28 - 2014-02-22 09:42 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
    2014-04-20 14:28 - 2014-02-22 09:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
    2014-04-20 14:28 - 2014-02-22 09:40 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
    2014-04-20 14:28 - 2014-02-22 09:39 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
    2014-04-20 14:28 - 2014-02-22 09:39 - 00321536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
    2014-04-20 14:28 - 2014-02-22 09:39 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
    2014-04-20 14:28 - 2014-02-22 09:38 - 00470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2014-04-20 14:28 - 2014-02-22 09:38 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
    2014-04-20 14:28 - 2014-02-22 09:36 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll
    2014-04-20 14:28 - 2014-02-22 09:35 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
    2014-04-20 14:28 - 2014-02-22 09:34 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
    2014-04-20 14:28 - 2014-02-22 09:33 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
    2014-04-20 14:28 - 2014-02-22 09:33 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
    2014-04-20 14:28 - 2014-02-22 09:31 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
    2014-04-20 14:28 - 2014-02-22 09:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
    2014-04-20 14:28 - 2014-02-22 09:30 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
    2014-04-20 14:28 - 2014-02-22 09:29 - 00191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputSwitch.dll
    2014-04-20 14:28 - 2014-02-22 09:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
    2014-04-20 14:28 - 2014-02-22 09:22 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-04-20 14:28 - 2014-02-22 09:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncPolicy.dll
    2014-04-20 14:28 - 2014-02-22 09:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
    2014-04-20 14:28 - 2014-02-22 09:20 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
    2014-04-20 14:28 - 2014-02-22 09:20 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncPolicy.dll
    2014-04-20 14:28 - 2014-02-22 09:19 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
    2014-04-20 14:28 - 2014-02-22 09:17 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\CloudStorageWizard.exe
    2014-04-20 14:28 - 2014-02-22 09:17 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudStorageWizard.exe
    2014-04-20 14:28 - 2014-02-22 08:54 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
    2014-04-20 14:28 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2014-04-20 14:28 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2014-04-20 14:28 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2014-04-20 14:28 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2014-04-20 14:28 - 2014-02-08 02:08 - 00100197 _____ () C:\Windows\SysWOW64\RacRules.xml
    2014-04-20 14:28 - 2014-02-08 02:08 - 00100197 _____ () C:\Windows\system32\RacRules.xml
    2014-04-20 14:28 - 2014-02-01 07:00 - 00011109 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
    2014-04-20 14:28 - 2014-02-01 07:00 - 00011109 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
    2014-04-20 14:28 - 2014-02-01 07:00 - 00007762 _____ () C:\Windows\SysWOW64\connectedsearch-suggestions.searchconnector-ms
    2014-04-20 14:28 - 2014-02-01 07:00 - 00007762 _____ () C:\Windows\system32\connectedsearch-suggestions.searchconnector-ms
    2014-04-20 14:28 - 2014-02-01 07:00 - 00007130 _____ () C:\Windows\SysWOW64\connectedsearch-zeroinput.searchconnector-ms
    2014-04-20 14:28 - 2014-02-01 07:00 - 00007130 _____ () C:\Windows\system32\connectedsearch-zeroinput.searchconnector-ms
    2014-04-20 14:28 - 2014-02-01 07:00 - 00002255 _____ () C:\Windows\SysWOW64\WimBootCompress.ini
    2014-04-20 14:28 - 2014-02-01 07:00 - 00002255 _____ () C:\Windows\system32\WimBootCompress.ini
    2014-04-20 14:28 - 2014-01-31 13:09 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2014-04-20 14:28 - 2014-01-31 13:08 - 01200640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2014-04-20 14:28 - 2014-01-31 12:59 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2014-04-20 14:28 - 2014-01-31 12:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2014-04-20 14:28 - 2014-01-31 10:55 - 03596800 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
    2014-04-20 14:28 - 2014-01-31 10:35 - 03085824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
    2014-04-20 14:28 - 2014-01-31 10:19 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
    2014-04-20 14:28 - 2014-01-31 10:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
    2014-04-20 14:28 - 2014-01-31 10:10 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
    2014-04-20 14:28 - 2014-01-31 10:08 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
    2014-04-20 14:28 - 2014-01-31 10:04 - 00409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
    2014-04-20 14:28 - 2014-01-31 10:03 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
    2014-04-20 14:28 - 2014-01-31 09:24 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
    2014-04-20 14:28 - 2014-01-29 09:52 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2014-04-20 14:28 - 2014-01-29 09:40 - 00994136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2014-04-20 14:28 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
    2014-04-20 14:28 - 2014-01-29 01:18 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
    2014-04-20 14:28 - 2014-01-29 01:17 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
    2014-04-20 14:28 - 2014-01-27 20:55 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
    2014-04-20 14:28 - 2014-01-27 20:53 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-04-20 14:28 - 2014-01-27 20:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
    2014-04-20 14:28 - 2014-01-27 20:46 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
    2014-04-20 14:28 - 2014-01-27 20:04 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
    2014-04-20 14:28 - 2014-01-27 18:54 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
    2014-04-20 14:28 - 2014-01-27 18:24 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
    2014-04-20 14:28 - 2014-01-27 18:04 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2014-04-20 14:28 - 2014-01-27 17:59 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
    2014-04-20 14:28 - 2014-01-27 17:48 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
    2014-04-20 14:28 - 2014-01-27 12:45 - 00050053 _____ () C:\Windows\system32\srms.dat
    2014-04-20 14:28 - 2014-01-22 07:21 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
    2014-04-20 14:28 - 2014-01-22 06:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
    2014-04-20 14:28 - 2014-01-17 18:24 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
    2014-04-20 14:28 - 2014-01-17 18:04 - 00292864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
    2014-04-20 14:28 - 2014-01-16 08:32 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2014-04-20 14:28 - 2013-12-04 19:41 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthLEEnum.sys
    2014-04-20 14:28 - 2013-12-04 16:54 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
    2014-04-20 14:28 - 2013-12-04 16:16 - 00546304 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
    2014-04-20 14:28 - 2013-12-04 15:19 - 00439808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
    2014-04-20 14:28 - 2013-12-04 14:53 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
    2014-04-20 14:28 - 2013-11-27 10:47 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
    2014-04-20 14:28 - 2013-11-27 10:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe
    2014-04-20 14:28 - 2013-11-27 10:10 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
    2014-04-20 14:28 - 2013-11-27 09:56 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
    2014-04-20 14:28 - 2013-11-08 05:04 - 00488960 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
    2014-04-20 14:28 - 2013-11-08 04:47 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2014-04-20 14:11 - 2014-04-20 14:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-20 14:11 - 2014-04-20 14:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-20 14:02 - 2014-04-20 14:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-20 14:01 - 2014-04-20 14:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-20 14:01 - 2014-04-20 14:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-20 14:01 - 2014-04-20 14:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-19 21:55 - 2014-04-19 21:55 - 00000000 ____D () C:\Users\pamela\AppData\Local\ESET
    2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\ProgramData\ESET
    2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files\ESET
    2014-04-19 19:54 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-04-19 18:57 - 2014-04-20 16:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-19 18:56 - 2014-04-19 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-19 18:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-19 18:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-19 18:55 - 2014-04-19 18:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\pamela\Documents\mbam-setup-2.0.1.1004.exe
    2014-04-19 18:36 - 2014-04-19 18:36 - 00009932 _____ () C:\Windows\system32\.crusader
    2014-04-19 18:21 - 2014-04-19 18:21 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-04-19 18:20 - 2014-04-19 18:36 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-04-19 10:17 - 2014-04-19 18:02 - 00014785 _____ () C:\Windows\SysWOW64\Fairy Forest.log
    2014-04-19 10:17 - 2014-04-19 10:17 - 00000000 ____D () C:\Program Files (x86)\Fairy Forest 3D Screensaver
    2014-04-19 10:17 - 2013-12-27 17:43 - 02659384 _____ (3Planesoft) C:\Windows\SysWOW64\Fairy_Forest_3D_Screensaver.scr
    2014-04-19 10:16 - 2014-04-19 10:16 - 00000000 ____D () C:\Users\pamela\Documents\FairyForest3DScreensaver
    2014-04-18 15:10 - 2014-04-18 15:10 - 00002111 _____ () C:\Users\pamela\Documents\to print letter from tuot for ellis - Shortcut.lnk
    2014-04-18 11:49 - 2014-04-18 11:49 - 00001186 _____ () C:\Users\Public\Desktop\Wondershare Video Editor.lnk
    2014-04-18 11:49 - 2014-04-18 11:49 - 00000000 ____D () C:\Users\pamela\AppData\Local\Wondershare
    2014-04-18 11:48 - 2014-04-18 11:48 - 00000000 ____D () C:\Program Files (x86)\Wondershare
    2014-04-18 11:46 - 2014-04-18 11:48 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
    2014-04-17 18:33 - 2014-04-17 18:33 - 00000355 _____ () C:\Users\pamela\Documents\Homegroup - Shortcut.lnk
    2014-04-17 17:09 - 2014-04-17 17:09 - 00000000 ____D () C:\Users\pamela\AppData\Local\Chronicles of Albian
    2014-04-13 13:29 - 2014-04-13 14:16 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\ElementalsTheMagicKey
    2014-04-12 19:47 - 2014-04-12 19:47 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\YoudaGames
    2014-04-12 10:11 - 2014-04-12 10:11 - 00000000 ____D () C:\Users\pamela\AppData\Local\BolideSoftware
    2014-04-12 10:09 - 2014-04-12 10:09 - 00001055 _____ () C:\Users\pamela\Desktop\Slideshow Creator.lnk
    2014-04-12 10:09 - 2014-04-12 10:09 - 00000000 ____D () C:\Program Files (x86)\Slideshow Creator
    2014-04-10 10:51 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
    2014-04-10 10:49 - 2014-04-10 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-10 10:49 - 2014-04-10 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-07 13:14 - 2014-04-07 13:14 - 00002789 _____ () C:\Users\Public\Desktop\PhotoSun 14.lnk
    2014-04-07 13:14 - 2014-04-07 13:14 - 00000000 ____D () C:\Program Files (x86)\Micranes System
    2014-04-06 10:26 - 2014-04-06 10:26 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Alawar Entertainment
    2014-04-06 10:24 - 2014-04-06 10:24 - 00000000 ____D () C:\Games
    2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\SUPERSetup
    2014-04-03 09:05 - 2014-04-03 09:05 - 00000056 _____ () C:\Users\pamela\Desktop\ITV Player homepage - ITV Player.url
    2014-04-01 19:32 - 2014-04-01 19:32 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\DailyMagic
    2014-04-01 19:32 - 2014-04-01 19:32 - 00000000 ____D () C:\ProgramData\DailyMagic
    2014-04-01 19:27 - 2014-04-01 19:31 - 00000000 ____D () C:\Program Files (x86)\Dark Dimensions - Somber Song Collectors Edition
    2014-04-01 19:27 - 2014-04-01 19:27 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Dimensions - Somber Song Collectors Edition
    2014-04-01 12:58 - 2014-04-01 19:53 - 00001571 _____ () C:\Users\pamela\Desktop\music2pc - Shortcut.lnk
    2014-03-31 18:55 - 2014-03-31 18:55 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-03-31 18:55 - 2014-03-31 18:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-03-31 18:54 - 2014-03-31 18:54 - 00000197 _____ () C:\Windows\DirectX.log
    2014-03-31 18:54 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-03-31 18:54 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2014-03-31 18:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-03-31 18:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2014-03-31 18:52 - 2014-04-16 16:26 - 00000000 ____D () C:\Users\pamela\AppData\Local\Windows Live
    2014-03-31 14:00 - 2014-03-31 14:43 - 00010752 _____ () C:\Users\pamela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-03-30 17:37 - 2014-03-31 18:45 - 00000000 ____D () C:\Users\pamela\AppData\Local\WMTools Downloaded Files
    2014-03-30 17:12 - 2014-04-19 18:01 - 00000000 ____D () C:\Program Files (x86)\Windows Movie Maker
    2014-03-30 17:12 - 2008-06-27 10:49 - 00518064 _____ (Codejock Software) C:\Windows\SysWOW64\framework.ocx
    2014-03-30 17:11 - 2014-03-30 17:11 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\0W1L1G1Q1F2W1Bzz0D1F2W1G1I1F1T1Q1B
    2014-03-30 17:10 - 2014-03-30 17:10 - 06047463 _____ (win-movie-maker-free ) C:\Users\pamela\Downloads\windows-movie-maker-free.exe
    2014-03-30 17:05 - 2014-03-30 17:05 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\CyberLink
    2014-03-30 17:04 - 2014-03-30 17:04 - 00000000 ____D () C:\Users\pamela\AppData\Local\CyberLink
    2014-03-30 11:28 - 2014-03-30 11:28 - 00872506 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-03-30 11:26 - 2014-03-30 11:26 - 00001246 _____ () C:\Users\pamela\Desktop\ThunderSoft Video to GIF Converter.lnk
    2014-03-30 11:26 - 2014-03-30 11:26 - 00000000 ____D () C:\Program Files (x86)\ThunderSoft
    2014-03-30 10:53 - 2014-03-30 10:53 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\PoBros
    2014-03-30 10:53 - 2014-03-30 10:53 - 00000000 ____D () C:\ProgramData\PoBros
    2014-03-28 19:28 - 2014-03-28 19:28 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Brave Giant
    2014-03-27 16:08 - 2014-03-27 20:58 - 00002249 _____ () C:\Users\pamela\Desktop\lst of banners to do.txt
    2014-03-27 00:04 - 2014-04-17 18:32 - 00000000 ____D () C:\Users\pamela\Desktop\ADVERT GAMES
    2014-03-26 18:07 - 2014-04-17 10:20 - 00000999 _____ () C:\Users\Public\Desktop\Fotosizer.lnk
    2014-03-26 18:07 - 2014-03-26 18:07 - 00000000 ____D () C:\Program Files (x86)\Fotosizer
    2014-03-25 18:06 - 2014-03-25 18:07 - 00000000 ____D () C:\Users\Public\Documents\Cursed House
    2014-03-25 11:24 - 2014-03-25 11:24 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-03-25 11:23 - 2014-03-25 11:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-25 11:23 - 2014-03-25 11:24 - 00000000 ____D () C:\Program Files\iTunes
    2014-03-25 11:23 - 2014-03-25 11:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-03-25 11:23 - 2014-03-25 11:23 - 00000000 ____D () C:\Program Files\iPod
    2014-03-24 21:34 - 2014-03-24 21:34 - 00000000 ___RD () C:\Users\pamela\Documents\Notes
    2014-03-23 19:03 - 2014-03-23 19:03 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Anarchy
    2014-03-21 19:40 - 2014-03-21 19:40 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-21 19:39 - 2014-03-21 19:40 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-03-21 19:39 - 2014-03-21 19:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-03-21 17:47 - 2014-03-21 17:47 - 00000000 ____D () C:\ProgramData\Cateia Games
    2014-03-21 11:37 - 2014-03-21 11:38 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Magic Academy

    ==================== One Month Modified Files and Folders =======

    2021-10-21 14:36 - 2014-01-06 05:50 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
    2021-10-04 08:34 - 2014-01-06 05:50 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
    2014-04-20 17:57 - 2014-04-20 17:11 - 00019442 _____ () C:\Users\pamela\Desktop\FRST.txt
    2014-04-20 17:57 - 2014-04-20 17:11 - 00000000 ____D () C:\FRST
    2014-04-20 17:56 - 2014-04-20 17:56 - 00000000 ____D () C:\Users\pamela\Desktop\FRST-OlderVersion
    2014-04-20 17:56 - 2014-04-20 17:02 - 02056192 _____ (Farbar) C:\Users\pamela\Desktop\FRST64.exe
    2014-04-20 17:32 - 2014-01-06 05:27 - 01953290 _____ () C:\Windows\WindowsUpdate.log
    2014-04-20 17:18 - 2014-03-08 17:02 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-20 17:18 - 2014-03-08 14:49 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2138484092-3631122937-4138138785-1001
    2014-04-20 17:14 - 2014-04-20 17:13 - 00033964 _____ () C:\Users\pamela\Desktop\Addition.txt
    2014-04-20 17:12 - 2014-03-08 17:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-20 17:00 - 2014-03-11 15:17 - 01969152 ___SH () C:\Users\pamela\Desktop\Thumbs.db
    2014-04-20 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
    2014-04-20 16:28 - 2014-04-19 18:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-20 15:21 - 2014-03-08 15:01 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE2E084B-F609-420B-B3EF-787D92128DCC}
    2014-04-20 15:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
    2014-04-20 15:14 - 2014-03-08 17:14 - 00000000 ___RD () C:\Users\pamela\Desktop\SECURITY
    2014-04-20 15:07 - 2014-03-08 17:04 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-04-20 15:07 - 2014-03-08 17:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-20 15:07 - 2014-03-08 14:46 - 00000000 __RDO () C:\Users\pamela\SkyDrive
    2014-04-20 15:07 - 2014-03-08 14:42 - 00000000 ___RD () C:\Users\pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-20 15:07 - 2014-03-08 14:42 - 00000000 ___RD () C:\Users\pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-04-20 15:06 - 2013-11-27 10:55 - 00867660 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-20 15:01 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-20 15:00 - 2014-03-08 17:00 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-04-20 15:00 - 2014-03-08 14:40 - 00000000 ____D () C:\Users\pamela\AppData\Local\Pokki
    2014-04-20 15:00 - 2013-11-27 10:49 - 00365458 _____ () C:\Windows\PFRO.log
    2014-04-20 15:00 - 2013-08-22 15:44 - 00422416 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-04-20 14:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2014-04-20 14:56 - 2014-01-06 13:13 - 00000000 ____D () C:\Windows\en-GB
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\zh-HK
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\uk-UA
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\tr-TR
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\th-TH
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sl-SI
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sk-SK
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\ro-RO
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\migwiz
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\lv-LV
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\lt-LT
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\hr-HR
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\he-IL
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\et-EE
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\bg-BG
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\ar-SA
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
    2014-04-20 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
    2014-04-20 14:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
    2014-04-20 14:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-04-20 14:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Sysprep
    2014-04-20 14:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
    2014-04-20 14:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism
    2014-04-20 14:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\servicing
    2014-04-20 14:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
    2014-04-20 14:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
    2014-04-20 14:46 - 2014-04-20 14:33 - 00000000 ____D () C:\AdwCleaner
    2014-04-20 14:34 - 2014-01-06 06:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-04-20 14:11 - 2014-04-20 14:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-20 14:11 - 2014-04-20 14:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-20 14:02 - 2014-04-20 14:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-20 14:01 - 2014-04-20 14:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-20 14:01 - 2014-04-20 14:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-20 14:01 - 2014-04-20 14:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-20 14:01 - 2014-04-20 14:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-20 13:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-04-19 22:32 - 2014-03-10 11:37 - 00000000 ____D () C:\Users\pamela\AppData\Local\CrashDumps
    2014-04-19 21:55 - 2014-04-19 21:55 - 00000000 ____D () C:\Users\pamela\AppData\Local\ESET
    2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\ProgramData\ESET
    2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files\ESET
    2014-04-19 19:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\L2Schemas
    2014-04-19 18:56 - 2014-04-19 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-19 18:56 - 2014-03-08 17:13 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Malwarebytes
    2014-04-19 18:56 - 2014-03-08 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-19 18:55 - 2014-04-19 18:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\pamela\Documents\mbam-setup-2.0.1.1004.exe
    2014-04-19 18:36 - 2014-04-19 18:36 - 00009932 _____ () C:\Windows\system32\.crusader
    2014-04-19 18:36 - 2014-04-19 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-04-19 18:21 - 2014-04-19 18:21 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-04-19 18:02 - 2014-04-19 10:17 - 00014785 _____ () C:\Windows\SysWOW64\Fairy Forest.log
    2014-04-19 18:02 - 2014-03-09 14:40 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Everything
    2014-04-19 18:01 - 2014-03-30 17:12 - 00000000 ____D () C:\Program Files (x86)\Windows Movie Maker
    2014-04-19 10:17 - 2014-04-19 10:17 - 00000000 ____D () C:\Program Files (x86)\Fairy Forest 3D Screensaver
    2014-04-19 10:16 - 2014-04-19 10:16 - 00000000 ____D () C:\Users\pamela\Documents\FairyForest3DScreensaver
    2014-04-18 15:10 - 2014-04-18 15:10 - 00002111 _____ () C:\Users\pamela\Documents\to print letter from tuot for ellis - Shortcut.lnk
    2014-04-18 14:56 - 2014-03-12 12:31 - 00101424 _____ () C:\Users\pamela\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-04-18 14:33 - 2014-03-14 17:37 - 00246784 ___SH () C:\Users\pamela\Documents\Thumbs.db
    2014-04-18 11:49 - 2014-04-18 11:49 - 00001186 _____ () C:\Users\Public\Desktop\Wondershare Video Editor.lnk
    2014-04-18 11:49 - 2014-04-18 11:49 - 00000000 ____D () C:\Users\pamela\AppData\Local\Wondershare
    2014-04-18 11:48 - 2014-04-18 11:48 - 00000000 ____D () C:\Program Files (x86)\Wondershare
    2014-04-18 11:48 - 2014-04-18 11:46 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
    2014-04-17 18:52 - 2014-03-08 21:12 - 00000000 ____D () C:\BigFishCache
    2014-04-17 18:33 - 2014-04-17 18:33 - 00000355 _____ () C:\Users\pamela\Documents\Homegroup - Shortcut.lnk
    2014-04-17 18:32 - 2014-03-27 00:04 - 00000000 ____D () C:\Users\pamela\Desktop\ADVERT GAMES
    2014-04-17 17:09 - 2014-04-17 17:09 - 00000000 ____D () C:\Users\pamela\AppData\Local\Chronicles of Albian
    2014-04-17 17:05 - 2014-03-08 14:44 - 00000000 ____D () C:\Users\pamela\AppData\Local\clear.fi
    2014-04-17 17:04 - 2014-03-14 00:01 - 00000000 ____D () C:\GameHouse Games
    2014-04-17 17:04 - 2014-03-14 00:00 - 00000000 ____D () C:\Program Files (x86)\RealArcade
    2014-04-17 10:37 - 2014-03-08 21:15 - 00000000 ___RD () C:\Users\pamela\Desktop\GAMES
    2014-04-17 10:20 - 2014-03-26 18:07 - 00000999 _____ () C:\Users\Public\Desktop\Fotosizer.lnk
    2014-04-16 16:26 - 2014-03-31 18:52 - 00000000 ____D () C:\Users\pamela\AppData\Local\Windows Live
    2014-04-13 22:30 - 2014-03-16 11:17 - 00000000 ____D () C:\Users\pamela\Desktop\GIVEAWAY FULL GAMES
    2014-04-13 14:16 - 2014-04-13 13:29 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\ElementalsTheMagicKey
    2014-04-13 13:28 - 2014-03-16 11:21 - 00000000 ____D () C:\Program Files (x86)\Playrix Entertainment
    2014-04-12 19:47 - 2014-04-12 19:47 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\YoudaGames
    2014-04-12 10:11 - 2014-04-12 10:11 - 00000000 ____D () C:\Users\pamela\AppData\Local\BolideSoftware
    2014-04-12 10:09 - 2014-04-12 10:09 - 00001055 _____ () C:\Users\pamela\Desktop\Slideshow Creator.lnk
    2014-04-12 10:09 - 2014-04-12 10:09 - 00000000 ____D () C:\Program Files (x86)\Slideshow Creator
    2014-04-10 20:07 - 2014-03-11 00:09 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-10 20:04 - 2014-03-11 00:08 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-10 11:07 - 2013-08-22 14:25 - 00000220 _____ () C:\Windows\win.ini
    2014-04-10 10:49 - 2014-04-10 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-10 10:49 - 2014-04-10 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-07 13:14 - 2014-04-07 13:14 - 00002789 _____ () C:\Users\Public\Desktop\PhotoSun 14.lnk
    2014-04-07 13:14 - 2014-04-07 13:14 - 00000000 ____D () C:\Program Files (x86)\Micranes System
    2014-04-06 10:26 - 2014-04-06 10:26 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Alawar Entertainment
    2014-04-06 10:24 - 2014-04-06 10:24 - 00000000 ____D () C:\Games
    2014-04-03 14:59 - 2014-04-03 14:59 - 00000000 ____D () C:\ProgramData\SUPERSetup
    2014-04-03 09:51 - 2014-04-19 18:56 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-03 09:51 - 2014-04-19 18:56 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2014-03-08 17:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-03 09:05 - 2014-04-03 09:05 - 00000056 _____ () C:\Users\pamela\Desktop\ITV Player homepage - ITV Player.url
    2014-04-02 23:05 - 2014-03-08 14:40 - 00000000 ____D () C:\Users\pamela
    2014-04-01 22:47 - 2014-03-09 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
    2014-04-01 19:56 - 2014-03-16 11:18 - 00000000 ____D () C:\Users\pamela\Desktop\PAID FOR FULL GAMES
    2014-04-01 19:53 - 2014-04-01 12:58 - 00001571 _____ () C:\Users\pamela\Desktop\music2pc - Shortcut.lnk
    2014-04-01 19:32 - 2014-04-01 19:32 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\DailyMagic
    2014-04-01 19:32 - 2014-04-01 19:32 - 00000000 ____D () C:\ProgramData\DailyMagic
    2014-04-01 19:31 - 2014-04-01 19:27 - 00000000 ____D () C:\Program Files (x86)\Dark Dimensions - Somber Song Collectors Edition
    2014-04-01 19:27 - 2014-04-01 19:27 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Dimensions - Somber Song Collectors Edition
    2014-03-31 22:23 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-31 22:23 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-31 19:13 - 2014-03-08 17:02 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-03-31 19:13 - 2014-03-08 17:02 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-03-31 18:55 - 2014-03-31 18:55 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-03-31 18:55 - 2014-03-31 18:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-03-31 18:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-03-31 18:54 - 2014-03-31 18:54 - 00000197 _____ () C:\Windows\DirectX.log
    2014-03-31 18:45 - 2014-03-30 17:37 - 00000000 ____D () C:\Users\pamela\AppData\Local\WMTools Downloaded Files
    2014-03-31 14:43 - 2014-03-31 14:00 - 00010752 _____ () C:\Users\pamela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-03-31 14:16 - 2014-03-12 12:48 - 00000101 _____ () C:\Users\pamela\AppData\Roaming\WB.CFG
    2014-03-30 17:11 - 2014-03-30 17:11 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\0W1L1G1Q1F2W1Bzz0D1F2W1G1I1F1T1Q1B
    2014-03-30 17:10 - 2014-03-30 17:10 - 06047463 _____ (win-movie-maker-free ) C:\Users\pamela\Downloads\windows-movie-maker-free.exe
    2014-03-30 17:05 - 2014-03-30 17:05 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\CyberLink
    2014-03-30 17:05 - 2014-01-06 06:15 - 00000000 ____D () C:\ProgramData\CyberLink
    2014-03-30 17:04 - 2014-03-30 17:04 - 00000000 ____D () C:\Users\pamela\AppData\Local\CyberLink
    2014-03-30 11:28 - 2014-03-30 11:28 - 00872506 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-03-30 11:26 - 2014-03-30 11:26 - 00001246 _____ () C:\Users\pamela\Desktop\ThunderSoft Video to GIF Converter.lnk
    2014-03-30 11:26 - 2014-03-30 11:26 - 00000000 ____D () C:\Program Files (x86)\ThunderSoft
    2014-03-30 10:53 - 2014-03-30 10:53 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\PoBros
    2014-03-30 10:53 - 2014-03-30 10:53 - 00000000 ____D () C:\ProgramData\PoBros
    2014-03-28 19:28 - 2014-03-28 19:28 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Brave Giant
    2014-03-28 16:54 - 2014-03-14 21:23 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Boomzap
    2014-03-28 11:09 - 2014-03-08 19:31 - 00000000 ___RD () C:\Users\pamela\Desktop\TEB Details and Bank Balace
    2014-03-27 20:58 - 2014-03-27 16:08 - 00002249 _____ () C:\Users\pamela\Desktop\lst of banners to do.txt
    2014-03-26 18:07 - 2014-03-26 18:07 - 00000000 ____D () C:\Program Files (x86)\Fotosizer
    2014-03-26 11:16 - 2014-03-12 11:47 - 00001250 _____ () C:\Users\Public\Desktop\Image Converter.lnk
    2014-03-25 23:55 - 2014-03-08 17:51 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Apple Computer
    2014-03-25 18:07 - 2014-03-25 18:06 - 00000000 ____D () C:\Users\Public\Documents\Cursed House
    2014-03-25 16:57 - 2014-03-17 19:47 - 00000000 ____D () C:\Users\pamela\Documents\Bluetooth Folder
    2014-03-25 11:24 - 2014-03-25 11:24 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-03-25 11:24 - 2014-03-25 11:23 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-25 11:24 - 2014-03-25 11:23 - 00000000 ____D () C:\Program Files\iTunes
    2014-03-25 11:24 - 2014-03-25 11:23 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-03-25 11:23 - 2014-03-25 11:23 - 00000000 ____D () C:\Program Files\iPod
    2014-03-25 11:19 - 2014-03-08 17:49 - 00000000 ____D () C:\ProgramData\Apple
    2014-03-24 21:34 - 2014-03-24 21:34 - 00000000 ___RD () C:\Users\pamela\Documents\Notes
    2014-03-23 19:03 - 2014-03-23 19:03 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Anarchy
    2014-03-22 19:02 - 2014-03-14 15:53 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\ERS Game Studios
    2014-03-22 10:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
    2014-03-21 19:40 - 2014-03-21 19:40 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-21 19:40 - 2014-03-21 19:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-03-21 19:39 - 2014-03-21 19:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-03-21 17:47 - 2014-03-21 17:47 - 00000000 ____D () C:\ProgramData\Cateia Games
    2014-03-21 12:39 - 2014-03-08 14:42 - 00000000 ____D () C:\Users\pamela\AppData\Local\Packages
    2014-03-21 12:02 - 2014-03-10 23:50 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\WildTangent
    2014-03-21 12:02 - 2013-11-27 11:12 - 00000000 ____D () C:\ProgramData\WildTangent
    2014-03-21 12:02 - 2013-11-27 11:12 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
    2014-03-21 11:38 - 2014-03-21 11:37 - 00000000 ____D () C:\Users\pamela\AppData\Roaming\Magic Academy

    Some content of TEMP:
    ====================
    C:\Users\pamela\AppData\Local\Temp\13751uninstall.exe
    C:\Users\pamela\AppData\Local\Temp\1_flashplayer.exe
    C:\Users\pamela\AppData\Local\Temp\bstrapInstall.exe
    C:\Users\pamela\AppData\Local\Temp\InstHelper.exe
    C:\Users\pamela\AppData\Local\Temp\octEB90.tmp.exe
    C:\Users\pamela\AppData\Local\Temp\octF4A6.tmp.exe
    C:\Users\pamela\AppData\Local\Temp\Quarantine.exe
    C:\Users\pamela\AppData\Local\Temp\Sqlite3.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe
    [2014-04-20 14:29] - [2014-02-22 16:50] - 2373784 ____A (Microsoft Corporation) 4CE0C733CDCF1D2F78532BBD9CE3441D

    C:\Windows\SysWOW64\explorer.exe
    [2014-04-20 14:29] - [2014-02-22 15:18] - 2088160 ____A (Microsoft Corporation) E0C84A30581BC508E289E4371A723F58

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-18 11:03

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014
    Ran by pamela at 2014-04-20 17:13:08
    Running from C:\Users\pamela\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
    Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
    Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
    Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
    Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
    Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Annie's Millions (HKLM-x32\...\Annie's Millions_is1) (Version: 1.0 - Playrix Entertainment)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Book Design Wizard 2.0.3 (HKLM-x32\...\Book Design Wizard) (Version: 2.0.3 - Jera Web Creations, LLC)
    Chronicles of Albian - The Magic Convention (HKLM-x32\...\febc51d6b6e48426b090de756773725c) (Version: - GameHouse)
    Cursed House (HKLM-x32\...\3041c3864cd3da554132b5ccc9f6328f) (Version: - GameHouse)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
    CyberLink PowerDVD 12 (x32 Version: 12.0.3323.57 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dance of Death (HKLM-x32\...\ce178232f23ae726198db9037b5cca7f) (Version: - GameHouse)
    Dark Dimensions: Somber Song Collector's Edition (HKLM-x32\...\BFG-Dark Dimensions - Somber Song Collectors Edition) (Version: - )
    eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
    Elementals - The Magic Key (HKLM-x32\...\Elementals - The Magic Key_is1) (Version: - Playrix Entertainment)
    EPSON XP-312 313 315 Series Printer Uninstall (HKLM\...\EPSON XP-312 313 315 Series) (Version: - SEIKO EPSON Corporation)
    ESET NOD32 Antivirus (HKLM\...\{89B0ECE0-A41F-4A45-98D9-D54C74338117}) (Version: 7.0.302.26 - ESET, spol s r. o.)
    ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
    Everything 1.3.3.658 (x64) (HKLM\...\Everything) (Version: - )
    Facebook (HKCU\...\Pokki_a65116cdc0b4377bed428e280c19949d56248d11) (Version: 1.1.2.54251 - Pokki)
    Fairway™ (HKLM-x32\...\BFG-Fairway) (Version: - )
    Fairy Forest 3D Screensaver and Animated Wallpaper 1.0 (HKLM-x32\...\Fairy Forest 3D Screensaver and Animated Wallpaper_is1) (Version: 1.0 - 3Planesoft)
    FolderIco 2.0 (HKLM\...\{22C37D82-6137-40BF-8625-7A846ED65F3A}_is1) (Version: - teorex)
    Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
    Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Hide & Secret - The Lost World (HKLM-x32\...\3267dcfe1feb9807a01bbf358ae0ed07) (Version: - GameHouse)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
    Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
    Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
    Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
    Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
    Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Legacy Tales - Mercy of the Gallows (HKLM-x32\...\af90cf622e39d90badd8ecf44aa03d96) (Version: - GameHouse)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
    Midnight Castle (HKLM-x32\...\BFG-Midnight Castle) (Version: - )
    Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
    Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
    Nero ControlCenter (x32 Version: 11.0.15900 - Nero AG) Hidden
    Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.20900 - Nero AG) Hidden
    Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
    Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
    Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
    Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
    Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
    Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    PhotoFiltre (HKCU\...\PhotoFiltre) (Version: - )
    PhotoSun 14 (HKLM-x32\...\{EEB5BBB5-C25C-43BF-8EED-A5967C351E76}) (Version: 2.0.0 - Micranes System)
    Poetry Book Creator 2.0 (HKLM-x32\...\Poetry Book Creator) (Version: 2.0 - Jera Web Creations, LLC)
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
    Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.89 (HKLM-x32\...\Revo Uninstaller) (Version: 1.89 - VS Revo Group)
    Shadow Wolf Mysteries: Cursed Wedding (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Cursed Wedding) (Version: - )
    Shadow Wolf Mysteries: Cursed Wedding Strategy Guide (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Cursed Wedding Strategy Guide) (Version: - )
    Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 2.2 - Bolide Software)
    Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
    Special Enquiry Detail - The Hand That Feeds (HKLM-x32\...\e5352c467fe4f9cac38b2ef69337be50) (Version: - GameHouse)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
    Tales From The Dragon Mountain - The Strix (HKLM-x32\...\8adc348cb23a5a28aac774e079515f4b) (Version: - GameHouse)
    The Lost Kingdom Prophecy (HKLM-x32\...\The Lost Kingdom Prophecy_is1) (Version: - Playrix Entertainment)
    ThunderSoft Video to GIF Converter (1.3.1.0) (HKLM-x32\...\ThunderSoft Video to GIF Converter_is1) (Version: 1.3.1.0 - ThunderSoft)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version: - win-movie-maker-free)
    Windows Movie Maker Packages (HKCU\...\Windows Movie Maker Packages) (Version: - ) <==== ATTENTION
    Wondershare Video Editor(Build 3.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
    YouTube (HKCU\...\Pokki_d25e316a7812ebb3c4f8e18291ce53ba535b8659) (Version: 1.0.9.53204 - Pokki)

    ==================== Restore Points =========================

    04-04-2014 12:20:33 Windows Update
    07-04-2014 12:14:08 Installed PhotoSun 14 .
    10-04-2014 19:04:01 Windows Update
    19-04-2014 18:50:55 Revo Uninstaller's restore point - avast! Free Antivirus

    ==================== Hosts content: ==========================

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {39F97378-9FE6-4A41-98E6-3F062E2ECBA8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {40DF009F-8597-49AA-A3FF-888917BD4D6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-04-10] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {4BDD6A9C-D9A8-427A-A428-9C0CAC4DC919} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-02-13] (Acer Incorporated)
    Task: {5633181E-D165-4378-A50B-A3890AEDFDF2} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {58756C8D-4AF1-4D1C-A1EB-EE6B62D44759} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {5CF7D427-668E-49E8-9E4A-3DDCDA2738FD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
    Task: {63628C44-8485-4BA4-89E2-75063B675B6D} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
    Task: {63BD284B-10B0-4223-9174-A661810C903F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {6EA775D7-9A79-4328-A1D8-B1B5975037E5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {915228EE-5225-4FA6-95F9-06DA09A4FFCE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {9D741E29-0310-41AF-BDED-07D44DFAF1B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08] (Google Inc.)
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {A759829F-F27B-483E-8ED2-BE7221ECDDFF} - \MySearchDial No Task File <==== ATTENTION
    Task: {CE4E985C-2A0B-4D7F-8427-3143897146F1} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E278DD3D-702E-4725-B809-8798C6B8A339} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08] (Google Inc.)
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {F8772AE8-3BB3-4528-A26A-F12AB444D841} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
    Task: {F8EBE41B-686A-4A37-BE70-83DCEAD2ADFF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-09 14:40 - 2013-06-26 05:30 - 01357824 _____ () C:\Program Files\Everything\Everything.exe
    2014-01-06 06:16 - 2013-07-30 19:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2013-09-07 02:48 - 2013-09-07 02:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-07 02:45 - 2013-09-07 02:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-07 02:52 - 2013-09-07 02:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    2014-01-06 05:30 - 2014-01-06 05:30 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00030208 _____ () C:\Windows\system32\WinMetadata\Windows.Foundation.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00096256 _____ () C:\Windows\system32\WinMetadata\Windows.Storage.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
    2014-04-01 11:28 - 2014-04-01 11:29 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00054784 _____ () C:\Windows\system32\WinMetadata\Windows.Globalization.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00134144 _____ () C:\Windows\system32\WinMetadata\Windows.ApplicationModel.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00066560 _____ () C:\Windows\system32\WinMetadata\Windows.Security.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00020480 _____ () C:\Windows\system32\WinMetadata\Windows.System.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00112640 _____ () C:\Windows\system32\WinMetadata\Windows.Networking.winmd
    2014-03-10 16:53 - 2014-03-10 19:07 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe\SqliteWrapper.winmd
    2014-03-10 16:53 - 2014-03-10 19:07 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe\SqliteWrapper.dll
    2014-01-06 05:30 - 2014-01-06 05:30 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe\Sqlite3.dll
    2013-08-22 08:19 - 2013-08-22 07:54 - 00093696 _____ () C:\Windows\system32\WinMetadata\Windows.Web.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00049664 _____ () C:\Windows\system32\WinMetadata\Windows.Graphics.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
    2013-08-22 08:19 - 2013-08-22 07:54 - 00169472 _____ () C:\Windows\system32\WinMetadata\Windows.Devices.winmd
    2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-18 11:49 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2014-04-18 11:49 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:02DD996C
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:30A9192A
    AlternateDataStreams: C:\ProgramData\Temp:38534D53
    AlternateDataStreams: C:\ProgramData\Temp:7687A3E3
    AlternateDataStreams: C:\ProgramData\Temp:83FC7696
    AlternateDataStreams: C:\ProgramData\Temp:8C8D234C
    AlternateDataStreams: C:\ProgramData\Temp:8D565A9B
    AlternateDataStreams: C:\ProgramData\Temp:991283D0
    AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4
    AlternateDataStreams: C:\ProgramData\Temp:AC9F291E
    AlternateDataStreams: C:\ProgramData\Temp:B3606FCC
    AlternateDataStreams: C:\ProgramData\Temp:C5A156B6
    AlternateDataStreams: C:\ProgramData\Temp:D987CB43
    AlternateDataStreams: C:\Users\pamela\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/20/2014 03:17:48 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database

    Error: (04/20/2014 02:44:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PAMSLAPTOP)
    Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (04/20/2014 09:32:24 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 37429078

    Error: (04/20/2014 09:32:24 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 37429078

    Error: (04/20/2014 09:32:24 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/19/2014 11:08:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PAMSLAPTOP)
    Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (04/19/2014 10:44:37 PM) (Source: Application Hang) (User: )
    Description: The program BackgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 18dc

    Start Time: 01cf5c177d343b21

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\BackgroundTaskHost.exe

    Report Id: ca3f22e0-c80b-11e3-826e-40f02fc179e2

    Faulting package full name: Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: AppexNews

    Error: (04/19/2014 10:32:08 PM) (Source: Application Error) (User: )
    Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
    Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c35a76
    Exception code: 0xc0000005
    Fault offset: 0x0003ea02
    Faulting process ID: 0x6b4
    Faulting application start time: 0xbfgclient.exe0
    Faulting application path: bfgclient.exe1
    Faulting module path: bfgclient.exe2
    Report ID: bfgclient.exe3
    Faulting package full name: bfgclient.exe4
    Faulting package-relative application ID: bfgclient.exe5

    Error: (04/19/2014 10:32:01 PM) (Source: Application Error) (User: )
    Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
    Faulting module name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
    Exception code: 0xc0000005
    Fault offset: 0x001f804f
    Faulting process ID: 0x17fc
    Faulting application start time: 0xbfgclient.exe0
    Faulting application path: bfgclient.exe1
    Faulting module path: bfgclient.exe2
    Report ID: bfgclient.exe3
    Faulting package full name: bfgclient.exe4
    Faulting package-relative application ID: bfgclient.exe5

    Error: (04/19/2014 06:33:38 PM) (Source: Application Hang) (User: )
    Description: The program BackgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1788

    Start Time: 01cf5bf3a0bcdce8

    Termination Time: 4294967295

    Application Path: C:\Windows\System32\BackgroundTaskHost.exe

    Report Id: 94f334b2-c7e7-11e3-826c-40f02fc179e2

    Faulting package full name: Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: AppexNews


    System errors:
    =============
    Error: (04/20/2014 03:12:20 PM) (Source: NetBT) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.80.
    The computer with the IP address 192.168.1.253 did not allow the name to be claimed by
    this computer.

    Error: (04/20/2014 03:07:10 PM) (Source: NetBT) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.80.
    The computer with the IP address 192.168.1.253 did not allow the name to be claimed by
    this computer.

    Error: (04/20/2014 03:06:52 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (04/20/2014 03:04:52 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (04/20/2014 03:04:10 PM) (Source: WMPNetworkSvc) (User: )
    Description: 0x80070005

    Error: (04/20/2014 03:04:10 PM) (Source: WMPNetworkSvc) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/3626705403/

    Error: (04/20/2014 03:04:10 PM) (Source: WMPNetworkSvc) (User: )
    Description: 0x80070005

    Error: (04/20/2014 03:04:10 PM) (Source: WMPNetworkSvc) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/3626705403/

    Error: (04/20/2014 03:03:07 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
    Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

    Error: (04/20/2014 03:02:53 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
    Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.


    Microsoft Office Sessions:
    =========================
    Error: (04/20/2014 03:17:48 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
    Description: -2147024883

    Error: (04/20/2014 02:44:32 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PAMSLAPTOP)
    Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

    Error: (04/20/2014 09:32:24 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 37429078

    Error: (04/20/2014 09:32:24 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 37429078

    Error: (04/20/2014 09:32:24 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/19/2014 11:08:30 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PAMSLAPTOP)
    Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

    Error: (04/19/2014 10:44:37 PM) (Source: Application Hang)(User: )
    Description: BackgroundTaskHost.exe6.3.9600.1638418dc01cf5c177d343b214294967295C:\Windows\System32\BackgroundTaskHost.execa3f22e0-c80b-11e3-826e-40f02fc179e2Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbweAppexNews

    Error: (04/19/2014 10:32:08 PM) (Source: Application Error)(User: )
    Description: bfgclient.exe3.3.0.253179a91ntdll.dll6.3.9600.1650252c35a76c00000050003ea026b401cf5c16cc8cb4afC:\Program Files (x86)\bfgclient\bfgclient.exeC:\Windows\SYSTEM32\ntdll.dll0e8bc93c-c80a-11e3-826e-40f02fc179e2

    Error: (04/19/2014 10:32:01 PM) (Source: Application Error)(User: )
    Description: bfgclient.exe3.3.0.253179a91bfgclient.exe3.3.0.253179a91c0000005001f804f17fc01cf5c16c9888f16C:\Program Files (x86)\bfgclient\bfgclient.exeC:\Program Files (x86)\bfgclient\bfgclient.exe0ac94347-c80a-11e3-826e-40f02fc179e2

    Error: (04/19/2014 06:33:38 PM) (Source: Application Hang)(User: )
    Description: BackgroundTaskHost.exe6.3.9600.16384178801cf5bf3a0bcdce84294967295C:\Windows\System32\BackgroundTaskHost.exe94f334b2-c7e7-11e3-826c-40f02fc179e2Microsoft.BingNews_3.0.2.243_x64__8wekyb3d8bbweAppexNews


    ==================== Memory info ===========================

    Percentage of memory in use: 44%
    Total physical RAM: 3979.34 MB
    Available physical RAM: 2206.09 MB
    Total Pagefile: 4683.34 MB
    Available Pagefile: 2695.1 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:448.69 GB) (Free:385.91 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 43B43B55)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     

    Attached Files:

    Last edited by a moderator: Apr 20, 2014
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi joelle and welcome to CHF.

    I'm suspecting that most of the Adware on the system has come bundled with the 'Free' programs/games you have installed.
    A lot of it has been cleaned, but there is still more work to do.
    There is also a lot of McAfee files on the system.... but no McAfee installed.
    I take it that it was installed awhile back, if so the remnants need removing.

    Recommendation.
    If SuperAntiSpyware is the free version it doesn't need to start when Windows starts.
    You can start it manually when you need to do a scan.

    To change this:
    Restart SuperAntiSpyware...
    Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
    Then click Close. and then Close on the next screen to exit the program.


    Step 1
    Please try and uninstall the following programs:
    Image Editor Packages
    Windows Movie Maker Packages


    Let me know of any problems when trying to remove these.


    Step 2
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 3
    There are settings to remove in Google Chrome, but it's always better to do this from the program itself
    It gets messed up very easily.

    To reset Google Chrome
    • Click the Menu option button at the top right of the Google Chrome screen
    • Select Settings.
    • Click Show advanced settings and find the "Reset browser settings” section.
    • Click Reset browser settings.
    • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.


    Step 4
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Disabling Eset is usually done via a right click on the System Tray icon.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    In your next reply, please submit:
    Fixlog.txt
    JRT.txt
    and let me know if the system is running any better yet.


    Thanks.
     

    Attached Files:

    Last edited: Apr 20, 2014
  3. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    Thank you for your reply. I have removed the image editor program, no problem. I have removed as far as I know the Windows Movie maker packages,
    I re ran the FRST but did not need to click on fix it just posted the file on my desktop (attaching file) now I will do the Chrome. I have fixed Chrome and will run the Junkware removal tomorrow morning. Thank you for your advice
     

    Attached Files:

  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Please re-read my previous post about saving the fixlist.txt and running the fix.
    It's not another scan that i need.

    Thanks
     
  5. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    I'm sorry, this is the log
     

    Attached Files:

  6. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    and this is the JRT file, I will et you know how I get on and it seems I must avoid the games downloads now, thank you again
     

    Attached Files:

    • JRT.txt
      File size:
      890 bytes
      Views:
      17
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi joelle,

    Thanks for those reports.
    The FRST fix ran ok and JRT cleaned up a few more items for us.

    Yes, if they showed any items that needed deleting or putting into quarantine i'd like to see them.
    So far it's only Adware that has been showing, the other reports may show other infections that we need to be aware of.

    The problem is that the vendors of these free games/software will try to add 3rd party programs in an aid to making money for themselves.
    There is usually a notification that 3rd party software will be installed and you usually have to untick this option during the install process.
    Sometimes they will say that they recommend that you add this software........ it's all rubbish as it's not needed.
    Another big problem is that some of the download sites (Cnet etc) will recommend that you use their downloader for the software.... this again is rubbish as the downloader will be full of this Adware.

    Thanks
     
  8. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    Good morning, all seems to be running well just now thank you.Here are the snips I took yesterday morning before I was directed to you. I was wondering would it be better if I got rid of Chrome and google search and used IE that was installed on my laptop along with Bing search?
     

    Attached Files:

  9. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi joelle,

    Those detections are only Adware connected, so nothing serious.
    Those have all been dealt with now.

    Chrome is ok as a browser.
    When i said earlier....
    I was referring to fixing the Chrome settings.
    If we try and use our tools to reset Chrome, it tends to mess things up.
    That's why we use the settings within Chrome itself to make the changes.
    IE has come a long way in recent years and is quite a good browser now.
    Even on IE i tend to use the Google search though instead of Bing. (just more search results on Google ).
    You can add the Google search to IE if you want.

    Google Chrome can be removed, or left it doesn't matter as you can have multiple browsers installed.

    Let's just run a double check on your system now before we say it's sorted.

    Download RogueKiller and save it to your desktop.
    • Close all running processes (security programs etc )
    • Double click RogueKiller icon to run the program
      Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
    • Wait for the Prescan to finish.
    • Now click the Scan button.
    • Please copy and paste the report in your next reply.
    A copy of the RKreport.txt can be found on your desktop.

    Note:
    If RogueKiller is blocked, do not hesitate to try running it again.
    If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

    Thanks
     
  10. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    This is the report Starbuck, do I delete the ones it found?
     

    Attached Files:

  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi joelle,

    Not all of them.
    Some are just user set entries.

    • Close all the running processes
    • Double click the RogueKiller icon to run the program again.
      Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
    • Wait for the Prescan to finish.
      Just leave the following items ticked:
      [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
      [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

      Untick the rest.
    • Now click the Delete button.
    • Please copy and paste the report in your next reply.
    A copy of the RKreport.txt can be found on your desktop.

    Thanks
     
  12. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    Thank you again, here is the report
     

    Attached Files:

  13. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi joelle,

    That's good. :)

    Everything seems fine now...... there was nothing serious, just Adware items.
    If you are happy with the system we can remove the tools we used and finish cleaning up.

    Step 1
    Restart MBAM.
    Click on the History tab >> Quarantine
    Tick to select any items and then click the Delete button.
    Close MBAM


    Step 2
    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.


    Step 3
    Rogue Killer, JRT and FRST can be removed by right clicking on the Desktop icon/reports and selecting delete.
    There is also a folder located at C:\FRST.
    Right click on this folder and select delete to remove the quarantine items and saved reports.

    As Hitman Pro is only a 30 day trial, i recommend this is uninstalled as well.

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Use an AntiVirus Software

    Only install one AntiVirus program

    Update your AntiVirus Software regularly

    Use a Firewall

    Only install one software Firewall


    Scan regularly with a 'Stand Alone' Anti-Malware scanner:
    Installing another scanner that you can run once or twice a week is always beneficial.
    Something like:
    Malwarebytes Anti-Malware
    SUPERAntiSypware
    Remember to update these programs each time before running.
    You can install more than one of these if you only run them as stand alone programs.

    Use an alternative browser to Internet Explorer:
    Some excellent alternatives to MS Internet Explorer are:

    Firefox
    For added security, add the NoScript extension to this browser:
    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
    also consider adding:
    WOT - Safe Browsing Tool

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
    Btw: you don't have to make a contribution.

    Opera

    They offer better security, more stability, and better speed.

    Keep a backup of your registry
    Keeping a regular backup of your registry will help when something goes wrong.
    Use a program like:
    Erunt

    A full tutorial on how to set up and use Erunt can be found here:
    Erunt tutorial

    Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:
    Windows temp files
    Current user temp files
    Cookies
    Temporary Internet flies
    Browser history
    Recycle bin
    Etc.......
    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
    Programs like:
    TFC by OldTimer
    ATF Cleaner

    Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
    Alternatively, turn on the Automatic Updates.

    Peer to Peer programs
    Don't be tempted to use Peer to Peer programs.
    Many of the downloads are bundled with malware.

    Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

    Follow this list and your potential for being infected again will reduce dramatically.

    Glad I was able to help.

    Safe surfing. 200636f9a90a19cb85ecf0ba93831af6.gif
     
  14. joelle

    joelle Registered Members

    Joined:
    Apr 20, 2014
    Messages:
    30
    Operating System:
    Windows 8
    Thank you very much Starbuck. I appreciate your time and help. I will do this now.
     

Share This Page